Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Apache/PHP REQUEST_METHOD XSS Vulnerability

from [Vincent Archer] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Apache/PHP REQUEST_METHOD XSS Vulnerability
Date: Wed, 25 Apr 2007 11:35:57 +0200 
On Tue, 2007-04-24 at 20:03 +0300, ØØØ ØÙÙÙ ØØÙØ ØÙØÙ wrote:

This is a case of poor-programming, on the script coder's part, it is
not so
much a vunerability.


In that case, nobody's talking about vulnerabilities on this list, only
poor programming. :)

The problem in here is that the programmer "assumes" that the variables
do have a proper value checking done prior to handling off to the script
engine. HTTP_METHOD is well defined. One would assume apache has
validated the method somehow.

Unfortunately, this assumption was flawed.


That variable only contains what it is sent by apache. it doesn't
parse it.
nor is it supposed to.


However, it (apache) should perform integrity checks, because it has the
capacity to do so.


This CAN be a vulnerability with individual scripts, however, it is
not a vuln
with PHP or Apache.


Not with PHP. But I would agree with the original programmer that apache
is in fault here. Apache should have done the expected work, and
validated that the request was standards-compliant. It didn't, and that
opens up a huge chasm in which plenty of problems, vulnerabilities and
others, may hide.


-- 
Vincent ARCHER
varcher@denyall.com

Tel : +33 (0)1 40 07 47 14
Fax : +33 (0)1 40 07 47 27
Deny All - 23, rue Notre Dame des Victoires - 75002 Paris - France

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Anti-Virus vendors prove less-effective, Nick FitzGerald
Next by Date:  [Full-disclosure] requesting info, n n
Previous by Thread:  Re: [Full-disclosure] Apache/PHP REQUEST_METHOD XSS Vulnerability, عبد الله احمد عنان
Next by Thread:  Re: [Full-disclosure] Apache/PHP REQUEST_METHOD XSS Vulnerability, Kradorex Xeron
Indexes:  [Date] [Thread] [Top] [All Lists]