From: Serg B. (sergicles@gmail.com)
Date: Thu Aug 23 2007 - 23:30:33 EDT
PHP "hacking" is very much like "hacking" any web based application.
To do that you need to understand how applications are built and what
they (the target) are built to do.
Also, you need to define "hacking". Do you want to get access to
server shell? Fool users with disinformation? Crash the site? Steal
data? etc.
So, instead of hacking an application, perhaps you should write one.
At the end you will be answer your own questions in far greater detail
then some silly "How to pw4n n00bs" tutorial.
But, to answer your original question (even though I think you are
going about it the wrong way):
http://phpsec.org/
http://www.owasp.org/
http://phpsec.org/projects/phpsecinfo/index.html
[Insert list of all widely used database server websites here]
Either way, to break something in a way that would be useful to you,
you need to understand how it works. Code first, break later.
Serg
On 23 Aug 2007 14:20:04 -0000, tenbatsui@yahoo.com <tenbatsui@yahoo.com> wrote:
> I have a grasp of a lot of php programming, but not enough to apply it to hacking. I am by far not a programmer and understand javascript hacking enough to do some basic audits for javascript.
>
> Does anyone have any good reading material for PHP hacking and even a check list style motions for Auditing PHP apps?
>
> Just trying to get some more broad techniques I mean I know ?Try xss here stuff and "/><script> style but I am looking more for how to defeat the php apps and gather information from them. Trying to focus more on that area of a php app and playing with them a little more.
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:03 EDT