State of the Art Post Exploitation in Hardened PHP ...
State of the Art Post Exploitation in
Hardened PHP Environments
Stefan Esser
Who am I?
Stefan Esser
?
from Cologne/Germany
?
Information Security since 1998
?
PHP Core Developer since 2001
?
Month of PHP Bugs & Suhosin
?
Head of Research & Development at SektionEins GmbH
Stefan Esser ? State of the Art Post Exploitation in Hardened PHP Environments ? July 2009 ?
2
Part I
Introduction
Stefan Esser ? State of the Art Post Exploitation in Hardened PHP Environments ? July 2009 ?
3
Introduction (I)
? PHP applications are often vulnerable to remote PHP code execution
? File/URL Inclusion vulnerabilities
? PHP file upload
? Injection into eval(), create_function(), preg_replace()
? Injection into call_user_func() parameters
? executed PHP code can do whatever it wants on insecure web servers
Stefan Esser ? State of the Art Post Exploitation in Hardened PHP Environments ? July 2009 ?
4
Introduction (II)
? post exploitation is a lot harder when the PHP environment is hardened
? more and more PHP environments are hardened by default
? executed PHP code is very limited in possibilities
? taking control over a hardened server is a challenge
Stefan Esser ? State of the Art Post Exploitation in Hardened PHP Environments ? July 2009 ?
5
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related searches
- the art of the question
- state of the us economy
- current state of the us economy
- current state of the economy
- state of the church sermon
- michigan state of the state
- michigan governor state of the state speech
- michigan state of the state address 2021
- present state of the economy
- michigan state of the state whitmer
- governor gretchen whitmer state of the state
- governor whitmer s state of the state recorded