3.PHP-filters

Key Takeaways:

  • PHP Wrappers:

    • Allow access to I/O streams in PHP.

    • php:// scheme is used to access wrappers.

    • Useful for extending LFI and other web attacks.

  • PHP Filters:

    • A type of PHP wrapper.

    • php://filter/ is used to access filter wrappers.

    • resource parameter specifies the stream to filter.

    • read parameter specifies which filter to use.

  • Filter Types:

    • String Filters, Conversion Filters, Compression Filters, Encryption Filters.

    • convert.base64-encode is crucial for LFI source code disclosure.

  • Fuzzing for PHP Files:

    • Using tools like ffuf or gobuster to discover PHP files.

    • Scanning all HTTP response codes, including 301, 302, and 403.

    • Scanning the source code of discovered files for further PHP file references.

  • Standard PHP Inclusion vs. Source Code Disclosure:

    • Standard LFI execution renders PHP files as HTML.

    • convert.base64-encode allows reading the source code.

    • Essential for analyzing application logic and finding vulnerabilities.

  • Base64 Encoding and Decoding:

    • Using php://filter/read=convert.base64-encode/resource=filename to encode PHP files.

    • Decoding the base64 output to obtain the source code.

    • Using the linux command line tool base64 -d is shown as a good way to decode the output.

Additional Considerations:

  • Other PHP Filters:

    • While convert.base64-encode is most common, other filters can be useful in specific scenarios.

    • Understanding different filters can expand exploitation possibilities.

  • Error Handling:

    • Even with filters, error messages can reveal information.

    • Proper error handling is crucial for secure applications.

  • Security Best Practices:

    • Input validation and sanitization remain essential.

    • Disabling file inclusion or restricting it to specific files is recommended.

    • Principle of least privilege.

  • Defense in Depth:

    • WAFs can help detect and block LFI attacks.

    • Regular security audits and penetration testing are vital.

  • Encoding variations:

    • Other encoding methods exist. URL encoding, and other methods could be used in conjunction with the base64 encoding to attempt to bypass various filters.

  • Automating the process:

    • Writing scripts to automate the fuzzing, encoding, and decoding process can save time and improve efficiency.

Previous2.Basic-bypassesNext2.Remote Code Execution

Last updated