» PHP http://www.megapanzer.com Fri, 23 Dec 2011 13:02:33 +0000 en hourly 1 http://wordpress.org/?v=3.3 Interesting PHP injection http://www.megapanzer.com/2010/09/02/interesting-php-injection/ http://www.megapanzer.com/2010/09/02/interesting-php-injection/#comments Thu, 02 Sep 2010 16:45:06 +0000 carrumba http://www.megapanzer.com/?p=3904

Read on Sans

PHP injection attacks have become increasingly popular lately. If you look at your web server logs I’m pretty sure that you will find dozens of requests for PHP injection, usually by bots that are simply trying some well known (and less known) vulnerabilities.
One of our readers, Blake, managed to capture some interesting attempts to exploit various PHP injection vulnerabilities on his web site, thanks to installation of mod_security. Contrary to popular PHP injection attempts, where the attacker tries to exploit a variable to get the PHP interpreter to retrieve a remote PHP script, Blake noticed that the attacker tried to exploit a vulnerability in a PHP script through POST request. The attacker submitted a malicious PHP script (with other data) hoping that the PHP interpreter will execute it – this vulnerability also exist, although not that common. Here is what the attack looked like in log files …

Read more here.

]]> http://www.megapanzer.com/2010/09/02/interesting-php-injection/feed/ 0 Unanonymity 0.3 : PHP script to reveal user data http://www.megapanzer.com/2009/08/10/unanonymity-0-3-php-script-to-reveal-user-data/ http://www.megapanzer.com/2009/08/10/unanonymity-0-3-php-script-to-reveal-user-data/#comments Mon, 10 Aug 2009 22:25:25 +0000 carrumba http://www.megapanzer.com/?p=2576 Tool name : Unanonymity 0.3   Description : Unanonymity is a PHP script that collects all user data on the web server side and also on the web client side to show what kind of information the server owner can see from the user if they want.
In this release the LAN host scanner feature was implemented.   Tested on : Firefox 3.0.7 on Windows XP   Feedback : In case you encounter any problems with the tool, you have suggestions to improve it, or you tested it with a Windows version i’ve not yet tested please drop me an email.   Downloads : Binary | Source   Online example : Example ]]> http://www.megapanzer.com/2009/08/10/unanonymity-0-3-php-script-to-reveal-user-data/feed/ 2 Unanonymity 0.1 : PHP script to reveal user data http://www.megapanzer.com/2009/06/30/unanonymity-php-script-to-reveal-user-data/ http://www.megapanzer.com/2009/06/30/unanonymity-php-script-to-reveal-user-data/#comments Tue, 30 Jun 2009 16:48:43 +0000 carrumba http://www.megapanzer.com/?p=2187 Tool name : Unanonymity 0.1   Description : Unanonymity is a PHP script that collects all user data on the web server side and also on the web client side to show what information the server owner can see from the user if they want.
This is the first version of the script. In the next release I will analyze the Javascript portscanner to scan the users intranet and if feasible other suggestions if you leave a message.   Tested on : Firefox 3.0.7 on Windows XP   Feedback : In case you encounter any problems with the tool, you have suggestions to improve it, or you tested it with a Windows version i’ve not yet tested please drop me an email.   Downloads : Binary | Source   Online example : Example ]]> http://www.megapanzer.com/2009/06/30/unanonymity-php-script-to-reveal-user-data/feed/ 6