Web Security Learning
stable

Content Index:

  • 1. Prologue
  • 2. Computer Networks and Protocols
  • 3. Information Collection
  • 4. Common vulnerability attack and defense
  • 5. Language and Framework
    • 5.1. PHP
      • 5.1.1. Backdoor
      • 5.1.2. Deserialization
      • 5.1.3. Disable Functions
      • 5.1.4. Open Basedir
      • 5.1.5. Security related configuration
      • 5.1.6. PHP Stream
      • 5.1.7. htaccess injection payload
      • 5.1.8. WebShell
      • 5.1.9. Code Obfuscation
      • 5.1.10. Phar
      • 5.1.11. Sink
      • 5.1.12. Other
      • 5.1.13. Version Security Changes
      • 5.1.14. Tricks
      • 5.1.15. Reference Links
        • 5.1.15.1. Bypass
        • 5.1.15.2. Tricks
        • 5.1.15.3. WebShell
        • 5.1.15.4. Phar
        • 5.1.15.5. Running
        • 5.1.15.6. Blog
    • 5.2. Python
    • 5.3. Java
    • 5.4. JavaScript
    • 5.5. Golang
    • 5.6. Ruby
    • 5.7. ASP
    • 5.8. PowerShell
    • 5.9. Shell
    • 5.10. CSharp
  • 6. Intranet penetration
  • 7. Cloud Security
  • 8. Defense Technology
  • 9. Authentication Mechanism
  • 10. Tools and Resources
  • 11. Manual Quick Check
  • 12. Others
Web Security Learning
  • »
  • 5. Language and Framework »
  • 5.1. PHP »
  • 5.1.15. Reference Links

5.1.15. Reference Links¶

5.1.15.1. Bypass¶

  • php open basedir bypass

  • open basedir bypass

  • Bypass Disable functions Shell

5.1.15.2. Tricks¶

  • php wrappers

  • The use of deserialized PHP native classes

  • Several methods of php decryption

  • Surprising CTF task solution using php://filter

  • Host Security Onion Webshell Detection Practice and Thinking

5.1.15.3. WebShell¶

  • PHP htaccess inject

  • php trojan encryption

  • Summary of PHP WebShell Transformation Technology

  • some webshells that do not contain numbers and letters

  • Those things about PHP Webshell - Attacks

5.1.15.4. Phar¶

  • US Black Hat 2018 Phar

  • Using phar to expand the attack surface of php deserialization vulnerability

  • Deep digging of PHP RCE caused by Phar and Stream Wrapper

5.1.15.5. Running¶

  • Learning the PHP lifecycle

  • Analysis of PHP7 Kernel

5.1.15.6. Blog¶

  • How we broke PHP

Previous Next

© Copyright 2019-2022, WebSecurity.

Built with Sphinx using a theme provided by Read the Docs.