Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What kind of vulnerabilities involve the attacker sending "php://input"?

Tags:

security

php

My site was just bombarded by an attacker trying to pass "php://input" into any GET/POST variable they could think of. If this is trying to take advantage of a vulnerability, I'm unaware of it. What could this user be trying to exploit?

like image 652
Eric Caron Avatar asked Dec 14 '10 18:12

Eric Caron


1 Answers

http://www.owasp.org/index.php/Top_10_2007-Malicious_File_Execution

php://input reads data from the incoming request. Basically, what the attacker might be trying to do is pass "php://input" into a weak php directive such as:

include $_REQUEST['filename'];

It would allow the attacker to send the "contents" of the php file to execute via the request, thereby allowing him to execute php code on your machine

like image 145
bug Avatar answered Sep 30 '22 01:09

bug