WebApp Sec mailing list archives
Re: PHP Security
From: "Eduardo Tongson" <propolice () gmail com>
Date: Wed, 19 Mar 2008 08:09:27 +0800
If I understood correctly you mean /XXX is created on the fly. Probably a variant of the Random JS Toolkit [1]. [1] <http://blog.eonsec.com/2008/01/random-js-toolkit.html> -- Ed <.. _ . . _> On Tue, Mar 18, 2008 at 7:58 AM, Greg Song <bigrootno1 () gmail com> wrote:
Hi all Thesedays I'm analyzing the solarys system that using apache web server and php. Of cause it hacked. I could not find reason of some situation that the specified directory are created over and over(it includes check.js) Weblog record as below >> xxx.xxx.xxx.xxx GET "/XXX/ahibix/check.js Some pages can upload the file but it didn't work when I uploaded some php file. I'm wondering how it makes some directories. Any suggestin,ideas. Thanks all ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- PHP Security Greg Song (Mar 18)
- Re: PHP Security Eduardo Tongson (Mar 18)
- Re: PHP Security Eric Marden (Mar 18)
- Re: PHP Security Greg Song (Mar 18)
- <Possible follow-ups>
- Re: PHP Security Greg Song (Mar 18)