News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Security Musings:
PHP Please Hack Pal.
July 16, 2010 @ 11:44:47

On the Security Musings blog today there's a new post from Anurag that walks you through the process, step-by-step, of how he exploited an image gallery written in PHP (including the tools he used).

I always read, PHP applications are a security guy's nightmare. Always thought why, Coming from a world of packets and frames code made lesser sense. Until I stumbled upon this application. The application was an Image gallery, with a lot of nice cool pics and an option to share and upload pics. This was a PHP application. Oh, it was fun! I thought of playing with it. As soon as I checked the Image upload option, the security freak in me took over.

Using tools like BURP, Extplorer and Fgdump he was able to find a hole that let him upload whatever he wanted including full access to the machine and the Windows admin password.

0 comments voice your opinion now!
hack windows server process tools


blog comments powered by Disqus

Similar Posts

IBM developerWorks Blog: What\'s the problem? (Working Directories)

Abhinav Singh's Blog: Get real time system & server load notification on any IM using PHP and XMPP

DevX: Integrating Bash with PHP

Edin Kadribasic's Blog: Back to VC6 for PHP Windows build

PEAR Blog: PHP 5.3 Windows and PEAR (go-pear.phar)


Community Events

Don't see your event here?
Let us know!


voicesoftheelephpant unittest framework laravel php7 version podcast library development opinion api community language interview introduction laravel5 release series security extension

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework