Topics
Tags
Favorite Links
Translate
Pick Your Language
Security Books
Archives
Recent entries...
Twitter
Sponsored Ads
Popular Pages
Sponsored Ads
The Web Security Mailing List

« Revising netflix's CSRF | Main | Security Vendor Kasperky Hacked Via SQL Injection »

PHP filesystem attack vectors

ascii writes

"On Apr 07, 2008 I spoke with Kuza55 and Wisec about an attack I found some time before that was a new attack vector for filesystem functions (fopen, (include|require)[_once]?, file_(put|get)_contents, etc) for the PHP language. It was a path normalization issue and I asked them to keep it “secret” [4], this was a good idea cause my analisys was mostly incomplete and erroneous but the idea was good and the bug was real and disposable."

Read more: http://www.ush.it/2009/02/08/php-filesystem-attack-vectors/

Posted by Robert A. on 02/07/2009 in Research , Vulns | Permalink | Reddit

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.


All Comments are Moderated and will be delayed!


Post a comment







Remember personal info?


Copyright 2000-2009 CGISecurity.com | Privacy Policy| java mailing list| resolve ip| Mailing Lists | Sony deals