SlideShare a Scribd company logo

How secure is your code?

Download as ODP, PDF
Mikee Franklin
Mikee Franklin

A brief look at PHP security

Technology
1 of 14
How secure is your code? Mikee Franklin
Who am I? ,[object Object]
Working in the industry for 10 years
I never finish a personal proj...
I like to play with ALL languages. Use the right tool for the job. (except for javascript, javascript should be used for /everything/)
twitter: @mikeemoo web: www.mikeefranklin.co.uk
Why I find this interesting.. ,[object Object]
I love finding things I shouldn't be able to find
I like to think I'm doing a 'good thing' if I find (and report) a security hole
I don't actually know much about it at all. I've barely scraped the surface of what's possible.
I don't “exploit” live websites.
The basics from an exploiters point of view ,[object Object]
If we can run our own code, we can get shell access
If we can get shell access, we can find things we shouldn't be able to find, and we can potentially get root access.

Recommended

Developing on the aloashbei platform
Developing on the aloashbei platformDeveloping on the aloashbei platform
Developing on the aloashbei platformpycharmer
 
Php tutorial
Php tutorialPhp tutorial
Php tutorialComputer Hardware & Trouble shooting
 
Beginners PHP Tutorial
Beginners PHP TutorialBeginners PHP Tutorial
Beginners PHP Tutorialalexjones89
 
Php tutorial(w3schools)
Php tutorial(w3schools)Php tutorial(w3schools)
Php tutorial(w3schools)Arjun Shanka
 
Php tutorial
Php tutorialPhp tutorial
Php tutorialS Bharadwaj
 
Phpwebdevelping
PhpwebdevelpingPhpwebdevelping
Phpwebdevelpingmohamed ashraf
 
php
phpphp
phpajeetjhajharia
 
10 things you are doing wrong in Joomla
10 things you are doing wrong in Joomla10 things you are doing wrong in Joomla
10 things you are doing wrong in JoomlaAshwin Date
 

Recommended

Developing on the aloashbei platform
Developing on the aloashbei platformDeveloping on the aloashbei platform
Developing on the aloashbei platformpycharmer
 
Php tutorial
Php tutorialPhp tutorial
Php tutorialComputer Hardware & Trouble shooting
 
Beginners PHP Tutorial
Beginners PHP TutorialBeginners PHP Tutorial
Beginners PHP Tutorialalexjones89
 
Php tutorial(w3schools)
Php tutorial(w3schools)Php tutorial(w3schools)
Php tutorial(w3schools)Arjun Shanka
 
Php tutorial
Php tutorialPhp tutorial
Php tutorialS Bharadwaj
 
Phpwebdevelping
PhpwebdevelpingPhpwebdevelping
Phpwebdevelpingmohamed ashraf
 
php
phpphp
phpajeetjhajharia
 
10 things you are doing wrong in Joomla
10 things you are doing wrong in Joomla10 things you are doing wrong in Joomla
10 things you are doing wrong in JoomlaAshwin Date
 
Php intro
Php introPhp intro
Php introRajesh Jha
 
Introduction to PHP
Introduction to PHPIntroduction to PHP
Introduction to PHPBradley Holt
 
Justmeans power point
Justmeans power pointJustmeans power point
Justmeans power pointjustmeanscsr
 
Justmeans power point
Justmeans power pointJustmeans power point
Justmeans power pointjustmeanscsr
 
Php1
Php1Php1
Php1Reka
 
Securing Your Web Server
Securing Your Web ServerSecuring Your Web Server
Securing Your Web Servermanugoel2003
 
PHP Tutorials
PHP TutorialsPHP Tutorials
PHP TutorialsYuriy Krapivko
 
Php tutorial
Php tutorialPhp tutorial
Php tutorialNiit
 
PHP Presentation
PHP PresentationPHP Presentation
PHP PresentationNikhil Jain
 
Introduction to PHP
Introduction to PHPIntroduction to PHP
Introduction to PHPCollaboration Technologies
 
Introduction to php
Introduction to phpIntroduction to php
Introduction to phpTaha Malampatti
 
Php Presentation
Php PresentationPhp Presentation
Php PresentationManish Bothra
 
PHP NOTES FOR BEGGINERS
PHP NOTES FOR BEGGINERSPHP NOTES FOR BEGGINERS
PHP NOTES FOR BEGGINERSAminiel Michael
 
Php interview-questions and answers
Php interview-questions and answersPhp interview-questions and answers
Php interview-questions and answerssheibansari
 
Nervous system
Nervous systemNervous system
Nervous systemjhadachek
 
Pns blog
Pns blogPns blog
Pns blogjhadachek
 
Nervous system
Nervous systemNervous system
Nervous systemjhadachek
 
Kepribadian2
Kepribadian2Kepribadian2
Kepribadian2suhesaahmad
 
Wind Pad 100w NUI interface PK
Wind Pad 100w NUI interface PKWind Pad 100w NUI interface PK
Wind Pad 100w NUI interface PKIM450ROCKS
 
Muscle unit blog
Muscle unit blogMuscle unit blog
Muscle unit blogjhadachek
 
Childs darling china_mobile
Childs darling china_mobileChilds darling china_mobile
Childs darling china_mobileIM450ROCKS
 
Kingdom animalia
Kingdom animaliaKingdom animalia
Kingdom animaliajhadachek
 

More Related Content

What's hot

Introduction to PHP
Introduction to PHPIntroduction to PHP
Introduction to PHPBradley Holt
 
Justmeans power point
Justmeans power pointJustmeans power point
Justmeans power pointjustmeanscsr
 
Justmeans power point
Justmeans power pointJustmeans power point
Justmeans power pointjustmeanscsr
 
Php1
Php1Php1
Php1Reka
 
Securing Your Web Server
Securing Your Web ServerSecuring Your Web Server
Securing Your Web Servermanugoel2003
 
Php tutorial
Php tutorialPhp tutorial
Php tutorialNiit
 
PHP Presentation
PHP PresentationPHP Presentation
PHP PresentationNikhil Jain
 
Php interview-questions and answers
Php interview-questions and answersPhp interview-questions and answers
Php interview-questions and answerssheibansari
 

What's hot (14)

Php intro
Php introPhp intro
Php intro
 
Introduction to PHP
Introduction to PHPIntroduction to PHP
Introduction to PHP
 
Justmeans power point
Justmeans power pointJustmeans power point
Justmeans power point
 
Justmeans power point
Justmeans power pointJustmeans power point
Justmeans power point
 
Php1
Php1Php1
Php1
 
Securing Your Web Server
Securing Your Web ServerSecuring Your Web Server
Securing Your Web Server
 
PHP Tutorials
PHP TutorialsPHP Tutorials
PHP Tutorials
 
Php tutorial
Php tutorialPhp tutorial
Php tutorial
 
PHP Presentation
PHP PresentationPHP Presentation
PHP Presentation
 
Introduction to PHP
Introduction to PHPIntroduction to PHP
Introduction to PHP
 
Introduction to php
Introduction to phpIntroduction to php
Introduction to php
 
Php Presentation
Php PresentationPhp Presentation
Php Presentation
 
PHP NOTES FOR BEGGINERS
PHP NOTES FOR BEGGINERSPHP NOTES FOR BEGGINERS
PHP NOTES FOR BEGGINERS
 
Php interview-questions and answers
Php interview-questions and answersPhp interview-questions and answers
Php interview-questions and answers
 

Viewers also liked

Nervous system
Nervous systemNervous system
Nervous systemjhadachek
 
Nervous system
Nervous systemNervous system
Nervous systemjhadachek
 
Wind Pad 100w NUI interface PK
Wind Pad 100w NUI interface PKWind Pad 100w NUI interface PK
Wind Pad 100w NUI interface PKIM450ROCKS
 
Muscle unit blog
Muscle unit blogMuscle unit blog
Muscle unit blogjhadachek
 
Childs darling china_mobile
Childs darling china_mobileChilds darling china_mobile
Childs darling china_mobileIM450ROCKS
 
Kingdom animalia
Kingdom animaliaKingdom animalia
Kingdom animaliajhadachek
 

Viewers also liked (8)

Nervous system
Nervous systemNervous system
Nervous system
 
Pns blog
Pns blogPns blog
Pns blog
 
Nervous system
Nervous systemNervous system
Nervous system
 
Kepribadian2
Kepribadian2Kepribadian2
Kepribadian2
 
Wind Pad 100w NUI interface PK
Wind Pad 100w NUI interface PKWind Pad 100w NUI interface PK
Wind Pad 100w NUI interface PK
 
Muscle unit blog
Muscle unit blogMuscle unit blog
Muscle unit blog
 
Childs darling china_mobile
Childs darling china_mobileChilds darling china_mobile
Childs darling china_mobile
 
Kingdom animalia
Kingdom animaliaKingdom animalia
Kingdom animalia
 

Similar to How secure is your code?

Create Your Own Framework by Fabien Potencier
Create Your Own Framework by Fabien PotencierCreate Your Own Framework by Fabien Potencier
Create Your Own Framework by Fabien PotencierHimel Nag Rana
 
Google Hacking Lab ClassNameDate This is an introducti.docx
Google Hacking Lab ClassNameDate This is an introducti.docxGoogle Hacking Lab ClassNameDate This is an introducti.docx
Google Hacking Lab ClassNameDate This is an introducti.docxwhittemorelucilla
 
Wamp & LAMP - Installation and Configuration
Wamp & LAMP - Installation and ConfigurationWamp & LAMP - Installation and Configuration
Wamp & LAMP - Installation and ConfigurationChetan Soni
 
Web-servers & Application Hacking
Web-servers & Application HackingWeb-servers & Application Hacking
Web-servers & Application HackingRaghav Bisht
 
Antivirus Evasion Techniques and Countermeasures
Antivirus Evasion Techniques and CountermeasuresAntivirus Evasion Techniques and Countermeasures
Antivirus Evasion Techniques and Countermeasuressecurityxploded
 
$kernel->infect(): Creating a cryptovirus for Symfony2 apps
$kernel->infect(): Creating a cryptovirus for Symfony2 apps$kernel->infect(): Creating a cryptovirus for Symfony2 apps
$kernel->infect(): Creating a cryptovirus for Symfony2 appsRaul Fraile
 
Java Web Security Class
Java Web Security ClassJava Web Security Class
Java Web Security ClassRich Helton
 
47300 php-web-backdoor-decode
47300 php-web-backdoor-decode47300 php-web-backdoor-decode
47300 php-web-backdoor-decodeAttaporn Ninsuwan
 
Remote File Inclusion / Local File Inclusion [Attack and Defense Techniques]
Remote File Inclusion / Local File Inclusion [Attack and Defense Techniques]Remote File Inclusion / Local File Inclusion [Attack and Defense Techniques]
Remote File Inclusion / Local File Inclusion [Attack and Defense Techniques]Ismail Tasdelen
 
Zip password cracker
Zip password crackerZip password cracker
Zip password crackerMoTechInc
 
Web application security
Web application securityWeb application security
Web application securityRavi Raj
 

Similar to How secure is your code? (20)

LVPHP.org
LVPHP.orgLVPHP.org
LVPHP.org
 
Create Your Own Framework by Fabien Potencier
Create Your Own Framework by Fabien PotencierCreate Your Own Framework by Fabien Potencier
Create Your Own Framework by Fabien Potencier
 
Tranning-2
Tranning-2Tranning-2
Tranning-2
 
Google Hacking Lab ClassNameDate This is an introducti.docx
Google Hacking Lab ClassNameDate This is an introducti.docxGoogle Hacking Lab ClassNameDate This is an introducti.docx
Google Hacking Lab ClassNameDate This is an introducti.docx
 
Wamp & LAMP - Installation and Configuration
Wamp & LAMP - Installation and ConfigurationWamp & LAMP - Installation and Configuration
Wamp & LAMP - Installation and Configuration
 
Web-servers & Application Hacking
Web-servers & Application HackingWeb-servers & Application Hacking
Web-servers & Application Hacking
 
Antivirus Evasion Techniques and Countermeasures
Antivirus Evasion Techniques and CountermeasuresAntivirus Evasion Techniques and Countermeasures
Antivirus Evasion Techniques and Countermeasures
 
Anti-Virus Evasion Techniques and Countermeasures
Anti-Virus Evasion Techniques and CountermeasuresAnti-Virus Evasion Techniques and Countermeasures
Anti-Virus Evasion Techniques and Countermeasures
 
Php
PhpPhp
Php
 
Php
PhpPhp
Php
 
Php
PhpPhp
Php
 
$kernel->infect(): Creating a cryptovirus for Symfony2 apps
$kernel->infect(): Creating a cryptovirus for Symfony2 apps$kernel->infect(): Creating a cryptovirus for Symfony2 apps
$kernel->infect(): Creating a cryptovirus for Symfony2 apps
 
Java Web Security Class
Java Web Security ClassJava Web Security Class
Java Web Security Class
 
secure php
secure phpsecure php
secure php
 
47300 php-web-backdoor-decode
47300 php-web-backdoor-decode47300 php-web-backdoor-decode
47300 php-web-backdoor-decode
 
Unusual Web Bugs
Unusual Web BugsUnusual Web Bugs
Unusual Web Bugs
 
Web Bugs
Web BugsWeb Bugs
Web Bugs
 
Remote File Inclusion / Local File Inclusion [Attack and Defense Techniques]
Remote File Inclusion / Local File Inclusion [Attack and Defense Techniques]Remote File Inclusion / Local File Inclusion [Attack and Defense Techniques]
Remote File Inclusion / Local File Inclusion [Attack and Defense Techniques]
 
Zip password cracker
Zip password crackerZip password cracker
Zip password cracker
 
Web application security
Web application securityWeb application security
Web application security
 

Recently uploaded

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 

Recently uploaded (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 

How secure is your code?

  • 1. How secure is your code? Mikee Franklin
  • 2.
  • 3. Working in the industry for 10 years
  • 4. I never finish a personal proj...
  • 5. I like to play with ALL languages. Use the right tool for the job. (except for javascript, javascript should be used for /everything/)
  • 6. twitter: @mikeemoo web: www.mikeefranklin.co.uk
  • 7.
  • 8. I love finding things I shouldn't be able to find
  • 9. I like to think I'm doing a 'good thing' if I find (and report) a security hole
  • 10. I don't actually know much about it at all. I've barely scraped the surface of what's possible.
  • 11. I don't “exploit” live websites.
  • 12.
  • 13. If we can run our own code, we can get shell access
  • 14. If we can get shell access, we can find things we shouldn't be able to find, and we can potentially get root access.
  • 15. If not, we can still extract a lot information. Passwords, account details.. etc.. those passwords will often be the same for other sites
  • 16.
  • 17. Check for open /.svn/ folders
  • 18. Have a poke around. Work out what plugins might be installed, check the source of them.
  • 19. Check for known files that might give you the version number of the software. INSTALL, VERSION, LICENCE..etc.
  • 20.
  • 22. Some servers will execute .php.jpg as a php file – depends on configuration and version(?)
  • 23. You can embed code in image metadata and PHP will still recognise it as a valid image, no matter what the extension.
  • 24.
  • 25. We can run netcat locally and wait for the connection.
  • 26. We now have shell access. But we're only running as the apache user... but we can now easily extract all of the data from the database, search the server for other files, and look to see what software is running that'll allow us to escalate permissions.
  • 27. There's plenty of information out there with databases of exploits (for example, http://www.exploit-db.com)
  • 28.
  • 29. Use local file inclusion to execute the code good example: require $_GET[“file”].”.php”;
  • 30. But what about the .php? Surely that'll only open php files?
  • 31. Using a null character strips off the end, for example: index.php?file=../../../../../../../../../../etc/passwd%00
  • 32. But.. we need to get our code onto the machine first...
  • 33.
  • 35.
  • 36. We can cycle through /proc/self/fd/[x] as one might be a symlink to our logs
  • 37.
  • 38. The handshake messages from the server will give us a clue to the location of the logs Status: Resolving address of www.mikeefranklin.co.uk Status: Connecting to 65.49.60.84:21... Status: Connection established, waiting for welcome message... Response: 220 (vsFTPd 2.2.2) Command: USER <?php phpinfo(); ?> -> logs likely to be at /var/log/vsftpd.log
  • 39.
  • 40. We can guess the location of the file
  • 41. Knowing the database name will help us find the path to the database
  • 42. ..but we cant use LFI to read the database config, because the PHP get will executed.. … but we can use the php filter wrapper to help read it. index.php?file=php://filter/convert.base64-encode/resource=config.php This will output the file base64 encoded, which we can then decode.
  • 43. If SQL injection is available, we can use it to retrieve the database path
  • 44.
  • 45. Now we can call.. index.php?file=../../../../../../../../tmp/myfile%00
  • 46.
  • 47. Can extract data we shouldn't be able to get to
  • 48. Can potentially log in as different users
  • 49. Maybe read files off the server
  • 50. Maybe even execute our own code
  • 51.
  • 52. Don't trust any user input. GET, POST, COOKIES.etc.
  • 53. PDO prepare is your friend
  • 54. Correctly check file extensions
  • 55. Never give Apache or your MySQL user more permissions than they need
  • 56. Keep an eye on news regarding new exploits