[WEB SECURITY] Remote File Include Exploit
Andrew van der Stock
vanderaj at greebo.net
Tue Jun 27 08:27:03 EDT 2006
This is due mostly to PHP's defaults, and then partially due to
insufficient validation by the coder of untrusted input. Most PHP
coders are simply unaware of the abilities of two key PHP features:
a) using the many functions which support URLs
b) using PHP wrapper compatible functions.
Most functions which are compatible with these do NOT mention it. You
have to be aware that it exists and can be used.
If allow_url_fopen was off, and PHP wrappers were disabled by
default, the amount of PHP programs which remain vulnerable would be
vastly smaller - basically those which did not sanitize data being
sent to system() and eval() and any other function which has the
ability to use remote files.
On 27/06/2006, at 4:44 PM, Josh L. Perrymon wrote:
> Hey Guys,
> I was doing some reading on your site about current application
> vulnerability classifications..
> What about Remote File include exploits? I hahve been seeing a lot
> of these exploits appear lately in .php based sites.. is this
> something new or more of a configuration/coding error?
> I have noticed a lot of hackers using C99 and R57 php shells to
> control the server remotely.
> Joshua Perrymon
> Packet Focus
> josh.perrymon at packetfocus.com
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2234 bytes
Desc: not available
More information about the websecurity