How security flaws in PHP's core can affect your application

20 Jul 2017 by Dr. Johannes Dahse
PHP Core Security

Popular security vulnerabilities occur due to bad coding practices or coding mistakes. Often a single missing character or incautiously used language feature opens the gates for an external attacker. But even when all best practices for secure programming are carefully adhered to, a PHP application’s source code is only as secure as the PHP interpreter it runs on. In this post, we will see how memory corruption bugs in the PHP core itself can affect an application’s security.

Read More ...

What we learned from our Advent Calendar

24 Dec 2016 by Johannes Dahse

Advent

In this years Advent of PHP Application Vulnerabilities (APAV), we examined 36 critical security issues which were detected in 19 different PHP applications by our code analysis solution RIPS. In our final post, we would like to summarize what we learned during this thrilling advent time. We reveal how the affected vendors reacted to our reportings behind the scenes. Was it right to publish all these sensitive issues? What conclusions can we draw about the security state of PHP applications from our findings?

Read More ...

OpenConf 5.30 - Multi-Step Remote Command Execution

17 Dec 2016 by Johannes Dahse

OpenConf

Today, we present a multi-step command execution vulnerability in the popular conference management software OpenConf. The vulnerability was reported and fixed a while ago, but the chain of 4 exploitation steps involved makes it a very interesting vulnerability sample for our advent calendar. 4 - 3 - 2 - 1 …

Read More ...

phpBB 2.0.23 - From Variable Tampering to SQL Injection

13 Dec 2016 by Johannes Dahse

phpBB

In our 12th advent calendar gift, we would like to cover an exciting SQL injection in phpBB2. Although phpBB2 was replaced by its successor phpBB3, it is still one of the most popular bulletin boards. RIPS detected a less severe but very beautiful SQL injection vulnerability that bases on a PHP quirk we will examine in detail in this post.

Read More ...

Introducing the RIPS analysis engine

4 Dec 2016 by Johannes Dahse

RIPS

In today’s post, we would like to share some insights into our static code analysis engine RIPS that detected the security bugs described in the previous and upcoming calendar gifts. The engine has a long history and went through several generations before reaching its current performance. What does it actually do within the few seconds after you click on the scan button and the first vulnerability report pops up? How can a security vulnerability be automatically detected in source code? Let’s have a look.

Read More ...