PaulDotCom mailing list archives
Re: Exploiting vulnerable php functions
From: Robin Wood <robin () digininja org>
Date: Wed, 11 Sep 2013 07:37:03 +0100
On 11 Sep 2013 06:53, "allison nixon" <elsakoo () gmail com> wrote:
By the way, if you did use file inclusion in order to abuse vulnerable
php functions, would it have gained you any more access than if you just file included a shell?
It would depend on what level of access the exploit got you. On a standard Linux install your shell would be a low privilege user such as apache but the exploit may get you directly through to root. I've not investigated web shells in any depth but something I've never seen is one with all the exploits built in. You could code it to check the php version then execute the appropriate function. Robin
On Tue, Sep 10, 2013 at 4:28 AM, Robin Wood <robin () digininja org> wrote:On 8 September 2013 19:47, Dancing Dan <d4ncingd4n () gmail com> wrote:I haven't looked at PHP internals but, some languages create functions
as extensions of other functions as a form of code reuse. This could lead to unexpected file inclusion.
Does anybody know if PHP does that?Do you mean one function internally calls another, for example a string
compare ignoring case will call the generic string compare but pass in the ignore case flag?
I've no idea if PHP does this but would be interested to find out and if
it does to get a list of what calls what.
RobinBart On Sep 8, 2013 1:39 PM, "Robin Wood" <robin () digininja org> wrote:On 8 Sep 2013 19:01, "Jim Halfpenny" <jim.halfpenny () gmail com> wrote:In short no. Take a look at file inclusion vulnerabilities. http://en.m.wikipedia.org/wiki/File_inclusion_vulnerabilityIf you are suggesting include in a file which uses a vulnerable
function then your answer is actually yes.
RobinRegards Jim On 8 Sep 2013 04:40, "Sean McCormick" <sean.m.mccormick () gmail com>
wrote:
If a website is running a version of php with vulnerable functions
does the function have to be used in a script in order to exploit the vulnerability?
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- _________________________________ Note to self: Pillage BEFORE burning. _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Exploiting vulnerable php functions Sean McCormick (Sep 07)
- Re: Exploiting vulnerable php functions allison nixon (Sep 08)
- Re: Exploiting vulnerable php functions Jim Halfpenny (Sep 08)
- Re: Exploiting vulnerable php functions Robin Wood (Sep 08)
- Re: Exploiting vulnerable php functions Dancing Dan (Sep 09)
- Re: Exploiting vulnerable php functions Robin Wood (Sep 10)
- Re: Exploiting vulnerable php functions allison nixon (Sep 10)
- Re: Exploiting vulnerable php functions Ryan Sears (Sep 11)
- Re: Exploiting vulnerable php functions Robin Wood (Sep 11)
- Re: Exploiting vulnerable php functions Sean McCormick (Sep 12)
- Re: Exploiting vulnerable php functions Robin Wood (Sep 13)
- Re: Exploiting vulnerable php functions Robin Wood (Sep 08)
- Re: Exploiting vulnerable php functions Dancing Dan (Sep 11)
- Re: Exploiting vulnerable php functions Danny Chrastil (Sep 09)
- Re: Exploiting vulnerable php functions Jim Halfpenny (Sep 09)