« Revising netflix's CSRF | Main | Security Vendor Kasperky Hacked Via SQL Injection »

PHP filesystem attack vectors

ascii writes

"On Apr 07, 2008 I spoke with Kuza55 and Wisec about an attack I found some time before that was a new attack vector for filesystem functions (fopen, (include|require)[_once]?, file_(put|get)_contents, etc) for the PHP language. It was a path normalization issue and I asked them to keep it “secret” [4], this was a good idea cause my analisys was mostly incomplete and erroneous but the idea was good and the bug was real and disposable."

Read more: http://www.ush.it/2009/02/08/php-filesystem-attack-vectors/


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!