20 ways to php Source code fuzzing (Auditing)
Hello .
This article is only for who attend php as well and really knowing how to program In PHP.
When we talk about PHP Vulnerability discovery, we forget this Question:
What types of bugs?
When we can answer this Question, we will gain to find vulnerability as well as drink some water.
Reading in this article :
Section 1 : (20 ways to PHP source code Auditing - PHP Fuzzing)
1- Cross Site Scripting
2- SQL Injection [medium]
3- HTTP Response Splitting [Medium]
4- Dynamic Evaluation Vulnerabilities [High]
5- Process Control / PHP Code Injection (HIGH)
6- Local / Remote file inclusion (High)
7 – File Management (HIGH)
8- Buffer overflows (High, But Hard Usage)
9- Cookie / Session injection / Fixation / [High]
10 – Denial Of service [Medium, But Hard Assessment]:
11 - XPath Injection [XML Functions]
12 - Often Misused: File Uploads (High)
13 - Un-Authorize summon of Functionality / File (Medium)
14 - Authentication Bypass with Brute Force (Low)
15 - Insecure Randomness Session / Cookie / Backup files (Medium)
16 - Informative details in HTML Comments (Low)
17 - Default unnecessary installation files (medium)
18 – Regular Expression Vulnerability (High)
19 – Resource Injection (Medium)
20 – Week Password / Encryption: (Low)
Section 2:
Automatic PHP Auditor source code
This article is not a full reference about PHP source code security review (a.k.a auditing) but I tried to do this work in my short time as well. So please take my apology about all of mistakes (maybe) I made during completing this article. I’m not sure but maybe I’ve release future version of this article that contain a few more advanced methods.
Here is some of future talk and topics may I add this article in next version:
1- More Real world Attack with Description
2- PHPIDS Defense.
3- More Dangerous Functions: CURL – socket – creat_function & ….
4- Talk About pear functions and security of used.
5- Information About Books of PHP Securea Coding.
6- And ETC
Download :
php-fuzzing-auditing-version-1.0
thanks.
Daphne
http://abysssec.com/blog/2009/03/php_fuzz_audit/
1 comment:
Broken link re-post that or up on another site.
Mark.
Post a Comment