TippingPoint Digital Vaccine Laboratories
DID YOU KNOW... TippingPoint customers were protected against 0-day exploitation of MS07-017 two years prior to the exploit being discovered in the wild.

PHP File Include Attacks (Part 4 of 4)

Last week I talked about some different strategies for preventing PHP RFI attacks. I also mentioned that proper egress filters are all but foolproof for preventing such attacks. Well today we are going to learn that is not entirely true. There is a trick for completely bypassing egress filters called XSS reflection. And today we'll spend our time learning how this technique works. In a standard PHP RFI Attack, the attacker will send a link to some malicious PHP code som ...


PHP File Include Attacks (Part 3 of 4)

In the second part of this series on PHP file include vulnerabilities, we talked about the different types of payloads commonly seen in the wild. Today, I'm going to switch gears and talk about some strategies for preventing these attacks. Generally speaking, there are four primary ways to prevent falling victim to a PHP File Include attack. These are: 1. Add an IPS...of course!2. Modify your php configuration via php.ini.3. When writing PHP, make sure to sanitize all variables ...


PHP File Include Attacks (Part 2 of 4)

In the first part of this series, we talked about what a PHP file include attack is and what it looks like on the wire. This week we'll dive into how attackers are using these vulnerabilities, as well as take a look as some of the payloads they are using.To start, lets look at the different kinds of payloads people are using in the wild: Types of payloads: Sentinels: These payloads contain a simple unique string (or a small php function to generate a unique string.) T ...


PHP File Include Attacks (Part 1 of 4)

It's true. when polled, 4 out of 4 PHP programmers admit their mother's never once warned them about the dangers of PHP file include vulnerabilities. This is the statistic I use to explain why there are such impressively large numbers of vulnerable PHP applications. But, while lack of motherly guidance is a likely factor, the bigger picture is more complicated. For instance, while PHP file include attacks represented over 20% of all osvdb entries for 2006...