[Featured Paper] Bypassing PHP IDS


PHP IDS Bypass via Vulnerable Regular Expression:

https://sitewat.ch/en/files/Bypassing%20PHPIDS%200.6.5.pdf


Lesson Learnt:

It has been clear that applications whose inputs are processed from loosely defined regular expression fail to achieve their primary intended workflow.  We've seen code execution vulnerabilities in  applications (e107, AEF) that derive from flawed regular expressions.


Comments

Popular posts from this blog

XSS: Gaining access to HttpOnly Cookie in 2012

Jumping out of Touch Screen Kiosks

HttpOnly Session ID in URL and Page Body | Cross Site Scripting