it's known, quick, re-usable
sql injection, for example, is fairly straighforward in php. initiating with post is a bit tricker to test that get, so use a form with the action set to the target. more cleverly, use php http client functions (stream_context_create, curl or similar) to generate attacks.
- addslashes() can help escape quotes but needs to be implemented properly. you'll need to handle multibyte characters too. and attacks that end /*
- beware versions of php which lie about magic_quotes
- dos via failure to release resources, writing user data to disk, HEAD method calls to the server, locking accounts
- smtp injection to make spam, adding extra smtp headers via subject lines requires sanitisation, validation
- direct eval() injection
... low battery. back later ...
Subscribe to:
Post Comments (Atom)
1 comment:
This is cool!
Post a Comment