Re: [mod-security-users] How to prevent to see containsofdisable_functions by a php script ?
Brought to you by:
victorhora,
zimmerletw
From: Ryan B. <Ryan.Barnett@Breach.com> - 2007-07-11 15:18:12
|
Is the goal that you want to prevent the text terms "php_uname" and "phpinfo" from leaving your site? While you can certainly setup ModSecurity rules running in phase:4 to identify these terms in outbound data, you should really be concerned with the actual results of these commands. You could create some ModSecurity rules to monitor outbound data for strings such as "phpinfo()" in the title of the html, etc... =20 Actually, these are some of the types of Platform specific rules (PHP, ASP, .NET, etc...) that we already have in the Breach Commercial "Enhanced Ruleset" that comes with the ModSecurity Pro Appliance (M1000) and is also available to ModSecurity Support Customers (who are running open source ModSecurity themselves but want commercial Support).=20 =20 --=20 Ryan C. Barnett ModSecurity Community Manager Breach Security: Director of Application Security Training Web Application Security Consortium (WASC) Member CIS Apache Benchmark Project Lead SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC Author: Preventing Web Attacks with Apache =20 =20 ________________________________ From: Yavuz Maslak [mailto:yav...@ih...]=20 Sent: Wednesday, July 11, 2007 10:26 AM To: Ryan Barnett; mod...@li... Subject: Re: [mod-security-users] How to prevent to see containsofdisable_functions by a php script ? =20 OK. Let me explain, =20 My disable_functions line in php.ini file, has "php_uname,phpinfo,etc..." I have a domain in the server. I made a file called test.php The test.php contains ; <?php echo "Disable functions : <b>"; if(''=3D=3D($df=3D@ini_get('disable_functions'))){echo <mailto:$df=3D@ini_get('disable_functions')))%7becho> "<font color=3Dgreen>NONE</font></b>";}else{echo "<font color=3Dblack>$df</font></b>";} ?> =20 When I call that web address that www.test.com/test.php I can see as below; =20 Disable functions : php_uname,phpinfo.... =20 I want above line not to be able to see. =20 Thanks =20 =20 ----- Original Message -----=20 From: Ryan Barnett <mailto:Ryan.Barnett@Breach.com> =20 To: Yavuz Maslak <mailto:yav...@ih...> ; mod...@li...=20 Sent: Wednesday, July 11, 2007 5:20 PM Subject: RE: [mod-security-users] How to prevent to see containsofdisable_functions by a php script ? =20 =20 =09 ________________________________ From: mod...@li... [mailto:mod...@li...] On Behalf Of Yavuz Maslak Sent: Wednesday, July 11, 2007 10:14 AM To: mod...@li... Subject: Re: [mod-security-users] How to prevent to see containsofdisable_functions by a php script ? =20 I think, I couldn't explain this issue. =20 I put some commands disable_functions in the php.ini such as php_uname,phpinfo,myshellexec etc.. I have a domain in the server. I can see the functions I put in the line of disable_functions in the php.ini. [Ryan Barnett] What exactly do you mean by "I can see the functions I put in the line of disable_functions in the php.ini"? Can you demonstrate exactly what you are doing and seeing? =20 How to prevent that case ? Thanks =20 ----- Original Message -----=20 From: Bunyamin DEMIR <mailto:bun...@gm...> =20 To: Yavuz Maslak <mailto:yav...@ih...> =20 Cc: Ryan Barnett <mailto:Rya...@br...> ; mod...@li...=20 Sent: Wednesday, July 11, 2007 3:42 PM Subject: Re: [mod-security-users] How to prevent to see contains ofdisable_functions by a php script ? =20 Hi Yauz, =09 > I am not sure I understand your question.=20 =09 me too... But maybe you can look http://ca3.php.net/features.safe-mode=20 =09 =09 Ps: Safe Mode was removed in PHP 6.0.0. =09 =09 2007/7/11, Ryan Barnett <Rya...@br...>:=20 I am not sure I understand your question. Are you trying to prevent people from seeing the information returned from the "phpinfo();" function? =20 --=20 Ryan C. Barnett ModSecurity Community Manager Breach Security: Director of Application Security Training Web Application Security Consortium (WASC) Member CIS Apache Benchmark Project Lead SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC Author: Preventing Web Attacks with Apache=20 =20 =20 =09 ________________________________ From: mod...@li... [mailto:mod...@li...] On Behalf Of Yavuz Maslak Sent: Wednesday, July 11, 2007 7:04 AM To: mod...@li... Subject: [mod-security-users] How to prevent to see contains ofdisable_functions by a php script ? =20 Hello =20 I use modsecurity2 =20 How to prevent to see contains of disable_functions by a php script ? =09 =09 ------------------------------------------------------------------------ - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now.=20 http://sourceforge.net/powerbar/db2/ _______________________________________________ mod-security-users mailing list=20 mod...@li... =09 https://lists.sourceforge.net/lists/listinfo/mod-security-users =09 =09 =09 --=20 Bunyamin Demir OWASP-Turkey Chair http://www.webguvenligi.org=20 |