Get your server issues fixed by our experts for a price starting at just 25 USD/Hour. Click here to register and open a ticket with us now!

Author Topic: ET WEB_SERVER PHP tags in HTTP POST  (Read 2438 times)

0 Members and 1 Guest are viewing this topic.

nidhinjo

  • Guest
ET WEB_SERVER PHP tags in HTTP POST
« on: June 16, 2018, 07:09:56 pm »
Web Server PHP tags in HTTP POST attack as the name implies it's an HTTP code poisoning method. Here the attacker normally concentrates on the HTTP code. The attacker will send PHP code in the HTTP request body, and he is trying to have that code executed by your web server.

The php://input references the request body or POST data. The auto_prepend_file directive allows the script to include PHP code in the same way that include() and require() work. If successful, the uploaded code would be prepended and executed. The payload most likely contains a back-door script and some code to call home to let the developer know that a hack was successful. Through this method hackers can make a cross site scripting attack, that can cause money lost, Attacker'sdata lost etc.

For example,
The code has a download.php module that reads and lets the user download files, using a CGI parameter to specify the file name (e.g., download.php?file=something.txt). Either by mistake or due to laziness, the developer omitted authorization from the code. The attacker can now use this to download any system files that the user running PHP has access to, like the application code itself or other data left lying around on the server, like backups. The attackers add their own scripts and they can add illegal contents in the website framework, that will lead us to money loss and etc. The Websites are mainly working with GET and POST method, these method is are being corrupted by the hacker for his needs. First the hacker will try to find new a vulnerable patch in the website programming code, once they found anything vulnerable they will try to add there PHP code.

Prevention

1) In order to prevent these kinds of vulnerabilities, an extensive and proper input validation should be performed.
2) Using of Web Vulnerability Scanner, It scans any website or web application for HTTP Parameter Pollution vulnerabilities, reveals the relevant information for the user, such as the vulnerability location and suggests remediation techniques.
3) Restrict CR and LF from the user input or properly encode the output in order to prevent the injection of custom HTTP headers.
4) Ensure the server security patches are up to date and that the current stable version of the software is in use.
5) Do not allow newline characters in input. Where possible use strict white listing.

====================================== :) ==============================================