Full Disclosure mailing list archives
Re: SANS PHP Port Scanner Remote Code Execution
From: Christian Sciberras <uuf6429 () gmail com>
Date: Wed, 6 Mar 2013 12:49:20 +0100
The article actually recommends looking for information from www.w3schools.com <http://www.w3fools.com>?! Here's a few other obviously missing things: - script requires input but does not check for it (very bad PHP practice) - what the hell is with that code? Ever heard about indentation? - there should be some very basic sanitization; ints be ints and strings be strings - hiding all errors, that was a very smart thing to do.... - early 20's html and css coding style to boot Regarding the tool itself, obviously it's not meant to be used publicly, hence why I could close my eye in this respect. UIlisses, developers already do this. Actually, they've been doing it for quite some time. Perhaps the "security experts" writing tutorials as in that article should follow? On Wed, Mar 6, 2013 at 11:55 AM, Dan Ballance <tzewang.dorje () gmail com>wrote:
+1 On 6 Mar 2013 10:41, "Ulisses Montenegro" <ulisses.montenegro () gmail com> wrote:Not including proper input validation and error handling in code samples is one of the most common and harmful practices in the software development industry -- doing it is not "optional" or "advanced", it is mandatory unless you want to be pwned. Developers need to start doing things properly from the very beginning, as habits become harder and harder to change with experience. On Wed, Mar 6, 2013 at 7:33 AM, Benji <me () b3nji com> wrote:Actually, adding input sanitisation really wouldnt increase the code size that much. Are you just incompetent? On Wed, Mar 6, 2013 at 7:46 AM, Źmicier Januszkiewicz <gauri () tut by>wrote:Dear list, Well, I suppose this had to be a proof-of-concept piece of code to demonstrate how port scanning can be done in PHP, not a production-grade software. Adding input sanitization would increase the code size by a lot and obscure the concept somewhat (not that there is much to be said anout the concept though). Think we can give the dude some discount for that. Nevertheless, seeing something like this coming from "Certified Ethical Hacker and Security + certified" makes me doubt the worthness of those certificates. Could be nice to know the exact naming of those certificates to properly disregard them in the future. With best regards, Z. 2013/3/6 laurent gaffie <laurent.gaffie () gmail com>http://resources.infosecinstitute.com/php-build-your-own-mini-port-scanner/ Finding the vulnerability in this code is left as an exercise to the reader. PS: "*Your comment will be awaiting moderation forever."* _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-- “If debugging is the process of removing software bugs, then programming must be the process of putting them in.” - *Edsger Dijkstra* _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- SANS PHP Port Scanner Remote Code Execution laurent gaffie (Mar 05)
- Re: SANS PHP Port Scanner Remote Code Execution Fayyaz Ali (Mar 05)
- Re: SANS PHP Port Scanner Remote Code Execution Harry Hoffman (Mar 05)
- Re: SANS PHP Port Scanner Remote Code Execution laurent gaffie (Mar 05)
- Re: SANS PHP Port Scanner Remote Code Execution Alexandre Teixeira (Mar 06)
- Re: SANS PHP Port Scanner Remote Code Execution laurent gaffie (Mar 05)
- Re: SANS PHP Port Scanner Remote Code Execution Źmicier Januszkiewicz (Mar 06)
- Re: SANS PHP Port Scanner Remote Code Execution Benji (Mar 06)
- Re: SANS PHP Port Scanner Remote Code Execution Benji (Mar 06)
- Re: SANS PHP Port Scanner Remote Code Execution Ulisses Montenegro (Mar 06)
- Re: SANS PHP Port Scanner Remote Code Execution Dan Ballance (Mar 06)
- Re: SANS PHP Port Scanner Remote Code Execution Christian Sciberras (Mar 06)
- Re: SANS PHP Port Scanner Remote Code Execution Ulisses Montenegro (Mar 06)
- Re: SANS PHP Port Scanner Remote Code Execution Christian Sciberras (Mar 06)
- Re: SANS PHP Port Scanner Remote Code Execution Andrew King (Mar 07)
- Re: SANS PHP Port Scanner Remote Code Execution Christian Sciberras (Mar 07)
- Re: SANS PHP Port Scanner Remote Code Execution adam (Mar 07)
- Re: SANS PHP Port Scanner Remote Code Execution adam (Mar 07)
- Re: SANS PHP Port Scanner Remote Code Execution Nick FitzGerald (Mar 07)
- Re: SANS PHP Port Scanner Remote Code Execution Stefan Jon Silverman (Mar 07)
- Re: SANS PHP Port Scanner Remote Code Execution Benji (Mar 06)
- Re: SANS PHP Port Scanner Remote Code Execution Źmicier Januszkiewicz (Mar 06)