3.PHP-filters

Last updated 12 days ago

Key Takeaways:

:
- Allow access to I/O streams in PHP.
- php:// scheme is used to access wrappers.
- Useful for extending LFI and other web attacks.
- A type of PHP wrapper.
- php://filter/ is used to access filter wrappers.
- resource parameter specifies the stream to filter.
- read parameter specifies which filter to use.
Filter Types:
- String Filters, Conversion Filters, Compression Filters, Encryption Filters.
- convert.base64-encode is crucial for LFI source code disclosure.
Fuzzing for PHP Files:
- Using tools like ffuf or gobuster to discover PHP files.
- Scanning all HTTP response codes, including 301, 302, and 403.
- Scanning the source code of discovered files for further PHP file references.
Standard PHP Inclusion vs. Source Code Disclosure:
- Standard LFI execution renders PHP files as HTML.
- convert.base64-encode allows reading the source code.
- Essential for analyzing application logic and finding vulnerabilities.
Base64 Encoding and Decoding:
- Using php://filter/read=convert.base64-encode/resource=filename to encode PHP files.
- Decoding the base64 output to obtain the source code.
- Using the linux command line tool base64 -d is shown as a good way to decode the output.

Additional Considerations:

Other PHP Filters:
- While convert.base64-encode is most common, other filters can be useful in specific scenarios.
- Understanding different filters can expand exploitation possibilities.
Error Handling:
- Even with filters, error messages can reveal information.
- Proper error handling is crucial for secure applications.
Security Best Practices:
- Input validation and sanitization remain essential.
- Disabling file inclusion or restricting it to specific files is recommended.
- Principle of least privilege.
Defense in Depth:
- WAFs can help detect and block LFI attacks.
- Regular security audits and penetration testing are vital.
Encoding variations:
- Other encoding methods exist. URL encoding, and other methods could be used in conjunction with the base64 encoding to attempt to bypass various filters.
Automating the process:
- Writing scripts to automate the fuzzing, encoding, and decoding process can save time and improve efficiency.

Last updated 12 days ago

Key Takeaways:

:
- Allow access to I/O streams in PHP.
- php:// scheme is used to access wrappers.
- Useful for extending LFI and other web attacks.
- A type of PHP wrapper.
- php://filter/ is used to access filter wrappers.
- resource parameter specifies the stream to filter.
- read parameter specifies which filter to use.
Filter Types:
- String Filters, Conversion Filters, Compression Filters, Encryption Filters.
- convert.base64-encode is crucial for LFI source code disclosure.
Fuzzing for PHP Files:
- Using tools like ffuf or gobuster to discover PHP files.
- Scanning all HTTP response codes, including 301, 302, and 403.
- Scanning the source code of discovered files for further PHP file references.
Standard PHP Inclusion vs. Source Code Disclosure:
- Standard LFI execution renders PHP files as HTML.
- convert.base64-encode allows reading the source code.
- Essential for analyzing application logic and finding vulnerabilities.
Base64 Encoding and Decoding:
- Using php://filter/read=convert.base64-encode/resource=filename to encode PHP files.
- Decoding the base64 output to obtain the source code.
- Using the linux command line tool base64 -d is shown as a good way to decode the output.

Additional Considerations:

Other PHP Filters:
- While convert.base64-encode is most common, other filters can be useful in specific scenarios.
- Understanding different filters can expand exploitation possibilities.
Error Handling:
- Even with filters, error messages can reveal information.
- Proper error handling is crucial for secure applications.
Security Best Practices:
- Input validation and sanitization remain essential.
- Disabling file inclusion or restricting it to specific files is recommended.
- Principle of least privilege.
Defense in Depth:
- WAFs can help detect and block LFI attacks.
- Regular security audits and penetration testing are vital.
Encoding variations:
- Other encoding methods exist. URL encoding, and other methods could be used in conjunction with the base64 encoding to attempt to bypass various filters.
Automating the process:
- Writing scripts to automate the fuzzing, encoding, and decoding process can save time and improve efficiency.