Friday, August 26, 2011

[Featured Paper] Bypassing PHP IDS


PHP IDS Bypass via Vulnerable Regular Expression:

https://sitewat.ch/en/files/Bypassing%20PHPIDS%200.6.5.pdf


Lesson Learnt:

It has been clear that applications whose inputs are processed from loosely defined regular expression fail to achieve their primary intended workflow.  We've seen code execution vulnerabilities in  applications (e107, AEF) that derive from flawed regular expressions.


No comments:

Post a Comment

secure configurations for Laravel - The PHP Framework

This framework is makes security simple to achieve.  Out of all non-default settings, the little following can be set to achieve higher secu...