News Feed
Jobs Feed
Sections




News Archive
The Hacker Webzine:
Two PHP Reconnaissance Vectors
by Chris Cornutt August 08, 2007 @ 09:35:00

On the Hacker Webzine there's a new post pointing out two PHP reconnaissance vectors that can be used to find out more about the remote PHP servers.

I've talked about this if you followed my blog last week. These two vectors can be used to trigger error messages or to obtain more intelligence about the server within PHP. These are not very well known and therefore I wanted to share it here.

One of the vectors has to do with how the developer handles the $_SERVER variables (not sanitized correctly because the developer thinks they can't be changed) and the other deals with changing the PHPSESSID (session ID) to exploit if it is echoed back into the page.

0 comments voice your opinion now!
reconnaissance vectors phpsessid server variable reconnaissance vectors phpsessid server variable


blog comments powered by Disqus

Similar Posts

Lorna Mitchell's Blog: PHP REST Server (Part 3 of 3)

The Hacker Webzine: Two PHP Reconnaissance Vectors

PHPClasses.org Blog: Sending e-mail using [Remote] SMTP servers/MIME Email

Christoph Hochstrasser: PHP Socket Programming, done the Right Way (tm)

Stuart Herbert's Blog: Participating in the European WinPHP Challenge 2009


 Community Events









Don't see your event here?
Let us know!

code api object testing functional release zendframework2 podcast framework introduction development tool event interview unittest language composer community example opinion

All content copyright, 2013 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework