Extract: A PHP Foot-Gun Case Study (god2025)

Chaos Computer Club - recent events feed (low quality)

Contenuto fornito da CCC media team. Tutti i contenuti dei podcast, inclusi episodi, grafica e descrizioni dei podcast, vengono caricati e forniti direttamente da CCC media team o dal partner della piattaforma podcast. Se ritieni che qualcuno stia utilizzando la tua opera protetta da copyright senza la tua autorizzazione, puoi seguire la procedura descritta qui https://it.player.fm/legal.

10d ago 24:37

MP4•Pagina principale dell'episodio

Do you always read the documentation before using a function in your languages' standard library? This talk explores the attack surface of a special feature in PHP which is easy to misuse with unforseen consequences. The `extract` function allows to replace the value of local variables named after the keys in an array. Calling it with user-controlled input allows the attacker to change arbitrary variables in the program. The documentation warns against the dangers of using it with untrusted data, but our large-scale analysis on 28.325 PHP projects from GitHub shows, that this warning is ignored. The talk walks through the process of identifing `extract`-based vulnerabilities and how they might have ended up the way they are by looking at the surrounding code. After introducing different levels of attacker-control guided by concrete exploits, listeners gain an intuition on what to look out for while reviewing code. Attending this talk, the audience will learn: Rich ways users have control over input in PHP. How to exploit insecure calls to `extract` given multiple real-world case-studies from the dataset of open source projects from GitHub. Tips on how to avoid this and similar threats in new and legacy code. Possible changes to PHP itself for risk reduction. Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://c3voc.de

1694 episodi

#Technologie #CCC media team #Ccc Congress Hacking Security Netzpolitik #Video