PHP – WindowsTechs.com

Problem bypassing a PHP WAF for SQLi

Posted on April 15, 2024 by Dinnerboard

I am working to bypass this WAF, but I have some problems.
$args_arr=array(

‘sql’=>"[^\\{\\s]{1}(\\s|\\b)+(?:select\\b|update\\b|insert(?:(\\/\\*.*?\\*\\/)|(\\s)|(\\+))+into\\b).+?(?:from\\b|set\\b)|[^\\{\\s]{1}(\\s|\\… Continue reading Problem bypassing a PHP WAF for SQLi→

Is PHP Declining In Popularity?

Posted on April 14, 2024 by EditorDavid

The PHP programming language has sunk to its lowest position ever on the long-running TIOBE index of programming language popularity. It now ranks #17 — lower than Assembly Language, Ruby, Swift, Scratch, and MATLAB. InfoWorld reports:

When the… Continue reading Is PHP Declining In Popularity?→

How to sanitize $_SERVER url variables?

Posted on April 8, 2024 by rami300

An attacker used the HTTP_REFERER variable to inject Javascript by sending the following in the Header:
Referer:
javascript:alert(document.c… Continue reading How to sanitize $_SERVER url variables?→

Phar file deserialization in PHP < 8.0

Posted on April 8, 2024 by OrenIshShalom

TLDR:

I want to reproduce the RCE from phar file deserialization described in GitHub/advisory/97m3.
I fabricate an html file that includes a malicious svg file in its <img> tag.
Adding debug prints, I make sure I hit file_exists wit… Continue reading Phar file deserialization in PHP < 8.0→

How dangerous is this suspicious PHP code? [closed]

Posted on March 15, 2024 by mwfearnley

I found this code on my web server in /wp-content/uploads/2023/index.php:
$hello_dolly[]=’b8f878fc41d0fd3c’;
$hello_dolly[]=$_POST;
$hello_dolly[]=’color’;
if (isset($hello_dolly[1][$hello_dolly[0]])) {
$dolly = $hello_dolly[1][$hello_… Continue reading How dangerous is this suspicious PHP code? [closed]→

I have access to companies internal files through SSRF and Path traversal both but want to leverage it further to website takeover

Posted on March 9, 2024 by oo7hacker

I have access to companies internal files through SSRF and Path traversal both but want to leverage it further to website takeover. Thus I can increase the impact and get more bounty then what they will pay now.
I have access to files like… Continue reading I have access to companies internal files through SSRF and Path traversal both but want to leverage it further to website takeover→

Hackaday Links: March 3, 2024

Posted on March 4, 2024 by Dan Maloney

Who’d have thought that $30 doorbell cameras would end up being security liabilities? That’s the somewhat obvious conclusion reached by Consumer Reports after looking at some entry-level doorbell cameras available …read more Continue reading Hackaday Links: March 3, 2024→

How to prevent absolute path traversal in EasyPHP Webserver 14.1

Posted on February 23, 2024 by luminare

In the EasyPHP Webserver 14.1 software, there is an Absolute Path Traversal vulnerability in the dashboard index.php page.
https://www.exploit-db.com/exploits/51430
I reviewed the source code and tried to look for the vulnerable code but I… Continue reading How to prevent absolute path traversal in EasyPHP Webserver 14.1→

About .php virus, if not open or executed can it still infect you? [duplicate]

Posted on February 19, 2024 by panyin

Can a .php virus infect you from a download only even if you dont open it or execute it? And what can it do on a mobile device, is it still as dangerous as in a PC?

Continue reading About .php virus, if not open or executed can it still infect you? [duplicate]→

Can I set session time to 10 days without risking security issues?

Posted on February 14, 2024 by hyemark

We have a WordPress form that collects data on what marketing source (UTM) the user came from and upon submission, sends that UTM data to a 3rd party. Recently, a client asked me to have a web session to remember this session data for up t… Continue reading Can I set session time to 10 days without risking security issues?→