php

/Tag:php

Nginx, SSL & php5-fpm on Debian Wheezy

I decided to take a break from my love affair with Apache and set up a recent development project on Nginx. I’ve seen nothing but good things in terms of speed and performance from Nginx. I decided to set up a LEMP server (Linux, Nginx, MySQL, PHP), minus the MySQL as it’s already installed on my VM host server, and plus SSL. Here’s the full setup tutorial on Debian Wheezy: Step #1 – Installing the packages apt-get install nginx-extras mysql-client apt-get install php5-fpm php5-gd php5-mysql php-apc php-pear php5-cli php5-common php5-curl php5-mcrypt php5-cgi php5-memcached MySQL can be installed into the mix with a simple: apt-get install mysql-server […]

By | October 11th, 2014|Development, Hosting, Linux, MySQL, MySQL, PHP, PHP, PHP Articles, VPS|0 Comments

MySQL Master-Master Replication, Heartbeat, DRBD, Apache, PHP, Varnish MegaHOWTO

I created this HOWTO while building a new development environment today. The intention is to take a single Apache2/Varnish/MySQL environment and scale it to two servers, with one effectively a “hot-standby” – increase redundancy and continuity whilst maintaining current performance. This HOWTO is based on Linux Debian-76-wheezy-64-minimal 3.2.0-4-amd64 #1 SMP Debian 3.2.60-1+deb7u3 x86_64 Our current server has IP 192.168.201.1/24 and our new server has IP 192.168.201.7. Section #1: Set up MySQL Master/Master Replication First, we’ll set up MySQL master to master replication. In this configuration, data can be written and read from either host. Bear in mind that issues may exist with autoincrement fields when written to at the same time. There are other caveats with replication so ensure to research them along with how to deal with corruption and repair before considering this setup for a live application. Also be sure to be using the same version of MySQL on both servers – this may not always be necessary, however unless you are very familiar with any changes between versions, not doing so could spell disaster. […]

Blind SQL injection with sqlmap

When an SQL injection vulnerability is attacked, the application will often display error messages from the database. We are able to retrieve the data we are trying to retrieve from the database by constructing a query that ensures it ends up in the error message passed back to us. This is the method we used in the previous SQL injection example. This is a very quick and efficient way of mining data through SQL injection vulnerabilities. Sometimes, code is constructed in a way that whilst it is vulnerable to injection, it’s not possible to get the data we want returned by the database. Consider the following code – <?php $link = mysql_connect("localhost", "twl", "XXXX"); mysql_select_db("twl"); $sql = "SELECT * FROM wp_posts WHERE ID=’" . $_GET[‘id’] . "’;"; $res = @mysql_query($sql); if (@mysql_numrows($res)) { echo "We have rows!\n"; } else { echo "We have no rows.\n"; } ?> […]

By | December 11th, 2013|Security Consultant|0 Comments

SQL injection with sqlmap

sqlmap is web application & database penetration testing tool that automates detecting and exploiting many types of SQL injection flaw, and then taking over the database server. It’s able to detect a huge range of injection types. Let’s take the following code – <?php $link = mysql_connect("localhost", "twl", "XXXX"); mysql_select_db("twl"); echo "This is a page\n"; $sql = "SELECT * FROM wp_posts WHERE ID=’" . $_GET[‘id’] . "’;"; $res = mysql_query($sql); mysql_free_result($res); echo "This is some text\n"; mysql_close($link); ?> […]

By | December 10th, 2013|Security Consultant|0 Comments

Location header is optional not mandatory

I thought I’d write a short post about this issue as I’ve seen it come up a couple of times in PHP code audits. The incorrect assumption is that the Location header somehow forces a browser or forces execution to move elsewhere. Take a look at the following code sample – <?php $logged_in = 0; /* Do login verification routine here */ if (!$logged_in) { /* User is not logged in and shouldn’t be here */ header("Location: /index.php"); } /* User is logged in */ echo "Secret Member Content"; ?> […]

By | September 13th, 2013|PHP, Security Consultant|0 Comments

PHP Local and Remote File Inclusion (LFI, RFI) Attacks

PHP supports the ability to ‘include’ or ‘require’ additional files within a script. If unsanitized data is passed to such functions, an attacker may be able to get remote code execution access to the server. A typical include block might look something like this: <?php require("config/settings.inc.php"); require("lib/db.lib.php"); require("lib/parser.lib.php"); include("contrib/users/user.contrib.php"); die("This is a test"); ?> Now, it’s also possible to dynamically require or include files based on variables or user input, say for example: […]

By | August 15th, 2013|Linux, PHP, PHP, PHP Articles, Security Consultant|0 Comments

CMS Development

What is a CMS? A CMS is a Content Management System. WordPress, Joomla, Drupal and osCommerce are 4 popular PHP content management systems that we work with. A CMS at minimum provides you with a user friendly means of managing your site and it’s content. CMS Development Depending on the requirements for your CMS development project, there are two directions to consider: Take an existing CMS, and build on it to meet your needs. Taking WordPress as an example, the possibilities and options for modification are infinite. This is achieved through the development of themes and plugins. There is really no limit to the customization that’s achievable with most popular CMSs and so bespoke CMS development is usually reserved for a project where the majority of functionality would need to be manually built irrespective of existing code and modules. If your needs aren’t reasonably met by an existing CMS, then it may be more time and cost effective to build a CMS from the ground up. With this route, you also get to put exactly what features you want, where you want. We have a base framework that we usually build start our CMS development with. It contains the basics for rich page and text creation, article creation and SEO friendly URL management. In reality, the term ‘CMS’ has been stretched to cover frameworks and beyond. Whilst strictly speaking a CMS is any system that allows content to be managed, the term also describes fully fledged online site management and development platforms. […]

PHP, MySQL and memcached

According to memcached is a distributed object memory caching system. It can be used to set and get data by keys by any application that supports sockets. As a website security consultant I advise you to ensure that your memcache server runs on 127.0.0.1 only and that you secure your server. Anyone with access to the server can telnet to the server’s local interface and get/set your memcache data. I’ve used memcached for a number of PHP/MySQL projects, where I want greater cache control on database queries, than just relying on MySQL’s inbuilt caching abilities. Now, whilst memcached should not be used to mask bad database design and optimization, or badly written SQL queries, it can help dramatically with queries that simply take a long time and have already been optimized as far as possible. Assume that you had a simple database query wrapper: […]

By | June 24th, 2010|Development, MySQL, PHP, PHP, PHP Articles, Technology|0 Comments