Re: [mod-security-users] How to prevent to see containsofdisable_functions by a php script ?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] How to prevent to see containsofdisable_functions by a php script ?
|
From: Ryan B. <Ryan.Barnett@Breach.com> - 2007-07-11 15:18:12
|
Is the goal that you want to prevent the text terms "php_uname" and
"phpinfo" from leaving your site? While you can certainly setup
ModSecurity rules running in phase:4 to identify these terms in outbound
data, you should really be concerned with the actual results of these
commands. You could create some ModSecurity rules to monitor outbound
data for strings such as "phpinfo()" in the title of the html, etc...
=20
Actually, these are some of the types of Platform specific rules (PHP,
ASP, .NET, etc...) that we already have in the Breach Commercial
"Enhanced Ruleset" that comes with the ModSecurity Pro Appliance (M1000)
and is also available to ModSecurity Support Customers (who are running
open source ModSecurity themselves but want commercial Support).=20
=20
--=20
Ryan C. Barnett
ModSecurity Community Manager
Breach Security: Director of Application Security Training
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache
=20
=20
________________________________
From: Yavuz Maslak [mailto:yav...@ih...]=20
Sent: Wednesday, July 11, 2007 10:26 AM
To: Ryan Barnett; mod...@li...
Subject: Re: [mod-security-users] How to prevent to see
containsofdisable_functions by a php script ?
=20
OK. Let me explain,
=20
My disable_functions line in php.ini file, has
"php_uname,phpinfo,etc..."
I have a domain in the server.
I made a file called test.php
The test.php contains ;
<?php
echo "Disable functions : <b>";
if(''=3D=3D($df=3D@ini_get('disable_functions'))){echo
<mailto:$df=3D@ini_get('disable_functions')))%7becho> "<font
color=3Dgreen>NONE</font></b>";}else{echo "<font
color=3Dblack>$df</font></b>";}
?>
=20
When I call that web address that www.test.com/test.php I can see as
below;
=20
Disable functions : php_uname,phpinfo....
=20
I want above line not to be able to see.
=20
Thanks
=20
=20
----- Original Message -----=20
From: Ryan Barnett <mailto:Ryan.Barnett@Breach.com> =20
To: Yavuz Maslak <mailto:yav...@ih...> ;
mod...@li...=20
Sent: Wednesday, July 11, 2007 5:20 PM
Subject: RE: [mod-security-users] How to prevent to see
containsofdisable_functions by a php script ?
=20
=20
=09
________________________________
From: mod...@li...
[mailto:mod...@li...] On Behalf Of
Yavuz Maslak
Sent: Wednesday, July 11, 2007 10:14 AM
To: mod...@li...
Subject: Re: [mod-security-users] How to prevent to see
containsofdisable_functions by a php script ?
=20
I think, I couldn't explain this issue.
=20
I put some commands disable_functions in the php.ini such as
php_uname,phpinfo,myshellexec etc..
I have a domain in the server. I can see the functions I put in
the line of disable_functions in the php.ini.
[Ryan Barnett] What exactly do you mean by "I can see the
functions I put in the line of disable_functions in the php.ini"?
Can you demonstrate exactly what you are doing and seeing?
=20
How to prevent that case ?
Thanks
=20
----- Original Message -----=20
From: Bunyamin DEMIR <mailto:bun...@gm...> =20
To: Yavuz Maslak <mailto:yav...@ih...> =20
Cc: Ryan Barnett <mailto:Rya...@br...> ;
mod...@li...=20
Sent: Wednesday, July 11, 2007 3:42 PM
Subject: Re: [mod-security-users] How to prevent to see
contains ofdisable_functions by a php script ?
=20
Hi Yauz,
=09
> I am not sure I understand your question.=20
=09
me too... But maybe you can look
http://ca3.php.net/features.safe-mode=20
=09
=09
Ps: Safe Mode was removed in PHP 6.0.0.
=09
=09
2007/7/11, Ryan Barnett <Rya...@br...>:=20
I am not sure I understand your question. Are you
trying to prevent people from seeing the information returned from the
"phpinfo();" function?
=20
--=20
Ryan C. Barnett
ModSecurity Community Manager
Breach Security: Director of Application Security
Training
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache=20
=20
=20
=09
________________________________
From: mod...@li...
[mailto:mod...@li...] On Behalf Of
Yavuz Maslak
Sent: Wednesday, July 11, 2007 7:04 AM
To: mod...@li...
Subject: [mod-security-users] How to prevent to see
contains ofdisable_functions by a php script ?
=20
Hello
=20
I use modsecurity2
=20
How to prevent to see contains of disable_functions by a
php script ?
=09
=09
------------------------------------------------------------------------
-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express
and take
control of your XML. No limits. Just data. Click to get
it now.=20
http://sourceforge.net/powerbar/db2/
_______________________________________________
mod-security-users mailing list=20
mod...@li...
=09
https://lists.sourceforge.net/lists/listinfo/mod-security-users
=09
=09
=09
--=20
Bunyamin Demir
OWASP-Turkey Chair
http://www.webguvenligi.org=20
|