WebApp Sec mailing list archives
Re: PHP Security
From: Eric Marden <security () xentek net>
Date: Tue, 18 Mar 2008 21:41:12 -0400
Are you saying that check.js was used in the attack? Does this file call any remote files?
Eric Marden xentek: enlightened internet solutions http://xentek.net/ On Mar 17, 2008, at 7:58 PM, Greg Song wrote:
Hi all Thesedays I'm analyzing the solarys system that using apache web server and php. Of cause it hacked. I could not find reason of some situation that the specified directory are created over and over(it includes check.js) Weblog record as belowSome pages can upload the file but it didn't work when I uploaded some php file.xxx.xxx.xxx.xxx GET "/XXX/ahibix/check.jsI'm wondering how it makes some directories. Any suggestin,ideas. Thanks all---------------------------------------------------------------------- ---Sponsored by: Watchfire Methodologies & Tools for Web Application Security AssessmentWith the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!https://www.watchfire.com/securearea/whitepapers.aspx? id=70170000000940F ---------------------------------------------------------------------- ---
-------------------------------------------------------------------------Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- PHP Security Greg Song (Mar 18)
- Re: PHP Security Eduardo Tongson (Mar 18)
- Re: PHP Security Eric Marden (Mar 18)
- Re: PHP Security Greg Song (Mar 18)
- <Possible follow-ups>
- Re: PHP Security Greg Song (Mar 18)