Web Shells and Backdoors

glia

Glia is an open minded security professional with a wide interest in different security topics.

Latest posts by glia (see all)

Introduction

In April 2016 researchers of the Stony Brook University and Ruhr-University Bochum published a study about (malicious) PHP web shells with the title “No Honor among Thieves: A Large-Scale Analysis of Malicious Web Shells”. [1] Their goal was to analyze how many PHP web shells contain backdoors or other malicious functions not in the interest of the user. That has to be seen regardless of the fact that web shells are often used for malicious activities themselves.

Here we summarize their findings which in our opinion are of interest for the wider audience in security and penetration test Continue reading “Web Shells and Backdoors”

PHP: Exploitation with $_REQUEST while validating $_GET

SecMyth

After learning to inspect security from all perspectives from Prof. Pfitzmann at the University, I am now working as Penetration tester and IT Security Consultant since 2009. I have seen many many different applications, architectures and technologies since then.
Web Applications, Web Services, Oracle, MySQL, Linux, SAP R3 are my focus technologies, while my activities are widely spreaded: manual penetration tests, static code analysis, code reviews, consulting, project management

While penetration testing and code reviewing a customer’s web-application I came across an interesting bug I’m going to describe in this article.

The application in question supports third party plugins which often follow their own coding-conventions.
During code review, a Cross-Site scripting vulnerability was detected in one of those plugins:

<?php
echo "<a href='index.php?plugin=".$_REQUEST['plugin']."'>Link text</a>";
?>

Continue reading “PHP: Exploitation with $_REQUEST while validating $_GET”