Assault on PHP Applications PHP Vulnerability Exploitation
Author:
Aelphaeis Mangarae
Date:
June 13 2009
th
[Table of Contents]
Web Application Vulnerability Type
Page Number
Paper Introduction
Page 3
File Inclusion Vulnerabilities
Page 4
File Upload Vulnerabilities
Page 13
Disk File Read/Write Vulnerabilities
Page 33
Command Execution Vulnerabilities
Page 49
SQL Injection Vulnerabilities
Page 54
Insecure Cookie Handling
Page 104
REQUIRED READING
Page 114
Greetz To
Page 115
Introduction "Never increase, beyond what is necessary, the number of words required to explain anything" William of Ockham (1285-1349)
In this paper I will cover a small array of vulnerabilities that occur in PHP applications. The vulnerabilities and the exploitation of them shown in this paper are the most common vulnerabilities that you will find exploits for in the public domain. As some people learn best by example, I use example vulnerable code and show exploitation of vulnerabilities in PHP applications. Real world examples of vulnerabilities in PHP software are also shown to educate the reader. The server used for demonstration is this paper is a WAMP (Windows, Apache, MySQL, PHP) setup in my small LAN, the specific details of which are listed below. Keep in mind the examples in this paper are just examples intended to teach you the basics and is not necessarily a reflection of real world exploitation.
Test Server Software: Operating System: Windows XP x64 Database: MySQL 5.1 Web Server: Apache 2.2.0 PHP Version: 5.1.2
Page 3
File Inclusion Vulnerabilities PHP File Inclusion Explained What Is PHP File Inclusion? PHP File Inclusion is done by functions that are a part of PHP (such as include(), include_once()) and allows PHP to open other files for reading. In the case of using include(), the purpose is to reading a file containing PHP code to be interpreted [and output]. An Example of PHP File Inclusion (TorrentTrader 2.04 index.php):