NYCPHP Meetup

NYPHP.org

[nycphp-talk] Security PHP meeting idea ...

jon baer jonbaer at jonbaer.net
Fri Apr 2 13:47:03 EST 2004


Its been hard to do, Ive tried on my laptop a few times to setup case
scenerios with the SecurityFocus/BugTraq lists ... what Im was thinking was
a presentation with the "Top 5 PHP Security Blunders from Popular Packages"
and actually show (not just tell) why a patch is in order to better
understand how not to create the scenerio in the first place.

A little like a before and after ... the only problem being that some of the
more dangerous areas in XSS and SQLI have to have specific parameters which
goes from hacker scanning to exploit itself.  I was only able to setup one
in which every users hash of phpbb was exposed and brute cracked but Im not
sure if that is interesting enough ...

- Jon

----- Original Message -----
From: "Daniel Convissor" <danielc at analysisandsolutions.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Monday, March 22, 2004 9:04 PM
Subject: [nycphp-talk] SecurityFocus Newsletter #241 stuff


> PHPBB ViewTopic.PHP "postdays" Cross-Site Scripting Vulnerab...
> http://www.securityfocus.com/bid/9865
> The usual suspects, plus a few wannabe's...





More information about the talk mailing list