Tag Archives: File Inclusion

Encoding Web Shells in PNG IDAT chunks

Posted on June 4, 2012 by Phil

If you carefully encode a web shell in an image you can bypass server-side filters and seemingly make shells materialize out of nowhere (and I’m not talking about encoding data in comments or metadata) – this post will show you how … Continue reading

Posted in Exploits, PHP | Tagged , , , , | 22 Comments

Exploit: Symfony2 – local file disclosure vulnerability

Posted on February 25, 2012 by Phil

I recently discovered a vulnerability affecting the Symfony2 Framework versions 2.0.0-2.0.10. In short, by by parsing user supplied XML in any way (e.g. SOAP API, RSS feed, unserializing an object) it is possible to disclose the contents of arbitrary files from the … Continue reading

Posted in Exploits, PHP, XML | Tagged , , , , , | 1 Comment

PHP Remote File Inclusion command shell using data://

Posted on March 24, 2011 by Phil

PHP 5.2 and above provides stream wrappers. The general idea behind the stream wrapper is that you write one that interfaces with other protocols or services and you can still reference the data using your favourite functions. Here we open … Continue reading

Posted in PHP | Tagged , , | 4 Comments

Hardening and securing PHP on Linux

Posted on February 28, 2011 by Phil

Hardening PHP on linux to increase security is a complex process involving a plethora of  settings. A while back I developed a script in order to check for any security settings that were out of place. The idea is that … Continue reading

Posted in PHP | Tagged , , , , , | 14 Comments

Using php://filter for local file inclusion

Posted on February 23, 2011 by Phil

I came across a website where the site was vulnerable to LFI (local file inclusion) however the inclusion was done using a require_once and the script appended a .php extension to the end of the file; furthermore it was not … Continue reading

Posted in PHP | Tagged , , | 3 Comments