[Featured Paper] Bypassing PHP IDS

PHP IDS Bypass via Vulnerable Regular Expression:


Lesson Learnt:

It has been clear that applications whose inputs are processed from loosely defined regular expression fail to achieve their primary intended workflow.  We've seen code execution vulnerabilities in  applications (e107, AEF) that derive from flawed regular expressions.


Popular posts from this blog

Bypassing referrer check with no script involved

Jumping out of Touch Screen Kiosks