SlideShare is now on Android. 15 million presentations at your fingertips.  Get the app

×
  • Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
 

SyScan Singapore 2010 - Returning Into The PHP-Interpreter

by on Jul 15, 2010

  • 7,448 views

Among web application security experts there is the popular believe that low level vulnerabilities like buffer overflows and other kinds of memory corruption vulnerabilities do not matter for web ...

Among web application security experts there is the popular believe that low level vulnerabilities like buffer overflows and other kinds of memory corruption vulnerabilities do not matter for web application security. In addition to that the increasing use of exploit mitigation techniques on modern web servers make many believe that exploiting remote memory corruptions in webserver software is over. But is it really?

This talk will introduce the idea of returning into the PHP interpreter from memory corruption vulnerabilities and discuss the requirements and feasibility of different ways to do that. This idea will then be applied to a yet undisclosed PHP vulnerability, which is exposed to remote attackers in several widespread PHP applications. Different aspects of this vulnerability will be analyzed and it will be explained how they can be abused in remote information leak and memory corruption exploits. The creation of such a remote code execution exploit will then be detailed step by step.

Statistics

Views

Total Views
7,448
Views on SlideShare
7,448
Embed Views
0

Actions

Likes
0
Downloads
98
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via SlideShare as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
Post Comment
Edit your comment

SyScan Singapore 2010 - Returning Into The PHP-Interpreter SyScan Singapore 2010 - Returning Into The PHP-Interpreter Presentation Transcript