G00d thanks, does any1 know a tool for looking vulnerabilities "inside" of my *.php files ? or something to automated the "search" vulnerabilities?
- mark On 26/05/07, Jamie Riden <[EMAIL PROTECTED]> wrote:
On 26/05/07, Mark Sec <[EMAIL PROTECTED]> wrote: > > > does any1 how to protect about RFI (Remote file inclusion), and what i need > to see over php files ? > > -mark Briefly: 1. Secure your php install - turn off allow_url_fopen and allow_url_include in php.ini 2. Make sure your PHP app is not vulnerable - an attacker shouldn't be able to control what's included. This should protect you from local file inclusion as well. 3. Use suhosin and/or mod_security 4. (maybe) configure your firewall to disallow outbound connections initiated by the webserver cheers, Jamie
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
