PHP exploitation with Stefen Esser

November 29, 2009

Stefen posted his slides on “Shocking News in PHP Exploitation”. Besides talking about PHP vulnerabilities, stefen has discussed some great attack vectors for bypassing Mod-security, php-ids and WAFs.

Here is a good example, from his slides, on how mod-security can be bypassed:
Rules apply all transformation functions first
• t:none – reset
• t:urlDecodeUni – url decoding with unicode support
• t:htmlEntityDecode – decodes HTML entities
• t:replaceComments – removes all comments
• t:compressWhitespace – compresses whitespace
Screen shot 2009-11-29 at 1.01.00 PM

Download Slides


Leave a Reply

Your email address will not be published. Required fields are marked *