‘Articles & Tools’

Article: Virtual Meta-Scripting Bytecode for PHP and JavaScript

May 31st, 2010

As a last minute addition to the Month of PHP Security we present an article by Ben Fuhrmannek about virtual meta-scripting bytecode for PHP and JavaScript.
(more…)

MOPS Submission 10: How to manage a PHP application’s users and passwords

May 26th, 2010

It is time to present you the tenth and last external MOPS submission. It is an article by Solar Designer describing in length how to manage PHP application’s users and passwords.
(more…)

MOPS Submission 09: RIPS – A static source code analyser for vulnerabilities in PHP scripts

May 24th, 2010

During the last hours of the CFP we received the following MOPS submission by Johannes Dahse. It is a static code analysing tool for PHP based on the tokenizer extension.
(more…)

MOPS Submission 08: Configuration Encryption Patch for Suhosin

May 22nd, 2010

Today it is time to present you the eighth external MOPS submission. It is an article by Juergen Pabel describing a new feature for the Suhosin Extension that allows encrypting configuration strings.
(more…)

MOPS Submission 07: Our Dynamic PHP – Obvious and not so obvious PHP code injection and evaluation

May 20th, 2010

Today we want to present you the seventh external MOPS submission. It is an article about usual and unusual PHP code execution vulnerabilities sent in by Arthur Gerkis.
(more…)

MOPS Submission 06: Variable Initialization in PHP

May 17th, 2010

Today we want to present you the sixth external MOPS submission. It is the second article sent in by Jakub Vrana. This one is about variable initialization in PHP.
(more…)

Article: Decoding a User Space Encoded PHP Script

May 13th, 2010

Today we present you a short article about how to decode a PHP file encoded with the php-crypt.com PHP encoder. This article was written today by Stefan Esser after having seen an advertisement for php-crypt in the Xing PHP Development Forum.
(more…)

MOPS Submission 05 – The Minerva PHP Fuzzer

May 11th, 2010

Today it is time for the fifth external MOPS submission. It it the second submission by Mateusz Kocielski, an article about his PHP fuzzer called Minerva.
(more…)

MOPS Submission 04 – Generating Unpredictable Session IDs and Hashes

May 9th, 2010

Today we want to present you the fourth external MOPS submission. It was submitted by Jordi Boggiano and explains how to generate unpredictable session ids and hashes in PHP.
(more…)

MOPS Submission 03 – sqlite_single_query(), sqlite_array_query() Uninitialized Memory Usage

May 7th, 2010

Today we want to present you the third external MOPS submission. It is the first of two submissions sent in by Mateusz Kocielski. This one is a detailed explanation about how to exploit the sqlite_single_query() and sqlite_array_query() uninitialized memory usage.
(more…)