Lampwrights Forum > Lounge, A Secure Web, Managing Communities, Pertaining to Spam > A Secure Web

Reply
 
Thread Tools
09-09-2010, 06:39 AM   #1
Jeff
Administrator
 
Jeff's Avatar
 
Join Date: Jul 2010
Posts: 402
Rep Power: 10
Jeff is getting browny points
Finding Base64 Encoded Exploits

When a PHP application is hacked and serving content that you cannot seem to find, chances are it is encoded in base64 and somewhere being decoded and displayed. Hackers will obfuscate this code making it hard to find. One way to find this code is to disable the base64_decode function in your php.ini file:

Code:
disable_function = "base64_decode"
Restart Apache and watch your error log to see where error messages pop up and this may allow you to see where the code is executing. Knowing where it executes is a great leap into finding HOW it is executing.

If none of your applications use base64_decode, then feel free to leave it disabled in php.ini. It will save you a lot of headaches in the future anyway.
Jeff is offline   Reply With Quote

12-09-2010, 04:58 AM   #2
kajara23
Guest
 
Posts: n/a
With “hacking” being a household word for anyone using computers, this is a fantastic method to find the encoded base64 which the hackers would have hidden somewhere when they did the mischief and if none of your applications use the base_64 decode the be smart and leave it disabled in php.ini as it'll save you a lot of trouble later!!
  Reply With Quote
Reply

Tags

application security

,

other security

,

server security


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -4. The time now is 07:54 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2014, vBulletin Solutions, Inc.