iBlog - Ilia Alshanetsky

Entries from Thursday, October 5. 2006


Quicksearch
Calendar
Back October '06 Forward
Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31        
Syndicate This Blog

Thursday, October 5. 2006

Google Code Search ~= Hacker's best ... Posted by Ilia Alshanetsky in PHP at 16:49

Comments (7)
Trackbacks (3)

Google Code Search ~= Hacker's best friend?

Search engines have for a long time been a good helper of people trying to find sensitive information or vulnerabilities on the web. When you have a few billion documents indexed, it is inevitable some things that should remain private inadvertainly end up in public directories and get indexed, then its just a matter of writing a sufficiently creative search query to find that data.

There are even sites that aggregate "interesting" search queries designed to quickly locate sensetive data such as Google Hacking Database from "Johny" that has queries to find everything from old vulnerable software to credit card numbers, etc...

There have also been attempts to identify things like SQL injection and XSS by locating sites collecting common form of input and then checking to see if said input is not validated. A good example of this can be found on Michael Sutton's blog, who used Google to generate statistics to identify the frequency of SQL injections.

But this approach is does not really show you the full extent of the exploit, just indicates presence of SQL injection, which can then be explored further mostly through trial an error. Well, no more, thanks to Pierre I've discovered a Google's lab project called "Code Search", which as the name suggests indexes publicly available source code. Meaning that now not only can you easily find exploits, but also get the full context of the code allowing for a much nastier exploitation. Let's give it a shot ;-) Continue reading "Google Code Search ~= Hacker's best friend?"
  • Twitter
  • Bookmark Google Code Search ~= Hacker's best friend? at del.icio.us
  • Facebook
  • Digg Google Code Search ~= Hacker's best friend?
  • Bookmark Google Code Search ~= Hacker's best friend? at reddit.com
  • Stumble It!

Thursday, October 5. 2006

PHP 5.2.0RC5 is out! Posted by Ilia Alshanetsky in PHP at 16:40

Comments (11)
Trackbacks (2)

PHP 5.2.0RC5 is out!

After 2 weeks of inaction 5.2.0 final release is finally in sight. A few minutes ago I've released the last (I mean it this time) release candidate of 5.2.0, RC5. If all goes well a week from now 5.2.0 final will be out ready for use. In the meantime I'd like to ask once again that everyone try this RC, which can downloaded from here:
http://downloads.php.net/ilia/php-5.2.0RC5.tar.bz2 (md5sum: 9a7fb788fbfd2beb8ed7aecb0a7d1598)

I don't think you'd be able to find any major issues or regressions in this RC, but if you do certainly let me know, if necessary RC6 is not out of the question.
  • Twitter
  • Bookmark PHP 5.2.0RC5 is out! at del.icio.us
  • Facebook
  • Digg PHP 5.2.0RC5 is out!
  • Bookmark PHP 5.2.0RC5 is out! at reddit.com
  • Stumble It!
« previous page   (Page 1 of 1, totaling 2 entries)   next page »
Frontpage
Guide to PHP Security
Categories
Archives

Blog Administration