本文共 3003 字,大约阅读时间需要 10 分钟。
it is 21th of May. The Month of PHP Security
() is still running and we have reached avulnerability count of 40 vulnerabilities, which is nearly as much as wedisclosed during the whole Month of PHP Bugs in 2007. However there are11 more days until the end of May and therefore there are still plentyof more vulnerabilities to come. Escpecially the amount of SQL injectionvulnerabilites in PHP applications will increase, because it is calledSQL injection marathon for a reason. And we also have several articlesand submissions left.There have been some changes to the website that should make it easier
to read and we also added the possiblity to comment on bugs/entries/newsand articles.For those that don't already know you can follow the Month of PHP
Security on Twitter, too. Just follow @mops_2010Here is the summary of what happened during the last 10 days.
Related Events
--------------Returning into the PHP Interpreter – Remote Exploitation of Memory
Corruptions in PHP is not over, yet.PHP Security Course – Advanced PHP Auditing at Source and Bytecode level
Articles--------MOPS Submission 07: Our Dynamic PHP – Obvious and not so obvious PHP
code injection and evaluationMOPS Submission 06: Variable Initialization in PHP
Article: Decoding a User Space Encoded PHP Script
MOPS Submission 05 – The Minerva PHP Fuzzer
PHP Vulnerabilities-------------------MOPS-2010-040: PHP strtr() Interruption Information Leak Vulnerability
MOPS-2010-039: PHP strpbrk() Interruption Information Leak Vulnerability
MOPS-2010-038: PHP http_build_query() Interruption Information Leak
VulnerabilityMOPS-2010-037: PHP str_getcsv() Interruption Information Leak Vulnerability
MOPS-2010-036: PHP htmlentities() and htmlspecialchars() Interruption
Information Leak VulnerabilityMOPS-2010-034: PHP iconv_mime_encode() Interruption Information Leak
VulnerabilityMOPS-2010-033: PHP iconv_substr() Interruption Information Leak
VulnerabilityMOPS-2010-032: PHP iconv_mime_decode() Interruption Information Leak
VulnerabilityMOPS-2010-028: PHP phar_wrapper_open_url Format String Vulnerabilities
MOPS-2010-027: PHP phar_parse_url Format String Vulnerabilities
MOPS-2010-026: PHP phar_wrapper_unlink Format String Vulnerability
MOPS-2010-025: PHP phar_wrapper_open_dir Format String Vulnerability
MOPS-2010-024: PHP phar_stream_flush Format String Vulnerability
MOPS-2010-022: PHP Stream Context Use After Free on Request Shutdown
VulnerabilityMOPS-2010-021: PHP fnmatch() Stack Exhaustion Vulnerability
PHP Application Vulnerabilities-------------------------------MOPS-2010-035: e107 BBCode Remote PHP Code Execution Vulnerability
MOPS-2010-031: e107 Usersettings loginname SQL Injection Vulnerability
(UPDATED)MOPS-2010-030: CMSQlite mod Parameter Local File Inclusion Vulnerability
MOPS-2010-029: CMSQlite c Parameter SQL Injection Vulnerability
MOPS-2010-023: Cacti Graph Viewer SQL Injection Vulnerability
Thank youStefan EsserMonth of PHP Security / php-security.org
SektionEins GmbH /转载地址:http://yoqmb.baihongyu.com/