SlideShare uma empresa Scribd logo

Php manish

M
Manish Jain

PHP : Variable

EducaçãoTecnologia
1 de 29
Baixar para ler offline
 
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],PHP Tainted variables
PHP Tainted variables Application Client host Web browser Application Server host Web server user dbms Applications written in HTML, Javascript, Java, (Flash, pdf, doc, ppt) Applications written in PHP, ASP, Java, Perl, Ruby, Haskell, (SQL, Shell) Server Client
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],PHP Tainted variables
[object Object],[object Object],[object Object],PHP Tainted variables <html> <body> <?php echo &quot; Hello, &quot; . $_GET[ ' name ' ] ; ?> Static hypertext... </body> </html> Hello, Wietse Static hypertext...
[object Object],[object Object],[object Object],PHP Tainted variables
[object Object],[object Object],[object Object],PHP Tainted variables
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],PHP Tainted variables
[object Object],[object Object],[object Object],PHP Tainted variables select * from users where username= ' $username ' and password= ' $password ' Username: admin Password: ' or 1=1 -- select * from users where username= ' admin ' and password= ' ' or 1=1 -- ' Now it is data Now it is executable code
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],PHP Tainted variables
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],PHP Tainted variables ' &quot; nul
[object Object],[object Object],PHP Tainted variables
[object Object],[object Object],PHP Tainted variables
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],PHP Tainted variables
[object Object],[object Object],PHP Tainted variables source =request “ Wietse ” status=tainted operator=concat propagate taint source =script “ Hello, ” status=clean “ Hello, Wietse ” status=tainted sink =echo detect taint Note: this is the simplest way to propagate taint
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],PHP Tainted variables Warning: echo(): Argument contains data that is not converted with htmlspecialchars() or htmlentities() in /path/to/script on line X
PHP Tainted variables source=network “ Wietse ” status=tainted operator=concat propagate taint source=script “ Hello, ” status=clean “ Hello, Wietse ” status=clean sink=echo detect taint “ Wietse ” status=clean conversion= htmlentities convert data, remove taint Script: echo &quot; Hello, &quot; . html-entities ($_GET[ ' name ' ]); Request : GET /hello.php? name=Wietse
PHP Tainted variables 1 Configurable Taint flavor Source mark policy 1 Conversion function Sink detect policy 1 TC_HTML Input from web or database htmlspecialchars htmlemtities HTML output TC_MYSQL Input from web or database mysql_escape_string mysql_real_escape_string MySQL query TC_SHELL Input from web or database escapeshellcmd escapeshellarg Shell command TC_SELF Input from web untaint($var, TC_SELF) include, eval, ... TC_USER1 TC_USER2 application dependent untaint($var, TC_SELF) application dependent
[object Object],[object Object],[object Object],PHP Tainted variables
[object Object],[object Object],[object Object],PHP Tainted variables mysql_query( &quot; select * from users where name= &quot; . mysql_real_escape_string($name) . &quot; and .. if (ctype_alnum($name)) { mysql_query( &quot; select * from users where name=$name ...
[object Object],[object Object],[object Object],[object Object],[object Object],PHP Tainted variables
[object Object],[object Object],[object Object],PHP Tainted variables if (op->taint1 || op2->taint) result->taint = (op1->taint | op2->taint); else result->taint = 0; result->taint = (op1->taint | op2->taint);
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],PHP Tainted variables
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],PHP Tainted variables
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],PHP Tainted variables
[object Object],PHP Tainted variables
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],PHP Tainted variables
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],PHP Tainted variables
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],PHP Tainted variables

Recomendados

Last train to php 7
Last train to php 7Last train to php 7
Last train to php 7Damien Seguy
 
Php 7 compliance workshop singapore
Php 7 compliance workshop singaporePhp 7 compliance workshop singapore
Php 7 compliance workshop singaporeDamien Seguy
 
Php Presentation
Php PresentationPhp Presentation
Php PresentationManish Bothra
 
Static Analysis of PHP Code – IPC Berlin 2016
Static Analysis of PHP Code – IPC Berlin 2016Static Analysis of PHP Code – IPC Berlin 2016
Static Analysis of PHP Code – IPC Berlin 2016Rouven Weßling
 
PHP Tutorials
PHP TutorialsPHP Tutorials
PHP TutorialsYuriy Krapivko
 
Securing Your Web Server
Securing Your Web ServerSecuring Your Web Server
Securing Your Web Servermanugoel2003
 
Overview of PHP and MYSQL
Overview of PHP and MYSQLOverview of PHP and MYSQL
Overview of PHP and MYSQLDeblina Chowdhury
 
Php technical presentation
Php technical presentationPhp technical presentation
Php technical presentationdharmendra kumar dhakar
 

Recomendados

Last train to php 7
Last train to php 7Last train to php 7
Last train to php 7Damien Seguy
 
Php 7 compliance workshop singapore
Php 7 compliance workshop singaporePhp 7 compliance workshop singapore
Php 7 compliance workshop singaporeDamien Seguy
 
Php Presentation
Php PresentationPhp Presentation
Php PresentationManish Bothra
 
Static Analysis of PHP Code – IPC Berlin 2016
Static Analysis of PHP Code – IPC Berlin 2016Static Analysis of PHP Code – IPC Berlin 2016
Static Analysis of PHP Code – IPC Berlin 2016Rouven Weßling
 
PHP Tutorials
PHP TutorialsPHP Tutorials
PHP TutorialsYuriy Krapivko
 
Securing Your Web Server
Securing Your Web ServerSecuring Your Web Server
Securing Your Web Servermanugoel2003
 
Overview of PHP and MYSQL
Overview of PHP and MYSQLOverview of PHP and MYSQL
Overview of PHP and MYSQLDeblina Chowdhury
 
Php technical presentation
Php technical presentationPhp technical presentation
Php technical presentationdharmendra kumar dhakar
 
php
phpphp
phpajeetjhajharia
 
What is the Joomla Framework and why do we need it?
What is the Joomla Framework and why do we need it?What is the Joomla Framework and why do we need it?
What is the Joomla Framework and why do we need it?Rouven Weßling
 
Php Ppt
Php PptPhp Ppt
Php PptHema Prasanth
 
Http Parameter Pollution, a new category of web attacks
Http Parameter Pollution, a new category of web attacksHttp Parameter Pollution, a new category of web attacks
Http Parameter Pollution, a new category of web attacksStefano Di Paola
 
Introduction to php
Introduction to phpIntroduction to php
Introduction to phpMeetendra Singh
 
Php mysql ppt
Php mysql pptPhp mysql ppt
Php mysql pptKarmatechnologies Pvt. Ltd.
 
1336333055 php tutorial_from_beginner_to_master
1336333055 php tutorial_from_beginner_to_master1336333055 php tutorial_from_beginner_to_master
1336333055 php tutorial_from_beginner_to_masterjeeva indra
 
Positive Hack Days. Goltsev. Web Vulnerabilities: Difficult Cases
Positive Hack Days. Goltsev. Web Vulnerabilities: Difficult CasesPositive Hack Days. Goltsev. Web Vulnerabilities: Difficult Cases
Positive Hack Days. Goltsev. Web Vulnerabilities: Difficult CasesPositive Hack Days
 
PHP
PHPPHP
PHPSteve Fort
 
Introduction to php
Introduction to phpIntroduction to php
Introduction to phpAnjan Banda
 
Php introduction
Php introductionPhp introduction
Php introductionkrishnapriya Tadepalli
 
PHP slides
PHP slidesPHP slides
PHP slidesFarzad Wadia
 
PHP MySQL Workshop - facehook
PHP MySQL Workshop - facehookPHP MySQL Workshop - facehook
PHP MySQL Workshop - facehookBrainware Consultancy Pvt Ltd
 
Php a dynamic web scripting language
Php a dynamic web scripting languagePhp a dynamic web scripting language
Php a dynamic web scripting languageElmer Concepcion Jr.
 
Php training100%placement-in-mumbai
Php training100%placement-in-mumbaiPhp training100%placement-in-mumbai
Php training100%placement-in-mumbaivibrantuser
 
PHP Presentation
PHP PresentationPHP Presentation
PHP PresentationJIGAR MAKHIJA
 
PHP Function
PHP Function PHP Function
PHP Function Reber Novanta
 
01 Php Introduction
01 Php Introduction01 Php Introduction
01 Php IntroductionGeshan Manandhar
 
PHP 7.1 : elegance of our legacy
PHP 7.1 : elegance of our legacyPHP 7.1 : elegance of our legacy
PHP 7.1 : elegance of our legacyDamien Seguy
 
Php mysql
Php mysqlPhp mysql
Php mysqlShehrevar Davierwala
 
Security trend analysis with CVE topic models
Security trend analysis with CVE topic modelsSecurity trend analysis with CVE topic models
Security trend analysis with CVE topic modelsThomas Zimmermann
 
Abusing Windows Opener To Bypass CSRF Protection
Abusing Windows Opener To Bypass CSRF ProtectionAbusing Windows Opener To Bypass CSRF Protection
Abusing Windows Opener To Bypass CSRF ProtectionNarendra Bhati
 

Mais conteúdo relacionado

Mais procurados

What is the Joomla Framework and why do we need it?
What is the Joomla Framework and why do we need it?What is the Joomla Framework and why do we need it?
What is the Joomla Framework and why do we need it?Rouven Weßling
 
Http Parameter Pollution, a new category of web attacks
Http Parameter Pollution, a new category of web attacksHttp Parameter Pollution, a new category of web attacks
Http Parameter Pollution, a new category of web attacksStefano Di Paola
 
1336333055 php tutorial_from_beginner_to_master
1336333055 php tutorial_from_beginner_to_master1336333055 php tutorial_from_beginner_to_master
1336333055 php tutorial_from_beginner_to_masterjeeva indra
 
Positive Hack Days. Goltsev. Web Vulnerabilities: Difficult Cases
Positive Hack Days. Goltsev. Web Vulnerabilities: Difficult CasesPositive Hack Days. Goltsev. Web Vulnerabilities: Difficult Cases
Positive Hack Days. Goltsev. Web Vulnerabilities: Difficult CasesPositive Hack Days
 
Introduction to php
Introduction to phpIntroduction to php
Introduction to phpAnjan Banda
 
Php a dynamic web scripting language
Php a dynamic web scripting languagePhp a dynamic web scripting language
Php a dynamic web scripting languageElmer Concepcion Jr.
 
Php training100%placement-in-mumbai
Php training100%placement-in-mumbaiPhp training100%placement-in-mumbai
Php training100%placement-in-mumbaivibrantuser
 
PHP 7.1 : elegance of our legacy
PHP 7.1 : elegance of our legacyPHP 7.1 : elegance of our legacy
PHP 7.1 : elegance of our legacyDamien Seguy
 

Mais procurados (20)

php
phpphp
php
 
What is the Joomla Framework and why do we need it?
What is the Joomla Framework and why do we need it?What is the Joomla Framework and why do we need it?
What is the Joomla Framework and why do we need it?
 
Php Ppt
Php PptPhp Ppt
Php Ppt
 
Http Parameter Pollution, a new category of web attacks
Http Parameter Pollution, a new category of web attacksHttp Parameter Pollution, a new category of web attacks
Http Parameter Pollution, a new category of web attacks
 
Introduction to php
Introduction to phpIntroduction to php
Introduction to php
 
Php mysql ppt
Php mysql pptPhp mysql ppt
Php mysql ppt
 
1336333055 php tutorial_from_beginner_to_master
1336333055 php tutorial_from_beginner_to_master1336333055 php tutorial_from_beginner_to_master
1336333055 php tutorial_from_beginner_to_master
 
Positive Hack Days. Goltsev. Web Vulnerabilities: Difficult Cases
Positive Hack Days. Goltsev. Web Vulnerabilities: Difficult CasesPositive Hack Days. Goltsev. Web Vulnerabilities: Difficult Cases
Positive Hack Days. Goltsev. Web Vulnerabilities: Difficult Cases
 
PHP
PHPPHP
PHP
 
Introduction to php
Introduction to phpIntroduction to php
Introduction to php
 
Php introduction
Php introductionPhp introduction
Php introduction
 
PHP slides
PHP slidesPHP slides
PHP slides
 
PHP MySQL Workshop - facehook
PHP MySQL Workshop - facehookPHP MySQL Workshop - facehook
PHP MySQL Workshop - facehook
 
Php a dynamic web scripting language
Php a dynamic web scripting languagePhp a dynamic web scripting language
Php a dynamic web scripting language
 
Php training100%placement-in-mumbai
Php training100%placement-in-mumbaiPhp training100%placement-in-mumbai
Php training100%placement-in-mumbai
 
PHP Presentation
PHP PresentationPHP Presentation
PHP Presentation
 
PHP Function
PHP Function PHP Function
PHP Function
 
01 Php Introduction
01 Php Introduction01 Php Introduction
01 Php Introduction
 
PHP 7.1 : elegance of our legacy
PHP 7.1 : elegance of our legacyPHP 7.1 : elegance of our legacy
PHP 7.1 : elegance of our legacy
 
Php mysql
Php mysqlPhp mysql
Php mysql
 

Destaque

Security trend analysis with CVE topic models
Security trend analysis with CVE topic modelsSecurity trend analysis with CVE topic models
Security trend analysis with CVE topic modelsThomas Zimmermann
 
Abusing Windows Opener To Bypass CSRF Protection
Abusing Windows Opener To Bypass CSRF ProtectionAbusing Windows Opener To Bypass CSRF Protection
Abusing Windows Opener To Bypass CSRF ProtectionNarendra Bhati
 
пресс конференция 15.06.2016. безопасность платежных систем и банков
пресс конференция 15.06.2016. безопасность платежных систем и банковпресс конференция 15.06.2016. безопасность платежных систем и банков
пресс конференция 15.06.2016. безопасность платежных систем и банковДмитрий Бумов
 
Collision vulnerability for hash data structures in web platforms
Collision vulnerability for hash data structures in web platformsCollision vulnerability for hash data structures in web platforms
Collision vulnerability for hash data structures in web platformsBerescu Ionut
 
Sdl deployment in ics
Sdl deployment in icsSdl deployment in ics
Sdl deployment in icsMayur Mehta
 
Bo0oM - There's Nothing so Permanent as Temporary (PHDays IV, 2014)
Bo0oM - There's Nothing so Permanent as Temporary (PHDays IV, 2014)Bo0oM - There's Nothing so Permanent as Temporary (PHDays IV, 2014)
Bo0oM - There's Nothing so Permanent as Temporary (PHDays IV, 2014)Дмитрий Бумов
 
OWASP Pune Chapter : Dive Into The Profound Web Attacks
OWASP Pune Chapter : Dive Into The Profound Web AttacksOWASP Pune Chapter : Dive Into The Profound Web Attacks
OWASP Pune Chapter : Dive Into The Profound Web AttacksNarendra Bhati
 
Byzantine Attack & Defense in Cognitive Radio Network
Byzantine Attack & Defense in Cognitive Radio NetworkByzantine Attack & Defense in Cognitive Radio Network
Byzantine Attack & Defense in Cognitive Radio NetworkChandra Sharma
 
PHP Hacking: The battle between great ideas and not-so-great code
PHP Hacking: The battle between great ideas and not-so-great codePHP Hacking: The battle between great ideas and not-so-great code
PHP Hacking: The battle between great ideas and not-so-great codePete Prodoehl
 
CodeIgniter i18n Security Flaw
CodeIgniter i18n Security FlawCodeIgniter i18n Security Flaw
CodeIgniter i18n Security FlawAbbas Naderi
 
Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilitiesMayur Mehta
 
H4CK1N6 - Web Application Security
H4CK1N6 - Web Application SecurityH4CK1N6 - Web Application Security
H4CK1N6 - Web Application SecurityOliver Hader
 
Monitoring Attack Surface to Secure DevOps Pipelines
Monitoring Attack Surface to Secure DevOps PipelinesMonitoring Attack Surface to Secure DevOps Pipelines
Monitoring Attack Surface to Secure DevOps PipelinesDenim Group
 
Using Security To Build With Confidence in AWS – Justin Foster, Director of P...
Using Security To Build With Confidence in AWS – Justin Foster, Director of P...Using Security To Build With Confidence in AWS – Justin Foster, Director of P...
Using Security To Build With Confidence in AWS – Justin Foster, Director of P...Amazon Web Services
 

Destaque (20)

Security trend analysis with CVE topic models
Security trend analysis with CVE topic modelsSecurity trend analysis with CVE topic models
Security trend analysis with CVE topic models
 
Abusing Windows Opener To Bypass CSRF Protection
Abusing Windows Opener To Bypass CSRF ProtectionAbusing Windows Opener To Bypass CSRF Protection
Abusing Windows Opener To Bypass CSRF Protection
 
JoomlaTalk#9 - Joomla Security
JoomlaTalk#9 - Joomla SecurityJoomlaTalk#9 - Joomla Security
JoomlaTalk#9 - Joomla Security
 
пресс конференция 15.06.2016. безопасность платежных систем и банков
пресс конференция 15.06.2016. безопасность платежных систем и банковпресс конференция 15.06.2016. безопасность платежных систем и банков
пресс конференция 15.06.2016. безопасность платежных систем и банков
 
Collision vulnerability for hash data structures in web platforms
Collision vulnerability for hash data structures in web platformsCollision vulnerability for hash data structures in web platforms
Collision vulnerability for hash data structures in web platforms
 
Sdl deployment in ics
Sdl deployment in icsSdl deployment in ics
Sdl deployment in ics
 
Carwhisperer Bluetooth Attack
Carwhisperer Bluetooth AttackCarwhisperer Bluetooth Attack
Carwhisperer Bluetooth Attack
 
Bo0oM - There's Nothing so Permanent as Temporary (PHDays IV, 2014)
Bo0oM - There's Nothing so Permanent as Temporary (PHDays IV, 2014)Bo0oM - There's Nothing so Permanent as Temporary (PHDays IV, 2014)
Bo0oM - There's Nothing so Permanent as Temporary (PHDays IV, 2014)
 
Fuzz.txt
Fuzz.txtFuzz.txt
Fuzz.txt
 
OWASP Pune Chapter : Dive Into The Profound Web Attacks
OWASP Pune Chapter : Dive Into The Profound Web AttacksOWASP Pune Chapter : Dive Into The Profound Web Attacks
OWASP Pune Chapter : Dive Into The Profound Web Attacks
 
Hijacking bluetooth headsets
Hijacking bluetooth headsetsHijacking bluetooth headsets
Hijacking bluetooth headsets
 
Byzantine Attack & Defense in Cognitive Radio Network
Byzantine Attack & Defense in Cognitive Radio NetworkByzantine Attack & Defense in Cognitive Radio Network
Byzantine Attack & Defense in Cognitive Radio Network
 
PHP Hacking: The battle between great ideas and not-so-great code
PHP Hacking: The battle between great ideas and not-so-great codePHP Hacking: The battle between great ideas and not-so-great code
PHP Hacking: The battle between great ideas and not-so-great code
 
CodeIgniter i18n Security Flaw
CodeIgniter i18n Security FlawCodeIgniter i18n Security Flaw
CodeIgniter i18n Security Flaw
 
Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilities
 
H4CK1N6 - Web Application Security
H4CK1N6 - Web Application SecurityH4CK1N6 - Web Application Security
H4CK1N6 - Web Application Security
 
Не nmap'ом единым
Не nmap'ом единымНе nmap'ом единым
Не nmap'ом единым
 
Monitoring Attack Surface to Secure DevOps Pipelines
Monitoring Attack Surface to Secure DevOps PipelinesMonitoring Attack Surface to Secure DevOps Pipelines
Monitoring Attack Surface to Secure DevOps Pipelines
 
Locking Down CF Servers
Locking Down CF ServersLocking Down CF Servers
Locking Down CF Servers
 
Using Security To Build With Confidence in AWS – Justin Foster, Director of P...
Using Security To Build With Confidence in AWS – Justin Foster, Director of P...Using Security To Build With Confidence in AWS – Justin Foster, Director of P...
Using Security To Build With Confidence in AWS – Justin Foster, Director of P...
 

Semelhante a Php manish

Introduction to web and php mysql
Introduction to web and php mysqlIntroduction to web and php mysql
Introduction to web and php mysqlProgrammer Blog
 
Introduction to PHP - Basics of PHP
Introduction to PHP - Basics of PHPIntroduction to PHP - Basics of PHP
Introduction to PHP - Basics of PHPwahidullah mudaser
 
PHP from soup to nuts Course Deck
PHP from soup to nuts Course DeckPHP from soup to nuts Course Deck
PHP from soup to nuts Course DeckrICh morrow
 
The why and how of moving to php 8
The why and how of moving to php 8The why and how of moving to php 8
The why and how of moving to php 8Wim Godden
 
Php mysql classes in navi-mumbai,php-mysql course provider-in-navi-mumbai,bes...
Php mysql classes in navi-mumbai,php-mysql course provider-in-navi-mumbai,bes...Php mysql classes in navi-mumbai,php-mysql course provider-in-navi-mumbai,bes...
Php mysql classes in navi-mumbai,php-mysql course provider-in-navi-mumbai,bes...anshkhurana01
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with phpMohmad Feroz
 
Php mysql training-in-mumbai
Php mysql training-in-mumbaiPhp mysql training-in-mumbai
Php mysql training-in-mumbaiUnmesh Baile
 

Semelhante a Php manish (20)

Introduction to web and php mysql
Introduction to web and php mysqlIntroduction to web and php mysql
Introduction to web and php mysql
 
Basics PHP
Basics PHPBasics PHP
Basics PHP
 
Introduction to PHP - Basics of PHP
Introduction to PHP - Basics of PHPIntroduction to PHP - Basics of PHP
Introduction to PHP - Basics of PHP
 
Php Tutorial
Php TutorialPhp Tutorial
Php Tutorial
 
PHP from soup to nuts Course Deck
PHP from soup to nuts Course DeckPHP from soup to nuts Course Deck
PHP from soup to nuts Course Deck
 
PHP ITCS 323
PHP ITCS 323PHP ITCS 323
PHP ITCS 323
 
The why and how of moving to php 8
The why and how of moving to php 8The why and how of moving to php 8
The why and how of moving to php 8
 
Secure PHP Coding
Secure PHP CodingSecure PHP Coding
Secure PHP Coding
 
Php intro
Php introPhp intro
Php intro
 
Php intro
Php introPhp intro
Php intro
 
Php intro
Php introPhp intro
Php intro
 
Unit 1
Unit 1Unit 1
Unit 1
 
Php mysql classes in navi-mumbai,php-mysql course provider-in-navi-mumbai,bes...
Php mysql classes in navi-mumbai,php-mysql course provider-in-navi-mumbai,bes...Php mysql classes in navi-mumbai,php-mysql course provider-in-navi-mumbai,bes...
Php mysql classes in navi-mumbai,php-mysql course provider-in-navi-mumbai,bes...
 
php basics
php basicsphp basics
php basics
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with php
 
Php
PhpPhp
Php
 
PHP - Introduction to PHP Fundamentals
PHP - Introduction to PHP FundamentalsPHP - Introduction to PHP Fundamentals
PHP - Introduction to PHP Fundamentals
 
Php notes
Php notesPhp notes
Php notes
 
Php intro
Php introPhp intro
Php intro
 
Php mysql training-in-mumbai
Php mysql training-in-mumbaiPhp mysql training-in-mumbai
Php mysql training-in-mumbai
 

Último

How to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseHow to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseCeline George
 
How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17Celine George
 
Narcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdfNarcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdfPrerana Jadhav
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfPatidar M
 
Using Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea DevelopmentUsing Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea Developmentchesterberbo7
 
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDecoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDhatriParmar
 
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...DhatriParmar
 
4.9.24 School Desegregation in Boston.pptx
4.9.24 School Desegregation in Boston.pptx4.9.24 School Desegregation in Boston.pptx
4.9.24 School Desegregation in Boston.pptxmary850239
 
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxBIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxSayali Powar
 
MS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdfMS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdfMr Bounab Samir
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management SystemChristalin Nelson
 
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxUnraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxDhatriParmar
 
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Association for Project Management
 
Congestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationCongestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationdeepaannamalai16
 
4.11.24 Poverty and Inequality in America.pptx
4.11.24 Poverty and Inequality in America.pptx4.11.24 Poverty and Inequality in America.pptx
4.11.24 Poverty and Inequality in America.pptxmary850239
 
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQ-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQuiz Club NITW
 

Último (20)

How to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseHow to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 Database
 
How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17
 
Narcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdfNarcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdf
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdf
 
Using Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea DevelopmentUsing Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea Development
 
Mattingly "AI & Prompt Design: Large Language Models"
Mattingly "AI & Prompt Design: Large Language Models"Mattingly "AI & Prompt Design: Large Language Models"
Mattingly "AI & Prompt Design: Large Language Models"
 
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDecoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
 
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...
 
4.9.24 School Desegregation in Boston.pptx
4.9.24 School Desegregation in Boston.pptx4.9.24 School Desegregation in Boston.pptx
4.9.24 School Desegregation in Boston.pptx
 
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxBIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
 
MS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdfMS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdf
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management System
 
prashanth updated resume 2024 for Teaching Profession
prashanth updated resume 2024 for Teaching Professionprashanth updated resume 2024 for Teaching Profession
prashanth updated resume 2024 for Teaching Profession
 
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxUnraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
 
Faculty Profile prashantha K EEE dept Sri Sairam college of Engineering
Faculty Profile prashantha K EEE dept Sri Sairam college of EngineeringFaculty Profile prashantha K EEE dept Sri Sairam college of Engineering
Faculty Profile prashantha K EEE dept Sri Sairam college of Engineering
 
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptxINCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
 
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
 
Congestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationCongestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentation
 
4.11.24 Poverty and Inequality in America.pptx
4.11.24 Poverty and Inequality in America.pptx4.11.24 Poverty and Inequality in America.pptx
4.11.24 Poverty and Inequality in America.pptx
 
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQ-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
 

Php manish

  • 1.  
  • 2.
  • 3. PHP Tainted variables Application Client host Web browser Application Server host Web server user dbms Applications written in HTML, Javascript, Java, (Flash, pdf, doc, ppt) Applications written in PHP, ASP, Java, Perl, Ruby, Haskell, (SQL, Shell) Server Client
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17. PHP Tainted variables source=network “ Wietse ” status=tainted operator=concat propagate taint source=script “ Hello, ” status=clean “ Hello, Wietse ” status=clean sink=echo detect taint “ Wietse ” status=clean conversion= htmlentities convert data, remove taint Script: echo &quot; Hello, &quot; . html-entities ($_GET[ ' name ' ]); Request : GET /hello.php? name=Wietse
  • 18. PHP Tainted variables 1 Configurable Taint flavor Source mark policy 1 Conversion function Sink detect policy 1 TC_HTML Input from web or database htmlspecialchars htmlemtities HTML output TC_MYSQL Input from web or database mysql_escape_string mysql_real_escape_string MySQL query TC_SHELL Input from web or database escapeshellcmd escapeshellarg Shell command TC_SELF Input from web untaint($var, TC_SELF) include, eval, ... TC_USER1 TC_USER2 application dependent untaint($var, TC_SELF) application dependent
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.