Reflective cross site scripting
- Reflects the task directly back at you
- Open door do what you need to do close door
Stored
- I do a thing then put a door stop on the connection so it stays open
- You get to decide what happens with that attack (could be reverse honeypot)
PHP
- Mid 90’s
- A client-side scripting language
- Javascript is front end
Php.ini you might find public configuration files
$var = ‘value’;
$$var = 42;
Variable Interpolation
- Strings in double quotes are evaluated for escaped
- Strings in single quotes always interpreted literally
- backticks `
- Executes content on command line
Webshell is just a command line interface
PHP shells
- Common functions
- system() - accepts command as parameter, runs, and returns result
- exec() - accepts command as parameter, runs, but does not return results
deletesnippet?index=0