Friday, June 17, 2011

MS11-050 exploit

http://d0cs4vage.blogspot.com/2011/06/insecticides-dont-kill-bugs-patch.html

Thursday, June 16, 2011

Example of getopts and HEREDOC in shell script

#!/bin/sh
prog=`basename $0`

usage () {
        msg=$1
        cat <<EOT
usage: $prog [-h][-y][-r <message>]

$msg

EOT

#
# handle options here
#
reportFlag=0
yesFlag=0
reportMessage='none'
while getopts 'hr:y' OPTION
do
        case $OPTION in
        h)      helpFlag=1
                ;;
        r)      reportFlag=1
                reportMessage="$OPTARG"
                ;;
        y)      yesFlag=1
                ;;
        ?)      usage "Unknown arg [$NAME]" ; exit 1; shift;
                ;;
        esac
done

shift $(($OPTIND - 1))

if [ "$helpFlag" ]
then
        usage "Help called."
        exit 0
fi

cat <<EOT

The report flag is $reportFlag and reportMessage is "$reportMessage".
The yes flag is $yesFlag.

EOT

Monday, June 13, 2011

Some php best practices


Set the open_basedir to the web root. That way PHP can't execute elsewhere (especially in /tmp).

disable_functions = php_uname, getmyuid, getmypid, passthru, leak, listen, diskfreespace, tmpfile, link, ignore_user_abord, shell_exec, dl, set_time_limit, exec, system, highlight_file, source, show_source, fpaththru, virtual, proc_open, proc_close, proc_get_status, proc_nice, proc_terminate, phpinfo

Really no need for most of those functions and while phpinfo can be useful for troubleshooting and version checking, it's great recon as well. Exec and system commands are equally powerful and userful as well. Posix_* commands should be depreciated but they're not so nuke those as well (not shown above)

Turn off errors (display_errors = off)

Turn off register globals (register_globals = off). There is so much wrong with this feature and yet it was default to on in early 4.x and all of 3.x. Scary.

File uploads are a mixed bag. On one hand it's useful on the other it's easy to upload and then execute if you know the path to the upload directory. For things like vBulletin / SMF / phpBB it's easy to upload files, pictures and so on that way. For professional apps, using a java applet is better served here for file handling. It's 6 one and 1/2 dozen the other though. (file_uploads = off). If you do allow uploads, store them outside of the web root, set a max size and manually (or script) move them after they've been verified.

Don't allow remote includes (allow_url_fopen = off and allow_url_include = off)

Run PHP as a CGI versus CLI

Don't rely on safe_mode. It's a joke and doesn't do what people expect/think it does. That and it's being removed in v6 anyways

There's more but beyond that one has to look at the Apache/Lighttpd/LiteSpeed/IIS config as well since the two largely go hand in hand. Making sure your httpd.conf and .htaccess templates are solid are just as important. You can also delve into the need to "fix" the /tmp directory and any shared memory as well.