| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAH72vijGd=DCKEsERmCkf-OH+3nHiGPCV65n66NkUSBSGpF6cg@mail.gmail.com>
Date: Wed, 6 Mar 2013 08:46:31 +0100
From: Źmicier Januszkiewicz <gauri@....by>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: SANS PHP Port Scanner Remote Code Execution
Dear list,
Well, I suppose this had to be a proof-of-concept piece of code to
demonstrate how port scanning can be done in PHP, not a production-grade
software. Adding input sanitization would increase the code size by a lot
and obscure the concept somewhat (not that there is much to be said anout
the concept though). Think we can give the dude some discount for that.
Nevertheless, seeing something like this coming from "Certified Ethical
Hacker and Security + certified" makes me doubt the worthness of those
certificates. Could be nice to know the exact naming of those certificates
to properly disregard them in the future.
With best regards,
Z.
2013/3/6 laurent gaffie <laurent.gaffie@...il.com>
> http://resources.infosecinstitute.com/php-build-your-own-mini-port-scanner/
>
> Finding the vulnerability in this code is left as an exercise to the
> reader.
>
> PS: "*Your comment will be awaiting moderation forever."*
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists