[Dailydave] PHP is awesome.
Dave Aitel
dave at immunityinc.com
Mon Jun 16 15:50:47 EDT 2014
There are parts of PHP we all know very well, which are obviously bad.
preg_replace, for example, has an option to execute code that you pass
into it. This is obviously terrible design. Only an evil alien would
have designed that feature into a language that way.
But there are other, more subtle features. The weird way they handle
"filters" is diabolical. Exactly how you use this to take control of a
PHP app means that the attack surface is in a way somewhat
counterintuitive to a normal C/C++ auditor. That's why, even if you are
a GOOD auditor you should still take our PHP auditing class July 24th
and 25th in Columbia MD. It is not just about tracking input to bad
functions. That part is given. It's about understanding the insane
transforms that are possible in PHP - it is like you are playing Portal,
but with data input that eventually will get your remote code execution.
In any case, email admin at immunityinc.com to sign up. It is worth FLYING
TO COLUMBIA MD for! :>
And, in case you were one of the people to miss out on INFILTRATE
altogether, I want to highlight another released video of a talk. Sue's
talk was spectacular I thought, and now everyone can see it!
http://vimeo.com/98215525
(Note: You can also email admin at immunityinc.com to sign up for next
year's INFILTRATE. :>)
-dave
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20140616/c6aecdde/attachment.sig>
More information about the Dailydave
mailing list