[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] Bypassing PHPIDS 0.6.5
From: Michael Brooks <firealwaysworks () gmail ! com>
Date: 2011-08-26 18:18:02
Message-ID: CACDSwDki0JX1+pYQB0tNrSemyL3UR0LVYgmks60Y0gkW+JGZuw () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Full Paper:
https://sitewat.ch/en/Blog/10
Using these attacks it is possible to bypass all of PHPIDS's rule sets,
which defeats all protection PHPIDS can provide. Further more on a default
install of PHPIDS the log file can be used to drop a PHP backdoor. There by
using PHPIDS as a vital steping stone in turning an LFI vulnerability into
remote code execution. Thus PHPIDS 0.6.5 made you less secure. Of course
all of these issues have been fixed in PHPIDS 0.7, and by using the latest
version of PHPIDS I have no doubt that you're php application will be more
secure. If someone tells you that you are absolutely secure, then they are
trying to sell you something. However PHPIDS 0.7 provides a strong barrier
between your application and an attacker.
[Attachment #5 (text/html)]
Full Paper:<br><a href="https://sitewat.ch/en/Blog/10">https://sitewat.ch/en/Blog/10</a><br><br>Using \
these attacks it is possible to bypass all of PHPIDS's rule sets, which defeats all \
protection PHPIDS can provide. Further more on a default install of PHPIDS the log file can \
be used to drop a PHP backdoor. There by using PHPIDS as a vital steping stone in turning an
LFI vulnerability into remote code execution. Thus PHPIDS 0.6.5 made
you less secure. Of course all of these issues have been fixed in PHPIDS 0.7,
and by using the latest version of PHPIDS I have no doubt that you're
php application will be more secure. If someone tells you that you are
absolutely secure, then they are trying to sell you something.
However PHPIDS 0.7 provides a strong barrier between your application
and an attacker.<br>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic