Jump to content
xisto Community
Sign in to follow this  
jglw22

Malicious Code Injection

Recommended Posts

Hi everyone!
This is my first post, so be kind! Basically, I'm trying to get a free host together so am writing some posts. Here's a little summin' summin' about malicious code injection with PHP applications.

Basically, this security exploit is one of the oldest tricks in the books and all comes down to the fact that PHP allows execution of both local and remote scripts with the SAME function... dur. Anyway, this is how it works. Image you've just employed a young go getter, straight outta uni, who has found becoming a Jack of all trades a sinch. You place him on web site design duty and after flicking through a PHP manual is on his way. Thinking it a good idea to keep separate database connection scripts, headers and whatnot, they may have something along the lines of this...

include($_GET['page'] . ".php");

This line of PHP code, is then used in URLs like the following example:

STD

Because the $page variable is not specifically defined, an attacker can insert the location of a malicious file into the URL and execute it on the target server as in this example:

STD[/url]http://forums.xisto.com/ />
This then makes the include function call and execute a remote script from the nosey_bastard domain, which could do all sorts of nasty, even delete the entire content of the website.

You have been warned!

JGLW

Share this post


Link to post
Share on other sites

Anybody who first of all puts a user modifiable variable into anything that isn't being parsed out, and then puts a pointless delete_all.php page in the same directory deserves to have their website removed. That is just plain stupidity.

Share this post


Link to post
Share on other sites

Haha... but that's why programmers get paid to surf through their own code and test, test, and test again for loopholes, vulnerabilities, and code injection attacks like these.In all reality, I would promote code injection just to be able to learn from the experience. You get to figure out if your exploit works, why it works, introduce yourself to a little bit of PHP and how it works, and if you're a white hat hacker, you might even score some attention, potential, and a job as a network/Internet security specialist. :D I for one like to try various code injections into the all-infamous wall that is MySpace, since a lot of the things you do is entangled into a nightmare of code all within a ColdFusion file (index.cfm) and the various JavaScript files it calls on. There might be some PHP in MySpace's design now... I'm not that sure now because it's been a while since I've poked around.

Share this post


Link to post
Share on other sites

That's also called RFI, Remote File Inclusion, if the vuln let you load a remote page or LFI, Local File Inclusion, if the vuln let you load a page on the same server.It was a quite common vulnerability some time ago.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.