1 / 10

A Security Analysis of the PHP language

By Jonas Heineson Mattias Österberg. A Security Analysis of the PHP language. The PHP language. Common script language for web applications Platform independent Runs on the Zend VM The Zend VM is implemented in C. PHP Vulnerabilities. Different versions, different distributions

xerxes-rogers
Download Presentation

A Security Analysis of the PHP language

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. By Jonas Heineson Mattias Österberg A Security Analysis of the PHP language

  2. The PHP language • Common script language for web applications • Platform independent • Runs on the Zend VM • The Zend VM is implemented in C

  3. PHP Vulnerabilities • Different versions, different distributions • Open source gives good security • Top 5 vulnerabilities investigated • http://cve.mitre.org

  4. Security Bypass • Ability to pass restrictions set by code • Goal is to get access to restricted information • Information gained depends on the vulnerable function

  5. Security Bypass; Example attack • Vulnerable mail packages • mb_send_mail() • safe_mode, open_basedir • imap_open, _body, _list, _createmailbox, _deletemailbox

  6. System Access • Attack with highest gain • Goal is to be able to run arbitrary code with the same privileges as the local user • Always existed in top of vulnerability top 5 • Mostly based around buffer overflows

  7. Cross Site Scripting • Embedded scripts • Retrieve confidential information, manipulate cookies, execute arbitrary code on end user • Server not compromised – used as a tool • Solution: Validate user input

  8. include(“modules/$name/$file.php”); http://host.com/modules.php?op=modload&name=XForum&file=[hostile_javascript]&fid=2 Generates Error: Warning: Failed opening 'modules/XForum/.php' for inclusion (include_path=´´) in /home/foo/htdocs/modules.php on line 27 Error message prints the offending filename and the browser then parses the javascript (part of the filename), i.e. executes the script on the viewers computer Cross Site Scripting; Example

  9. Denial of Service • Most DoS attacks targets badly implemented library functions • An example; specially crafted JPEG image (changed image header) gets called by getimagesize(), which call php_handle_jpeg() and php_handle_iff() • Causes an infinite loop, which consume all CPU resources • Solution: Don't use vulnerable functions, apply patches frequently

  10. Results • Problem is in most cases unvalidated user input • Different injection attacks • Example: http://www.victim.com/index.php?p=about.htm changed to http://www.victim.com/index.php?p=../../../etc/passwd • When vulnerabilities in PHP are discovered, patches are quick to appear • PHP is mostly no more insecure than its user

More Related