Nepal PHP Users Group (NPUG)

In this paper, Stefan Esser discuss the different protections an attacker faces in hardened PHP environments, after succeeded in executing arbitrary PHP code. He introduce new techniques to overcome most of them by the use of local PHP exploits. He demonstrate how info leak and memory corruption vulnerabilities can be combined to enable PHP applications to read and write arbitrary memory. He will show step by step how important memory structures can be leaked and manipulated in order to deactivate or overcome protections.

A group of researchers from MIT, Stanford, and Syracuse has developed a new program, named 'Ardilla,' which can analyze PHP code for cross-site scripting (XSS) and SQL injection attack vulnerabilities.

Experts from more than 30 US and international cyber security organizations jointly released the consensus list of the 25 most dangerous programming errors that lead to security bugs and that enable cyber espionage and cyber crime. Shockingly, most of these errors are not well understood by programmers; their avoidance is not widely taught by computer science programs; and their presence is frequently not tested by organizations developing software for sale. The impact of these errors is far reaching.

PHP version 5.2.7 has been removed from distribution because of a security issue that affects certain configurations. According to a notice from the Apache-backed project,  PHP users should use version 5.26 until PHP 5.2.8 is released with a fix for this issue.