SlideShare ist ein Scribd-Unternehmen logo

Php manish

Als PPT, PDF herunterladen
M
Manish Jain

PHP : Variable

BildungTechnologie
1 von 29
 
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],PHP Tainted variables
PHP Tainted variables Application Client host Web browser Application Server host Web server user dbms Applications written in HTML, Javascript, Java, (Flash, pdf, doc, ppt) Applications written in PHP, ASP, Java, Perl, Ruby, Haskell, (SQL, Shell) Server Client
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],PHP Tainted variables
[object Object],[object Object],[object Object],PHP Tainted variables <html> <body> <?php echo &quot; Hello, &quot; . $_GET[ ' name ' ] ; ?> Static hypertext... </body> </html> Hello, Wietse Static hypertext...
[object Object],[object Object],[object Object],PHP Tainted variables
[object Object],[object Object],[object Object],PHP Tainted variables
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],PHP Tainted variables
[object Object],[object Object],[object Object],PHP Tainted variables select * from users where username= ' $username ' and password= ' $password ' Username: admin Password: ' or 1=1 -- select * from users where username= ' admin ' and password= ' ' or 1=1 -- ' Now it is data Now it is executable code
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],PHP Tainted variables
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],PHP Tainted variables ' &quot; nul
[object Object],[object Object],PHP Tainted variables
[object Object],[object Object],PHP Tainted variables
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],PHP Tainted variables
[object Object],[object Object],PHP Tainted variables source =request “ Wietse ” status=tainted operator=concat propagate taint source =script “ Hello, ” status=clean “ Hello, Wietse ” status=tainted sink =echo detect taint Note: this is the simplest way to propagate taint
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],PHP Tainted variables Warning: echo(): Argument contains data that is not converted with htmlspecialchars() or htmlentities() in /path/to/script on line X
PHP Tainted variables source=network “ Wietse ” status=tainted operator=concat propagate taint source=script “ Hello, ” status=clean “ Hello, Wietse ” status=clean sink=echo detect taint “ Wietse ” status=clean conversion= htmlentities convert data, remove taint Script: echo &quot; Hello, &quot; . html-entities ($_GET[ ' name ' ]); Request : GET /hello.php? name=Wietse
PHP Tainted variables 1 Configurable Taint flavor Source mark policy 1 Conversion function Sink detect policy 1 TC_HTML Input from web or database htmlspecialchars htmlemtities HTML output TC_MYSQL Input from web or database mysql_escape_string mysql_real_escape_string MySQL query TC_SHELL Input from web or database escapeshellcmd escapeshellarg Shell command TC_SELF Input from web untaint($var, TC_SELF) include, eval, ... TC_USER1 TC_USER2 application dependent untaint($var, TC_SELF) application dependent
[object Object],[object Object],[object Object],PHP Tainted variables
[object Object],[object Object],[object Object],PHP Tainted variables mysql_query( &quot; select * from users where name= &quot; . mysql_real_escape_string($name) . &quot; and .. if (ctype_alnum($name)) { mysql_query( &quot; select * from users where name=$name ...
[object Object],[object Object],[object Object],[object Object],[object Object],PHP Tainted variables
[object Object],[object Object],[object Object],PHP Tainted variables if (op->taint1 || op2->taint) result->taint = (op1->taint | op2->taint); else result->taint = 0; result->taint = (op1->taint | op2->taint);
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],PHP Tainted variables
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],PHP Tainted variables
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],PHP Tainted variables
[object Object],PHP Tainted variables
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],PHP Tainted variables
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],PHP Tainted variables
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],PHP Tainted variables

Empfohlen

Last train to php 7
Last train to php 7Last train to php 7
Last train to php 7Damien Seguy
 
Php 7 compliance workshop singapore
Php 7 compliance workshop singaporePhp 7 compliance workshop singapore
Php 7 compliance workshop singaporeDamien Seguy
 
Php Presentation
Php PresentationPhp Presentation
Php PresentationManish Bothra
 
Static Analysis of PHP Code – IPC Berlin 2016
Static Analysis of PHP Code – IPC Berlin 2016Static Analysis of PHP Code – IPC Berlin 2016
Static Analysis of PHP Code – IPC Berlin 2016Rouven Weßling
 
PHP Tutorials
PHP TutorialsPHP Tutorials
PHP TutorialsYuriy Krapivko
 
Securing Your Web Server
Securing Your Web ServerSecuring Your Web Server
Securing Your Web Servermanugoel2003
 
Overview of PHP and MYSQL
Overview of PHP and MYSQLOverview of PHP and MYSQL
Overview of PHP and MYSQLDeblina Chowdhury
 
Php technical presentation
Php technical presentationPhp technical presentation
Php technical presentationdharmendra kumar dhakar
 

Empfohlen

Last train to php 7
Last train to php 7Last train to php 7
Last train to php 7Damien Seguy
 
Php 7 compliance workshop singapore
Php 7 compliance workshop singaporePhp 7 compliance workshop singapore
Php 7 compliance workshop singaporeDamien Seguy
 
Php Presentation
Php PresentationPhp Presentation
Php PresentationManish Bothra
 
Static Analysis of PHP Code – IPC Berlin 2016
Static Analysis of PHP Code – IPC Berlin 2016Static Analysis of PHP Code – IPC Berlin 2016
Static Analysis of PHP Code – IPC Berlin 2016Rouven Weßling
 
PHP Tutorials
PHP TutorialsPHP Tutorials
PHP TutorialsYuriy Krapivko
 
Securing Your Web Server
Securing Your Web ServerSecuring Your Web Server
Securing Your Web Servermanugoel2003
 
Overview of PHP and MYSQL
Overview of PHP and MYSQLOverview of PHP and MYSQL
Overview of PHP and MYSQLDeblina Chowdhury
 
Php technical presentation
Php technical presentationPhp technical presentation
Php technical presentationdharmendra kumar dhakar
 
php
phpphp
phpajeetjhajharia
 
What is the Joomla Framework and why do we need it?
What is the Joomla Framework and why do we need it?What is the Joomla Framework and why do we need it?
What is the Joomla Framework and why do we need it?Rouven Weßling
 
Php Ppt
Php PptPhp Ppt
Php PptHema Prasanth
 
Http Parameter Pollution, a new category of web attacks
Http Parameter Pollution, a new category of web attacksHttp Parameter Pollution, a new category of web attacks
Http Parameter Pollution, a new category of web attacksStefano Di Paola
 
Introduction to php
Introduction to phpIntroduction to php
Introduction to phpMeetendra Singh
 
Php mysql ppt
Php mysql pptPhp mysql ppt
Php mysql pptKarmatechnologies Pvt. Ltd.
 
1336333055 php tutorial_from_beginner_to_master
1336333055 php tutorial_from_beginner_to_master1336333055 php tutorial_from_beginner_to_master
1336333055 php tutorial_from_beginner_to_masterjeeva indra
 
Positive Hack Days. Goltsev. Web Vulnerabilities: Difficult Cases
Positive Hack Days. Goltsev. Web Vulnerabilities: Difficult CasesPositive Hack Days. Goltsev. Web Vulnerabilities: Difficult Cases
Positive Hack Days. Goltsev. Web Vulnerabilities: Difficult CasesPositive Hack Days
 
PHP
PHPPHP
PHPSteve Fort
 
Introduction to php
Introduction to phpIntroduction to php
Introduction to phpAnjan Banda
 
Php introduction
Php introductionPhp introduction
Php introductionkrishnapriya Tadepalli
 
PHP slides
PHP slidesPHP slides
PHP slidesFarzad Wadia
 
PHP MySQL Workshop - facehook
PHP MySQL Workshop - facehookPHP MySQL Workshop - facehook
PHP MySQL Workshop - facehookBrainware Consultancy Pvt Ltd
 
Php a dynamic web scripting language
Php a dynamic web scripting languagePhp a dynamic web scripting language
Php a dynamic web scripting languageElmer Concepcion Jr.
 
Php training100%placement-in-mumbai
Php training100%placement-in-mumbaiPhp training100%placement-in-mumbai
Php training100%placement-in-mumbaivibrantuser
 
PHP Presentation
PHP PresentationPHP Presentation
PHP PresentationJIGAR MAKHIJA
 
PHP Function
PHP Function PHP Function
PHP Function Reber Novanta
 
01 Php Introduction
01 Php Introduction01 Php Introduction
01 Php IntroductionGeshan Manandhar
 
PHP 7.1 : elegance of our legacy
PHP 7.1 : elegance of our legacyPHP 7.1 : elegance of our legacy
PHP 7.1 : elegance of our legacyDamien Seguy
 
Php mysql
Php mysqlPhp mysql
Php mysqlShehrevar Davierwala
 
Security trend analysis with CVE topic models
Security trend analysis with CVE topic modelsSecurity trend analysis with CVE topic models
Security trend analysis with CVE topic modelsThomas Zimmermann
 
Abusing Windows Opener To Bypass CSRF Protection
Abusing Windows Opener To Bypass CSRF ProtectionAbusing Windows Opener To Bypass CSRF Protection
Abusing Windows Opener To Bypass CSRF ProtectionNarendra Bhati
 

Weitere ähnliche Inhalte

Was ist angesagt?

What is the Joomla Framework and why do we need it?
What is the Joomla Framework and why do we need it?What is the Joomla Framework and why do we need it?
What is the Joomla Framework and why do we need it?Rouven Weßling
 
Http Parameter Pollution, a new category of web attacks
Http Parameter Pollution, a new category of web attacksHttp Parameter Pollution, a new category of web attacks
Http Parameter Pollution, a new category of web attacksStefano Di Paola
 
1336333055 php tutorial_from_beginner_to_master
1336333055 php tutorial_from_beginner_to_master1336333055 php tutorial_from_beginner_to_master
1336333055 php tutorial_from_beginner_to_masterjeeva indra
 
Positive Hack Days. Goltsev. Web Vulnerabilities: Difficult Cases
Positive Hack Days. Goltsev. Web Vulnerabilities: Difficult CasesPositive Hack Days. Goltsev. Web Vulnerabilities: Difficult Cases
Positive Hack Days. Goltsev. Web Vulnerabilities: Difficult CasesPositive Hack Days
 
Introduction to php
Introduction to phpIntroduction to php
Introduction to phpAnjan Banda
 
Php a dynamic web scripting language
Php a dynamic web scripting languagePhp a dynamic web scripting language
Php a dynamic web scripting languageElmer Concepcion Jr.
 
Php training100%placement-in-mumbai
Php training100%placement-in-mumbaiPhp training100%placement-in-mumbai
Php training100%placement-in-mumbaivibrantuser
 
PHP 7.1 : elegance of our legacy
PHP 7.1 : elegance of our legacyPHP 7.1 : elegance of our legacy
PHP 7.1 : elegance of our legacyDamien Seguy
 

Was ist angesagt? (20)

php
phpphp
php
 
What is the Joomla Framework and why do we need it?
What is the Joomla Framework and why do we need it?What is the Joomla Framework and why do we need it?
What is the Joomla Framework and why do we need it?
 
Php Ppt
Php PptPhp Ppt
Php Ppt
 
Http Parameter Pollution, a new category of web attacks
Http Parameter Pollution, a new category of web attacksHttp Parameter Pollution, a new category of web attacks
Http Parameter Pollution, a new category of web attacks
 
Introduction to php
Introduction to phpIntroduction to php
Introduction to php
 
Php mysql ppt
Php mysql pptPhp mysql ppt
Php mysql ppt
 
1336333055 php tutorial_from_beginner_to_master
1336333055 php tutorial_from_beginner_to_master1336333055 php tutorial_from_beginner_to_master
1336333055 php tutorial_from_beginner_to_master
 
Positive Hack Days. Goltsev. Web Vulnerabilities: Difficult Cases
Positive Hack Days. Goltsev. Web Vulnerabilities: Difficult CasesPositive Hack Days. Goltsev. Web Vulnerabilities: Difficult Cases
Positive Hack Days. Goltsev. Web Vulnerabilities: Difficult Cases
 
PHP
PHPPHP
PHP
 
Introduction to php
Introduction to phpIntroduction to php
Introduction to php
 
Php introduction
Php introductionPhp introduction
Php introduction
 
PHP slides
PHP slidesPHP slides
PHP slides
 
PHP MySQL Workshop - facehook
PHP MySQL Workshop - facehookPHP MySQL Workshop - facehook
PHP MySQL Workshop - facehook
 
Php a dynamic web scripting language
Php a dynamic web scripting languagePhp a dynamic web scripting language
Php a dynamic web scripting language
 
Php training100%placement-in-mumbai
Php training100%placement-in-mumbaiPhp training100%placement-in-mumbai
Php training100%placement-in-mumbai
 
PHP Presentation
PHP PresentationPHP Presentation
PHP Presentation
 
PHP Function
PHP Function PHP Function
PHP Function
 
01 Php Introduction
01 Php Introduction01 Php Introduction
01 Php Introduction
 
PHP 7.1 : elegance of our legacy
PHP 7.1 : elegance of our legacyPHP 7.1 : elegance of our legacy
PHP 7.1 : elegance of our legacy
 
Php mysql
Php mysqlPhp mysql
Php mysql
 

Andere mochten auch

Security trend analysis with CVE topic models
Security trend analysis with CVE topic modelsSecurity trend analysis with CVE topic models
Security trend analysis with CVE topic modelsThomas Zimmermann
 
Abusing Windows Opener To Bypass CSRF Protection
Abusing Windows Opener To Bypass CSRF ProtectionAbusing Windows Opener To Bypass CSRF Protection
Abusing Windows Opener To Bypass CSRF ProtectionNarendra Bhati
 
пресс конференция 15.06.2016. безопасность платежных систем и банков
пресс конференция 15.06.2016. безопасность платежных систем и банковпресс конференция 15.06.2016. безопасность платежных систем и банков
пресс конференция 15.06.2016. безопасность платежных систем и банковДмитрий Бумов
 
Collision vulnerability for hash data structures in web platforms
Collision vulnerability for hash data structures in web platformsCollision vulnerability for hash data structures in web platforms
Collision vulnerability for hash data structures in web platformsBerescu Ionut
 
Sdl deployment in ics
Sdl deployment in icsSdl deployment in ics
Sdl deployment in icsMayur Mehta
 
Bo0oM - There's Nothing so Permanent as Temporary (PHDays IV, 2014)
Bo0oM - There's Nothing so Permanent as Temporary (PHDays IV, 2014)Bo0oM - There's Nothing so Permanent as Temporary (PHDays IV, 2014)
Bo0oM - There's Nothing so Permanent as Temporary (PHDays IV, 2014)Дмитрий Бумов
 
OWASP Pune Chapter : Dive Into The Profound Web Attacks
OWASP Pune Chapter : Dive Into The Profound Web AttacksOWASP Pune Chapter : Dive Into The Profound Web Attacks
OWASP Pune Chapter : Dive Into The Profound Web AttacksNarendra Bhati
 
Byzantine Attack & Defense in Cognitive Radio Network
Byzantine Attack & Defense in Cognitive Radio NetworkByzantine Attack & Defense in Cognitive Radio Network
Byzantine Attack & Defense in Cognitive Radio NetworkChandra Sharma
 
PHP Hacking: The battle between great ideas and not-so-great code
PHP Hacking: The battle between great ideas and not-so-great codePHP Hacking: The battle between great ideas and not-so-great code
PHP Hacking: The battle between great ideas and not-so-great codePete Prodoehl
 
CodeIgniter i18n Security Flaw
CodeIgniter i18n Security FlawCodeIgniter i18n Security Flaw
CodeIgniter i18n Security FlawAbbas Naderi
 
Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilitiesMayur Mehta
 
H4CK1N6 - Web Application Security
H4CK1N6 - Web Application SecurityH4CK1N6 - Web Application Security
H4CK1N6 - Web Application SecurityOliver Hader
 
Monitoring Attack Surface to Secure DevOps Pipelines
Monitoring Attack Surface to Secure DevOps PipelinesMonitoring Attack Surface to Secure DevOps Pipelines
Monitoring Attack Surface to Secure DevOps PipelinesDenim Group
 
Using Security To Build With Confidence in AWS – Justin Foster, Director of P...
Using Security To Build With Confidence in AWS – Justin Foster, Director of P...Using Security To Build With Confidence in AWS – Justin Foster, Director of P...
Using Security To Build With Confidence in AWS – Justin Foster, Director of P...Amazon Web Services
 

Andere mochten auch (20)

Security trend analysis with CVE topic models
Security trend analysis with CVE topic modelsSecurity trend analysis with CVE topic models
Security trend analysis with CVE topic models
 
Abusing Windows Opener To Bypass CSRF Protection
Abusing Windows Opener To Bypass CSRF ProtectionAbusing Windows Opener To Bypass CSRF Protection
Abusing Windows Opener To Bypass CSRF Protection
 
JoomlaTalk#9 - Joomla Security
JoomlaTalk#9 - Joomla SecurityJoomlaTalk#9 - Joomla Security
JoomlaTalk#9 - Joomla Security
 
пресс конференция 15.06.2016. безопасность платежных систем и банков
пресс конференция 15.06.2016. безопасность платежных систем и банковпресс конференция 15.06.2016. безопасность платежных систем и банков
пресс конференция 15.06.2016. безопасность платежных систем и банков
 
Collision vulnerability for hash data structures in web platforms
Collision vulnerability for hash data structures in web platformsCollision vulnerability for hash data structures in web platforms
Collision vulnerability for hash data structures in web platforms
 
Sdl deployment in ics
Sdl deployment in icsSdl deployment in ics
Sdl deployment in ics
 
Carwhisperer Bluetooth Attack
Carwhisperer Bluetooth AttackCarwhisperer Bluetooth Attack
Carwhisperer Bluetooth Attack
 
Bo0oM - There's Nothing so Permanent as Temporary (PHDays IV, 2014)
Bo0oM - There's Nothing so Permanent as Temporary (PHDays IV, 2014)Bo0oM - There's Nothing so Permanent as Temporary (PHDays IV, 2014)
Bo0oM - There's Nothing so Permanent as Temporary (PHDays IV, 2014)
 
Fuzz.txt
Fuzz.txtFuzz.txt
Fuzz.txt
 
OWASP Pune Chapter : Dive Into The Profound Web Attacks
OWASP Pune Chapter : Dive Into The Profound Web AttacksOWASP Pune Chapter : Dive Into The Profound Web Attacks
OWASP Pune Chapter : Dive Into The Profound Web Attacks
 
Hijacking bluetooth headsets
Hijacking bluetooth headsetsHijacking bluetooth headsets
Hijacking bluetooth headsets
 
Byzantine Attack & Defense in Cognitive Radio Network
Byzantine Attack & Defense in Cognitive Radio NetworkByzantine Attack & Defense in Cognitive Radio Network
Byzantine Attack & Defense in Cognitive Radio Network
 
PHP Hacking: The battle between great ideas and not-so-great code
PHP Hacking: The battle between great ideas and not-so-great codePHP Hacking: The battle between great ideas and not-so-great code
PHP Hacking: The battle between great ideas and not-so-great code
 
CodeIgniter i18n Security Flaw
CodeIgniter i18n Security FlawCodeIgniter i18n Security Flaw
CodeIgniter i18n Security Flaw
 
Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilities
 
H4CK1N6 - Web Application Security
H4CK1N6 - Web Application SecurityH4CK1N6 - Web Application Security
H4CK1N6 - Web Application Security
 
Не nmap'ом единым
Не nmap'ом единымНе nmap'ом единым
Не nmap'ом единым
 
Monitoring Attack Surface to Secure DevOps Pipelines
Monitoring Attack Surface to Secure DevOps PipelinesMonitoring Attack Surface to Secure DevOps Pipelines
Monitoring Attack Surface to Secure DevOps Pipelines
 
Locking Down CF Servers
Locking Down CF ServersLocking Down CF Servers
Locking Down CF Servers
 
Using Security To Build With Confidence in AWS – Justin Foster, Director of P...
Using Security To Build With Confidence in AWS – Justin Foster, Director of P...Using Security To Build With Confidence in AWS – Justin Foster, Director of P...
Using Security To Build With Confidence in AWS – Justin Foster, Director of P...
 

Ähnlich wie Php manish

Introduction to web and php mysql
Introduction to web and php mysqlIntroduction to web and php mysql
Introduction to web and php mysqlProgrammer Blog
 
Introduction to PHP - Basics of PHP
Introduction to PHP - Basics of PHPIntroduction to PHP - Basics of PHP
Introduction to PHP - Basics of PHPwahidullah mudaser
 
PHP from soup to nuts Course Deck
PHP from soup to nuts Course DeckPHP from soup to nuts Course Deck
PHP from soup to nuts Course DeckrICh morrow
 
The why and how of moving to php 8
The why and how of moving to php 8The why and how of moving to php 8
The why and how of moving to php 8Wim Godden
 
Php mysql classes in navi-mumbai,php-mysql course provider-in-navi-mumbai,bes...
Php mysql classes in navi-mumbai,php-mysql course provider-in-navi-mumbai,bes...Php mysql classes in navi-mumbai,php-mysql course provider-in-navi-mumbai,bes...
Php mysql classes in navi-mumbai,php-mysql course provider-in-navi-mumbai,bes...anshkhurana01
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with phpMohmad Feroz
 
chapter 5 Server-Side Scripting (PHP).pdf
chapter 5 Server-Side Scripting (PHP).pdfchapter 5 Server-Side Scripting (PHP).pdf
chapter 5 Server-Side Scripting (PHP).pdfburasyacob012
 

Ähnlich wie Php manish (20)

Introduction to web and php mysql
Introduction to web and php mysqlIntroduction to web and php mysql
Introduction to web and php mysql
 
Basics PHP
Basics PHPBasics PHP
Basics PHP
 
Introduction to PHP - Basics of PHP
Introduction to PHP - Basics of PHPIntroduction to PHP - Basics of PHP
Introduction to PHP - Basics of PHP
 
Php Tutorial
Php TutorialPhp Tutorial
Php Tutorial
 
PHP from soup to nuts Course Deck
PHP from soup to nuts Course DeckPHP from soup to nuts Course Deck
PHP from soup to nuts Course Deck
 
PHP ITCS 323
PHP ITCS 323PHP ITCS 323
PHP ITCS 323
 
The why and how of moving to php 8
The why and how of moving to php 8The why and how of moving to php 8
The why and how of moving to php 8
 
Secure PHP Coding
Secure PHP CodingSecure PHP Coding
Secure PHP Coding
 
Php intro
Php introPhp intro
Php intro
 
Php intro
Php introPhp intro
Php intro
 
Php intro
Php introPhp intro
Php intro
 
Unit 1
Unit 1Unit 1
Unit 1
 
Php mysql classes in navi-mumbai,php-mysql course provider-in-navi-mumbai,bes...
Php mysql classes in navi-mumbai,php-mysql course provider-in-navi-mumbai,bes...Php mysql classes in navi-mumbai,php-mysql course provider-in-navi-mumbai,bes...
Php mysql classes in navi-mumbai,php-mysql course provider-in-navi-mumbai,bes...
 
php basics
php basicsphp basics
php basics
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with php
 
Php
PhpPhp
Php
 
chapter 5 Server-Side Scripting (PHP).pdf
chapter 5 Server-Side Scripting (PHP).pdfchapter 5 Server-Side Scripting (PHP).pdf
chapter 5 Server-Side Scripting (PHP).pdf
 
PHP - Introduction to PHP Fundamentals
PHP - Introduction to PHP FundamentalsPHP - Introduction to PHP Fundamentals
PHP - Introduction to PHP Fundamentals
 
Php notes
Php notesPhp notes
Php notes
 
Php intro
Php introPhp intro
Php intro
 

Kürzlich hochgeladen

BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...PsychoTech Services
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 

Kürzlich hochgeladen (20)

Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 

Php manish

  • 1.  
  • 2.
  • 3. PHP Tainted variables Application Client host Web browser Application Server host Web server user dbms Applications written in HTML, Javascript, Java, (Flash, pdf, doc, ppt) Applications written in PHP, ASP, Java, Perl, Ruby, Haskell, (SQL, Shell) Server Client
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17. PHP Tainted variables source=network “ Wietse ” status=tainted operator=concat propagate taint source=script “ Hello, ” status=clean “ Hello, Wietse ” status=clean sink=echo detect taint “ Wietse ” status=clean conversion= htmlentities convert data, remove taint Script: echo &quot; Hello, &quot; . html-entities ($_GET[ ' name ' ]); Request : GET /hello.php? name=Wietse
  • 18. PHP Tainted variables 1 Configurable Taint flavor Source mark policy 1 Conversion function Sink detect policy 1 TC_HTML Input from web or database htmlspecialchars htmlemtities HTML output TC_MYSQL Input from web or database mysql_escape_string mysql_real_escape_string MySQL query TC_SHELL Input from web or database escapeshellcmd escapeshellarg Shell command TC_SELF Input from web untaint($var, TC_SELF) include, eval, ... TC_USER1 TC_USER2 application dependent untaint($var, TC_SELF) application dependent
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.