From: Joseph McCray (joe@learnsecurityonline.com)
Date: Fri Oct 13 2006 - 23:01:02 EDT
I've been spending a lot of time googling these php shells (c99/r57 et
al) lately. It appears that people are getting these on servers via
Remote File Include vulnerabilities.
I'm curious how many auditors are 1) testing for this stuff in your
audits. Tons of blog, forum, and wiki packages have these vulns - are
you guys testing for this stuff, and more importantly are you finding it
vuln in your audits?
Next question is for trainers, how much time are you spending on this
stuff in your web application security classes. Currently I'm spending a
hefty chunk of time on the big guns (SQL Injection, Cross-Site
Scripting, etc). I know these are the usual suspects, but when I get out
there on the Internet and google for any of these php shells I never get
past the first search page without finding a compromised server. If you
check out milw0rm, packetstormsecurity, etc most of the web app vulns
are remote file includes. Is anyone else noticing this, and what are
your thoughts?
-- Joe McCray Toll Free: 1-866-892-2132 Email: joe@learnsecurityonline.com Web: https://www.learnsecurityonline.com Learn Security Online, Inc. * Security Games * Simulators * Challenge Servers * Courses * Hacking Competitions * Hacklab Access
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:12 EDT