2011-03-22:

PHP security, some links

php:security
Several links I've received in the last few days, related to PHP security.

PHP filesystem attack vectors
PHP filesystem attack vectors - Take Two

Local File Inclusion (LFI) of session files to root escalation
Shared hosting "file" handler PHP session dumper
LFI2RCE (Local File Inclusion to Remote Code Execution) advanced exploitation: /proc shortcuts

HTTP HEAD method trick in php scripts
Overriding $_FILES array during uploading multiple files in php.

That's that,

Add a comment:

Nick:
URL (optional):
Math captcha: 9 ∗ 9 + 6 =