Where has all the security gone?
Results 1 to 3 of 3

Thread: Where has all the security gone?

  1. #1
    Banned
    Join Date
    Jun 2002
    Posts
    458

    Where has all the security gone?

    I looked at the main page and saw that nothing was really about security, at least not much, so I decided to post something.
    I recently heard about the php post exploit, and I gotta tell you, it really confuses me, I always use the post method because that way when I have somebody fill out a form it doesn't put all their answers in the address bar. So what I don't understand is how people can exploit the post method, because post doesn't put anything in front of the user to manipulate, I know how get requests can be changed to do some odd things, since get requests put all the input in the address bar, but I really don't understand how this post exploit works. I don't want to know how to exploit pages, but basically, could somebody go around and screw with my server because I use post?? Thanks. By the way, I would say I'm an intermediate user of php, so plz don't post something over my head.

    EDIT:
    Sorry about the misleading title

  2. #2
    Senior Member
    Join Date
    Apr 2002
    Posts
    889
    The PHP exploit and there have been a few effect Apachie web serving software and they have issued patches. Do a googile search and you can find most if not all the info you want. Unless you run Apachie then the PHP issue may not be of concern. You kno your server software just keep up on patches, apply them then read how the exploit works.
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg

  3. #3
    Senior Member
    Join Date
    Jun 2002
    Posts
    165
    the fundamental difference between the two methods is illustrated below.

    a get request might look similar to this:

    ===============================
    GET /showthread.php?s=&threadid=233148
    Host: www.antionline.com
    Keep-alive: true

    ===============================

    the same request as url-form encoded post response might appear as:

    ===============================
    POST /showthread.php
    Host: www.antionline.com
    Keep-alive: true
    Content-length: 20

    s=&threadid=233148
    ===============================

    post data could also be sent in a multipart mime type as well.

    basically, no matter what http method or enctype is used - the data is being sent, read and interpretted - leaving room for vulnerabilities. one thing to note is that standard web service architectures store the query string from a get request as an environment variable and leave the post data retrieval up to the specified handler (ie. php).

    as far as accessing post variables from the form to create chaos - a number of methods can be used. the most common is telnet - ie. simulating a http session. another might be an inline request editor like webproxy from @stake. and yet another option would be to use the provided form or a modified local copy of it. the only real security that a 'post' offers over a 'get' is for an over-the-shoulder attack. it has no bearing on server outside of any specific flaws in the implementation of how that data is read and interpretted such as the one in your topic.
    -droby10

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides