Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Antwort: Re: PHP Easter Eggs

Antwort: Re: PHP Easter Eggs

From: Carsten Kuckuk <ck_at_rib.de>
Date: Tue, 30 Nov 2004 11:34:34 +0100

It's a different code path that has been added to PHP, and it's one that
isn't used frequently, so it is to be considered inherently unsafe untill
proven otherwise.

if(EasterEggConditionMet())
   PerformEasterEggCode()
else
  PerformNormalCode()

See the problem? The Easter Egg Code hasn't been tested yet. How will it
react to variable injections? Extremely long parameters? Cookies? Post
instead of Get? Does the picture trigger a buffer overflow on some
esoteric platform? Can the Easter Egg HTML code in the server be replaced
by something else through another PHP hole and then send attacking HTML
code to unsuspecting visitors?

Harrison Gladden <hgladden_at_gmail.com>
30.11.2004 03:40
Bitte antworten an Harrison Gladden

 
        An: "Serban Gh. Ghita" <serban_at_verasys.ro>
        Kopie: Andi McLean <andi_mclean_at_ntlworld.com>, webappsec_at_securityfocus.com
        Thema: Re: PHP Easter Eggs

maybe it's me, but i'm failing to see the "big picture" here as far as
security is concerned. It seems to me that this would only confirm to
the evil user that yes you are running php, thereby allowing him to
find php specific vulns?? Or is there something else i'm missing
here.

~Harrison

On Tue, 30 Nov 2004 06:12:00 +0200, Serban Gh. Ghita <serban_at_verasys.ro>
wrote:
> interesting, but very risking. i am wondering if an evil user could
exploit
> this and create hoaxes using this 'easter eggs'
> i also wonder what impact could have this over the big companies
websites
> that are using php ;-)
>
>
>
> Serban Gh. Ghita
> coordonator departament IT
> VERASYS International
> serban_at_verasys.ro
> zamolxe_at_php.net
> http://www.verasys.ro
> phone1: +40-251-406.152
> phone2: +40-251-406.153
> cell: +40-788.28.29.10
>
> ----- Original Message -----
> From: "Andi McLean" <andi_mclean_at_ntlworld.com>
> To: <webappsec_at_securityfocus.com>
> Sent: Sunday, November 28, 2004 3:21 PM
> Subject: Fwd: PHP Easter Eggs
>
> > Hi,
> >
> > Does anyone know about the easter eggs in PHP?
> > I've just found out about them, My trust in PHP has just had a major
set
> back,
> > as I'm wondering what other easter eggs there are and can any be used
to
> > circumenvent the protection I have on my site.
> > I feel like I now need to have a look at the source code, to find out
what
> > else is there.
> >
> > <anywebsite.that/uses.php>?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
> >
> > <anywebsite.thatuses.php>?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
> >
> > <anywebsite.thatuses.php>?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
> >
> > eg
> > www.jsane.com/index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
> > www.jsane.com/index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
> > www.jsane.com/index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
> >
> >
> > Andi
>
> 

-- 
___________________________________
Harrison Gladden <hgladden_at_gmail.com>
Computer Engineer & Science Major
~Past experience: He who never makes 
   mistakes, never did anything that's worth.~
Received on Nov 30 2004
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]