Advisory 03/2009: Piwik Cookie unserialize() Vulnerability
Wednesday, December 9th, 2009I released an important advisory about a remotely exploitable unserialize() vulnerability in Piwik today. SektionEins GmbH ...
Archive for the ‘PHP’ Category
I released an important advisory about a remotely exploitable unserialize() vulnerability in Piwik today. SektionEins GmbH ...
SektionEins PHP Security Poster
Saturday, November 28th, 2009My company SektionEins that is specialised in web application security audits, consulting and trainings has finished the english translation of the PHP Security Poster. This poster is send out for free to interested PHP programmers (until out of stock). The poster is of DIN A0 size and details the most ...
RSS09: Web Application Firewall Bypasses and PHP Exploits
Saturday, November 28th, 2009At yesterday's RSS09 conference I gave a slightly different version of my "Shocking News in PHP Exploitation" talk. This time I disclosed for the first time how unserializing user input in Zend Framework based applications can result in direct remote PHP code execution. The topics of my talk were easy ways to ...
Shocking News in PHP Exploitation
Saturday, November 28th, 2009On 5th of November I gave a talk titled "Shocking News in PHP Exploitation" at the Powerofcommunity hacking/security conference in Seoul, South Korea. Afterwards I uploaded my slides to this server but only distributed the link through twitter. I totally forgot about announcing the slides in my blog. The topics of ...
Speaking at POC 2009
Thursday, September 24th, 2009This year I will return to Power of Community in Seoul and present a session about state of the art exploitation of PHP applications and servers. Unlike my Syscan and Blackhat talk I will also demonstrate how to find unusual code execution vulnerabilities and how to tunnel attacks through web ...
Suhosin Patch 0.9.8 for PHP 5.3.0 *BETA* - Please Test
Thursday, August 13th, 2009It has been several weeks between the release of PHP 5.3.0 and now and I haven't released a stable Suhosin Patch for PHP 5.3.0 yet. The reason for this was that I was away from my development machine with a half ready new generation of Suhosin Patch waiting to be ...
State of the Art Post Exploitation in Hardened PHP Environments
Wednesday, August 12th, 2009I am finally back in germany after several weeks in foreign countries like singapore, taiwan and the USA. In all three countries I gave a presentation titled "State of the Art Post Exploitation in Hardened PHP Environments" that discusses a certain flaw in the design of the Zend Engine that ...
Dutch PHP Conference: The Slides
Tuesday, June 16th, 2009At this years Dutch PHP Conference I presented a PHP Security Crash Course for beginners and a session about secure programming with the Zend Framework. You can download all the slides from here. PHP Security Crash Course for beginners Part I - Introduction Part II - XSS Part III -CSRF Part IV - SQL Security Part ...
Speaking at Blackhat Briefings 2009 in Las Vegas
Sunday, June 7th, 2009Three weeks after I present my research about advanced post exploitation in hardened PHP environments at SyScan in Singapore and Taipei, I will present a similar session at this year's Blackhat Briefings 2009 in Las Vegas. The session will be a little bit different from the one at SyScan because ...
Speaking at SyScan 2009 Singapore and Taipei
Tuesday, April 28th, 2009I will present a session at this year's SyScan 2009 in Singapore and also in Taipei. The session is about my research into advanced post exploitation in hardened PHP environments. If you want to see some PHP memory corruption voodoo you should see it. Session: State of the Art Post ...