PHP Applications by themselves account for over 40% of all NIST NVD entries in 2006. We need more than new frameworks. We need new paradigms for PHP development.

These new paradigms of PHP development have been a long time coming (it's all been jokes about it thus far), but there's already forces at work to help make things simpler and better for those developing applications. Frameworks, while not new in themselves, are making writing applications easier than ever before when using their built-in tools.

Secunia's latest advisory points out a vulnerability in DreamStats, which could be exploited by remote attackers to execute arbitrary commands. This issue is due to an input validation error in the "index.php" script that does not validate the "rootpath" parameter, which could be exploited by remote attackers to include malicious PHP scripts and execute arbitrary commands with the privileges of the web server.

Those at risk are systems running versions 4.2 and prior and should update immediately. DreamStats is a package for displaying the statistics for Call of Duty related games on a website.

An attacker's fondest wish is to be able to run their code on the target system; an RFI exploit does just that. By exploiting two very dubious 'features' of the PHP language, an attacker can inject their code into a PHP program on the server.

Basically, if the potential hacker can manage to get in on a varaible that's inside of an include and use it (in)correctly, they can get the script to jump out and run the code from their server instead of the local copy. Turning off regiter_globals will provide some protection, put poor programming and not performing any input validation can poke holes in the script's security without the need for globals.

Check out the rest of the article for more information on this (potentially) serious issue and check your code/configuration doubly to make sure you're not at risk.

Multiple vulnerabilities have been identified in Vivvo Article Management CMS, which could be exploited by remote attackers to compromise a vulnerable server.

The first issue is due to an input validation error in the "pdf_version.php" script that does not validate the "id" parameter before being used in SQL statements, which could be exploited by malicious people to conduct SQL injection attacks.

The second vulnerability is due to an input validation error in the "index.php" script that do not validate the "classified_path" parameter, which may be exploited by remote attackers to include local or remote scripts with the privileges of the web server.

Versions 3.2 and higher of the software are effected, and, unfortunately, there has been no patch issued for the issue.

In one of my previous articles, I mentioned the top 5 security mistakes made in PHP. This article is a follow-up, with some more common security mistakes.

For the three topics he describes the functionality PHP offers for them as well as a suggestion or two as to how you can prevent these issues from showing up in your scripts. ]]> Tue, 21 Mar 2006 06:56:49 -0600 http://www.phpdeveloper.org/news/4751 http://www.phpdeveloper.org/news/4751 quick post from Mike Wallner today with a helpful IMAP hint for those working with attachments - and his solution.

If you -like me- were suffering from being unable to load big attachments through ext/imap because of PHPs memory limit, the new imap_savebody() function should be what you were looking for. It adds the ability to save any section (full mail, too) of a mail message to a file or stream.

You can see the proposal for the functionality on this Zend page, including some of the suggestions others made and its inclusion into The PAT direectory. You can view the source here...]]> Mon, 30 Jan 2006 07:20:47 -0600