Appendix 1: CD-ROM Contents
| | ||
| | ||
| | ||
Files
| Folders and files | Description | Chapter |
|---|---|---|
| /localhost/ | All examples in the book. | All |
| /localhost/1/ | Examples that demonstrate undocumented features in scripts displaying information dynamically. | 1 |
| /localhost/1/1.php | A script that demonstrates errors emerging because of incorrect SQL queries. | 1, 3 |
| /localhost/1/2.php /localhost/1/3.php | Scripts that demonstrate errors when working with files. | 1, 2 |
| /localhost/1/test.txt | A test file that, according to the task, shouldn't be available to a remote user . The examples demonstrate that this is not always the case. | 1 |
| /localhost/1/data/ | A folder containing files used in the examples. | 1 |
| /localhost/2/ | Examples that demonstrate security issues. | 2 |
| /localhost/2/1.php | A script that demonstrates how GET , POST , and other HTTP parameters can be passed and how they are accessed in scripts. | 2 |
| /localhost/2/2.php | A script that demonstrates how an attacker can circumvent filtration in certain cases. | 2 |
| /localhost/2/3.php | A script that demonstrates work with cookies. | 2 |
| /localhost/2/4.php | Demonstrations of the PHP source code injection vulnerability. | 2 |
| /localhost/2/7.php | ||
| /localhost/2/5.php | ||
| /localhost/2/6.php | ||
| /localhost/2/8.php | Demonstration of data substitution when the data is output in PHP scripts. | 2 |
| /localhost/2/9.php | Examples of vulnerable scripts that don't initialize variables . | 2 |
| /localhost/2/10.php | ||
| /localhost/2/11.php | ||
| /localhost/2/12.php | ||
| /localhost/2/13.php | Scripts with a few vulnerabilities related to manipulations with uploaded files. | 2 |
| /localhost/2/19.php | ||
| /localhost/2/20.php | ||
| /localhost/2/21.php | ||
| /localhost/2/14.php | Vulnerable scripts that work with files. | 2 |
| /localhost/2/15.php | ||
| /localhost/2/16.php | ||
| /localhost/2/18.php | ||
| /localhost/2/17.php | Demonstration of a vulnerability caused by improper filtration when calling the system() function. | 2 |
| /localhost/2/22.php | Demonstration of the preg match() function. | 2 |
| /localhost/2/23.php | Demonstration of how a visitor's IP address can be detected . | 2 |
| /localhost/2/form1 .html | Demonstration of simultaneously sending GET and POST parameters. | 2 |
| /localhost/2/http.php | A script that generates any HTTP request. | 2 |
| /localhost/2/passwd.db /localhost/2/passwd .txt | Files that shouldn't be accessed for reading by a remote user. The examples demonstrate how a malicious user can access these files. | 2 |
| /localhost/2/data/ | A folder containing files used in the examples. | |
| /localhost/2/upload/ | A folder for files uploaded in the examples. | 2 |
| /localhost/3/ | Examples that demonstrate the SQL injection vul- nerability. | 3 |
| /localhost/3/1.php | Examples of vulnerable scripts. | 3 |
| /localhost/3/2.php | ||
| /localhost/3/3.php | ||
| /localhost/3/4.php | ||
| /localhost/3/5.php | ||
| /localhost/3/7.php | ||
| /localhost/3/8.php | ||
| /localhost/3/10.php | ||
| /localhost/3/11.php | ||
| /localhost/3/15.php | ||
| /localhost/3/6.php | Examples of invulnerable scripts. | 3 |
| /localhost/3/9.php/ | ||
| /localhost/3/12.php | A script that demonstrates investigation of a query. | 3 |
| /localhost/3/13.php | Another vulnerable script. | 3 |
| /localhost/3/14.php | A script that demonstrates methods for exploiting vulnerabilities in MySQL 3.x. | 3 |
| /localhost/3/16.php | An example of circumventing filtration that deletes keywords from received data. | 3 |
| /localhost/3/17.php | An example of a vulnerability that takes place after the ORDER BY construction. | 3 |
| /localhost/3/passwd .txt | A file with passwords that shouldn't be available to a remote user. The examples demonstrate how an attacker can exploit the SQL injection vulnerability to obtain the contents of this file. | 3 |
| /localhost/3/chr. php | A script that uses the char() function so that it returns a desired string. | 3 |
| /localhost/4/ | A folder with scripts and examples. | 4 |
| /localhost/4/1.php | An example of how HTTP Basic authentication can be implemented in PHP. | 4 |
| /localhost/4/2.html | An example of authentication implemented in JavaScript that redirects the user to a secret URL. | 4 |
| /localhost/4/3.html | An example of authentication implemented in JavaScript with using the hash of a password. | 4 |
| /localhost/4/admin.php | An example of a script whose protection is based on sessions. The protection engine is in a separate file. | 4 |
| /localhos1/4/auth5fger.html | A secret URL. | 4 |
| /localhost/4/login.inc.php | A JavaScript implementation of authentication based on pseudorandom session IDs. | 4 |
| /localhost/4/user.php | Another example of the use of authentication based on sessions. It demonstrates how different access levels can be implemented. | 4 |
| /localhost/5/ | Examples that demonstrate exploitation of the XSS vulnerability and protection from it. | 5 |
| /localhost/5/1.php | Examples of vulnerable guest books. | 5 |
| /localhost/5/4.php | ||
| /localhost/5/2.php | An example of a vulnerability caused by improper filtration of HTTP parameters. | 5 |
| /localhost/5/3.php | Setting test cookies. | 5 |
| /localhost/5/5.html | Demonstration of exploiting a vulnerability when apostrophes and quotation marks are filtered. | 5 |
| /localhost/5/image.gif | Demonstration of how statistics about users can be collected. | 5 |
| /localhost/6/ | A folder that contains scripts with vulnerabilities described earlier. The examples demonstrate how an attacker can circumvent protection implemented with the server configuration and services. Certain features require you to install appropriate software. | 6 |
| /localhost/7/ | Examples that demonstrate security issues related to shared hosting. There are scripts that manipulate files using the Web interface, PHP functions, or a database such as MySQL or PostgreSQL. | 7 |
| /localhost/cgi-bin/ | Perl scripts that demonstrate security issues described in the book. | 2, 3 |
| /localhost/cgi-bin/data/ | A folder with files processed with the scripts. | 2, 3 |
| /localhost/cgi-bin/incl/ | A folder with included files. | 2, 3 |
| /localhost/ogi-bin/passwd.db | Files that shouldn't be available to a remote user. | 2, 3 |
| /localhost/ogi-bin/passwd.txt | ||
| /localhost/zadachi/ | Tasks suggesting that you should investigate vulnerable test systems. | All |
| /usr/ | Software necessary to run the examples. | All |
| /usr/apache/ | A folder with the Apache server configured for the examples in the book. The server is ready to start. | All |
| /usr/php/ | A PHP interpreter configured for the examples in the book. | All |
| /usr/php/perl/ | A Perl interpreter. | All |
| /usr/php/bin/ | Components of the Perl interpreter. | All |
| /usr/php/lib/ | ||
| /usr/mysgl/data/ | MySQL database files used in the examples. | All |
| | ||
| | ||
| | ||
