This paper will demonstrate the use of a PHP code injection exploit, as part of the GIAC Incident Handler Certification (GCIH). We will study a specific vulnerability found in a PHP eval() statement, that will grant the attacker with a remote access on the vulnerable device. Then, we will show how to prevent this attack from happening. After giving all the details of this exploit, an incident handling process will be proposed. Although performed in a lab environment, this is a real attack that could be exploited over any open network, such as the Internet.
download
free ebook and tutorial - Exploiting PHP code injection
Labels: php
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment