[WEB SECURITY] Remote File Include Exploit

Ory Segal osegal at watchfire.com
Tue Jun 27 08:09:39 EDT 2006


If I am not mistaken, it is mentioned here:
http://www.owasp.org/index.php/PHP_Top_5#P1:_Remote_Code_Execution
 
Cheers,
 
Ory Segal
Director of Security Research
Watchfire (Israel) LTD.
Tel: +972-9-9586077, Ext.236
Mobile: +972-54-7739359
e-mail: osegal at watchfire.com <BLOCKED::mailto:osegal at watchfire.com> 


________________________________

From: Josh L. Perrymon [mailto:joshuaperrymon at gmail.com] 
Sent: Tuesday, June 27, 2006 09:44
To: websecurity at webappsec.org
Subject: [WEB SECURITY] Remote File Include Exploit


Hey Guys,
 
I was doing some reading on your site about current application
vulnerability classifications..
 
What about Remote File include exploits? I hahve been seeing a lot of
these exploits appear lately in .php based sites.. is this something new
or more of a configuration/coding error?
I have noticed a lot of hackers using C99 and R57 php shells to control
the server remotely. 
 
Cheers,
Joshua Perrymon
CEO
Packet Focus
www.packetfocus.com
josh.perrymon at packetfocus.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20060627/5c7f0e7d/attachment.html>


More information about the websecurity mailing list