PHP exploitation with Stefen Esser

November 29, 2009

Stefen posted his slides on “Shocking News in PHP Exploitation”. Besides talking about PHP vulnerabilities, stefen has discussed some great attack vectors for bypassing Mod-security, php-ids and WAFs.

Here is a good example, from his slides, on how mod-security can be bypassed:
—–
Rules apply all transformation functions first
• t:none – reset
• t:urlDecodeUni – url decoding with unicode support
• t:htmlEntityDecode – decodes HTML entities
• t:replaceComments – removes all comments
• t:compressWhitespace – compresses whitespace
—-
Screen shot 2009-11-29 at 1.01.00 PM

Download Slides

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Trackback