Friday, August 26, 2011

[Featured Paper] Bypassing PHP IDS


PHP IDS Bypass via Vulnerable Regular Expression:

https://sitewat.ch/en/files/Bypassing%20PHPIDS%200.6.5.pdf


Lesson Learnt:

It has been clear that applications whose inputs are processed from loosely defined regular expression fail to achieve their primary intended workflow.  We've seen code execution vulnerabilities in  applications (e107, AEF) that derive from flawed regular expressions.


Sunday, August 21, 2011

[Featured Tool] XSSF: Cross Site Scripting Framework

http://code.google.com/p/xssf/downloads/list

The Cross-Site Scripting Framework (XSSF) is a security tool designed to turn the XSS vulnerability exploitation task into a much easier work. The XSSF project aims to demonstrate the real dangers of XSS vulnerabilities, vulgarizing their exploitation.

XSSF allows creating a communication channel with the targeted browser (from a XSS vulnerability) in order to perform further attacks. Users are free to select existing modules (a module = an attack) in order to target specific browsers.

XSSF provides a powerfull documented API, which facilitates development of modules and attacks. In addition, its integration into the Metasploit Framework allows users to launch MSF browser based exploit easilly from an XSS vulnerability.

In addition, an interesting though exploiting an XSS inside a victim's browser could be to browse website on attacker's browser, using the connected victim's session. In most of cases, simply stealing the victim cookie will be sufficient to realize this action. But in minority of cases (intranets, network tools portals, etc.), cookie won't be useful for an external attacker. That's why XSSF Tunnel was created to help the attacker to help the attacker browsing on affected domain using the victim's session.


Real Demo:
Exploitation with XSSF: http://www.youtube.com/watch?v=UpXfD5LMkZo&feature=related
Tunneling with XSSF: http://www.youtube.com/watch?v=1sz3g7bSKXU&feature=related

secure configurations for Laravel - The PHP Framework

This framework is makes security simple to achieve.  Out of all non-default settings, the little following can be set to achieve higher secu...