From: Gareth Davies (gareth.davies@mynetsec.com)
Date: Tue Oct 17 2006 - 00:47:35 EDT
Joseph McCray wrote:
> I've been spending a lot of time googling these php shells (c99/r57 et
> al) lately. It appears that people are getting these on servers via
> Remote File Include vulnerabilities.
>
> I'm curious how many auditors are 1) testing for this stuff in your
> audits. Tons of blog, forum, and wiki packages have these vulns - are
> you guys testing for this stuff, and more importantly are you finding it
> vuln in your audits?
>
> Next question is for trainers, how much time are you spending on this
> stuff in your web application security classes. Currently I'm spending a
> hefty chunk of time on the big guns (SQL Injection, Cross-Site
> Scripting, etc). I know these are the usual suspects, but when I get out
> there on the Internet and google for any of these php shells I never get
> past the first search page without finding a compromised server. If you
> check out milw0rm, packetstormsecurity, etc most of the web app vulns
> are remote file includes. Is anyone else noticing this, and what are
> your thoughts?
>
Hi Joseph,
Not sure if you saw this:
http://www.darknet.org.uk/2006/09/fis-file-inclusion-scanner-v01-php-vulnerability/
Might be something to consider.
Like another posted said though not many commercial audits I do involve
PHP, it is worth mentioning this in training though as it seems awfully
common nowadays.
Cheers
-- Gareth Davies - ISO 27001 LA, OPST Manager - Security Practice Network Security Solutions MSC Sdn. Bhd. Suite E-07-21, Block E, Plaza Mont' Kiara, No. 2 Jalan Kiara, Mont’ Kiara, 50480 Kuala Lumpur, Malaysia Phone: +603-6203 5303 or +603-6203 5920 www.mynetsec.com ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:13 EDT