You are here: Re: Qustion on viewing code « All PHP « IT news, forums, messages
Re: Qustion on viewing code

Posted by Steve on 02/23/07 19:11

"shimmyshack" <matt.farey@gmail.com> wrote in message
news:1172257128.974602.324590@z35g2000cwz.googlegroups.com...
| On 23 Feb, 18:38, "Steve" <no....@example.com> wrote:
| > "Rik" <luiheidsgoe...@hotmail.com> wrote in message
| >
| > news:op.tn7q1znlqnv3q9@misant...| shimmyshack <matt.fa...@gmail.com>
wrote:
| > | Rik <luiheidsgoe...@hotmail.com> wrote:
| >
| > | >> Rik <luiheidsgoe...@hotmail.com> wrote:
| > | >> > shimmyshack <matt.fa...@gmail.com> wrote:
| > | >> >> This is the only statement in my httpd.conf:
| > | >>
| > | >> >> AddType application/x-httpd-php .php
| > | >>
| > | >> >> and yet the attack works.
| > | >> >> The server doesnt have to be set up to parse every doc for php,
that
| > | >> >> was an assumption.
| > | >> >> Has anyone here tried it on their server?
| > | >>
| > | >> > Attack does not work here on the local server....
| > | >>
| > | >> And the live server is also safe :-)
| > | >
| > | > out of interest what are you running, is php a module, ta.
| > |
| > | Homebox:
| > | W2K, Apache 2.2.2, PHP 5.1.4 as a module.
| > |
| > | Live server:
| > | FreeBSD 5.3, Apache 2.0.54, PHP 4.4.2 (yes, still, goddamnit) as a
module.
| >
| > lol. it feels that way some times don't it. ;^)
|
| steve with regards your previous offer, the phrase "i'm not worthy"
| flashes into my shrivelled brain. Although of course it would be fun,
| have you taken a look at the great CAL9000 stuff from RSnake (http://
| www.owasp.org/index.php/Category:OWASP_CAL9000_Project)? While not
| specifically aimed at server side pen testing, it is the vector by
| which your code could be introduced.

i'm pretty clueless with hacking methods not too far into the topic. i do
have script that 'inventories' a site. the information it provides is a good
documentation tool when presenting file dependencies or architecture...it is
also scary to believe that i could execute it on someone else's server.

i'll have a look at the link. the real test is knowing how to introduce the
script so that it can be executed. failing the test would mean that i know
more than enough about the site tested to control it at will. i'll have to
shelve it for a while till i can get to putting it all together.

cheers

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация