EHS Blog
Home  
 
 
  Previous 10 Posts
  - Komodo 101
  - Adding Fresh Blood to the Bleeding Edge of Web Development with Komodo 4.1.1
  - ActiveState Hackathon: Get Your Boss to Do This!
  - Google hack to instantly search for files
  - 10 JSP tag libraries no programmer should be without
  - Learning the JavaFX way of doing things
  - Using JavaFX Script for UI Declarations
  - Unicode support in JavaFX Script
  - Could you cut your development time in half?
  - Cookie Handling
   

 
Categories


Web Hosting
Website Design
PHP
Perl
JSP
   

 
Archives

No Records !!!
   
 

6 7 8 9 10 11 12 13 14 15 16 17 

 
Google for me and get Zend
at 2007-08-12 15:10:20

Brought to you from one of the comments in my blog.



Google for "Stefan Esser" and get a sponsored link for Zend.


http://www.google.com/search?q=%22Stefan+Esser%22


Update: It seems for now their budget is gone. My name is free again. Chunk_split() Overflow not fixed at all...
at 2007-08-12 15:10:20

If you are one of the guys that read the PHP CVS commits you usually know about the security bugs months before the rest of the community and this is no news for you. During the last 24h the following fix was merged into the PHP CVS.

Corrected fix for CVE-2007-2872


This fixes the chunk_split() overflow (found by SEC-CONSULT) that was according to the PHP 5.2.3 release notes already fixed. The original fix was however not only broken but complete nonsense. If you can read C you will see that the integer overflow was not fixed in PHP 5.2.3 but simply moved into a separate line and an additional bogus if clause was added.<



What site do you want to break today?
at 2007-08-12 15:10:20

I just came back home and saw a very recent commit to PHP's session management. It is another attempt to fix the session cookie attribute injection that the PHP developers already tried to fix in PHP 5.2.3 without giving any credits. They still refuse to implement the correct fix that consists of just encoding the session id before sending it back through the cookie.


The amusing thing this time is that their new fix that consists of blacklisting a bunch of legal characters from the session id, will most probably result in hundreds or thousands of broken sites. What is even more funny is that the commit comes from a Zend employee that blacklists the ':' character from being used in the session id. The last time I audited the



BlogSecurity Interview
at 2007-08-12 15:10:20


Two days ago I was interviewed by the people of BlogSecurity about my thoughts about WordPress, their vulnerabilities and how they deal with them. The interview is meanwhile online.




About the CSRF Redirector
at 2007-08-12 15:10:20

You might have seen this post in Chris blog about a CSRF redirector he did. This is basically nothing more than a little script that turns a GET request into a hidden formular that is then posted via JavaScript. There have always been security issues with redirector scripts, and if you provide one open to anyone, you should care about what kind of redirects you actually allow.


Two major risks happen to exists with chris example:

  1. Malicious people could misuse them as bouncers to attack other sites
  2. Not every URL is a web page. Some can load plugins, display information and
    some can execute JavaScript.

Here is an example URL:


http://shiflett.org/csrf.php?csrf=javascript:alert(/I_AM_A_SECURITY_EXPERT/)





 

6 7 8 9 10 11 12 13 14 15 16 17 


Check Out Amazon