PHP Object Injection

Object injection is a type of attack that allows arbitrary data to be written to variables in PHP classes.  This is a versatile attack that can potentially allow a broad range of compromises to the confidentiality or integrity of data as well as unauthorized access to server resources.  Object injection exploits functionality inherent to PHP classes as well as a supported method of storing variable data called serialization.  This article will provide a walkthrough of an object injection attack but first, a brief overview of its enabling components. Continue reading “PHP Object Injection”

Modifying PHP Session Variables

In my previous post regarding PHP session compromise, I demonstrated how a poorly configured session ID can be brute forced by an attacker.  In this post we shall look at how poor coding practices can also lead to session compromise without discovering a protected session ID.  This attack will be demonstrated against level 20 of the Natas hacking game. Continue reading “Modifying PHP Session Variables”

Brute Forcing PHP Session IDs

Natas is hacking game hosted at overthewire.org that centres around web application security.  Each level must be compromised by some means to reveal the password for the next level.  Below is a writeup of the method I used to penetrate the security of level 19.  I highly recommend this game to anyone interested in web application security. Continue reading “Brute Forcing PHP Session IDs”