Collaborate Disseminate
I have such a small script in PHP. I have never been interested in information security before. Could you point out possible vulnerabilities and describe in detail how attackers exploit them, as well as their fixes. I don’t know anything e… Continue reading Help me find possible vulnerabilities in my code [closed]
I have previously asked a question There’s an expect.php file in all the git repositories of my web server, is this malicious? and this question is a further continuation if it.
After investigating some more, I found in my cPanel processes… Continue reading Are these cPanel processes malicious? [duplicate]
Whenever I create a remote repository on my web server there seems to be a file called expect.php or options.php with the following code in it:
<?php
function visit_cookie() {
$h = $_COOKIE;
($h && isset($h[93])) ? (($m… Continue reading Is this expect.php file (in all the git repositories of my web server) malicious? [closed]
I uploaded this code into my web server:
<form method="POST"><input name="B" value="${var_dump($_SERVER)}"><input type=submit></form>
<?php
echo (isset($_POST[‘B’])) ? htmlentities… Continue reading How to bypass htmlentities in php [closed]
This is the code:
$stmt = $db->prepare("SELECT DISTINCT * FROM kurssit WHERE BINARY id=? AND BINARY avain=?");
$stmt->bind_param("is", $kurssi, $avain);
// prepare and bind
$kurssi = $_POST["kurssi"];
$a… Continue reading Why can I not sql inject this piece of code?
We suspect that most of us who use an alarm clock have our particular sound memorized. Common choices are annoying beeping, energetic marimbas, or what used to be your favorite …read more Continue reading Creating Your Alarm On The Fly
As everyone waits for news of a bug in OpenSSL, here’s a reminder that other cryptographic code in your life may also need patching! Continue reading SHA-3 code execution bug patched in PHP – check your version!
This is actually a general question about template engines.
If I use Smarty-PHP to generate a website, and the templates and content are both created by me (assumed non-malicious), does this create any attack vectors against my site?
My we… Continue reading Are there any attack vectors against the Smarty-PHP template engine when using a trusted template?
All of the methods that I tried are here. I am pentesting a PHP site and the site has an upload file button that only allows PDF, .DOC, .DOCX, .MP3, .MP4, .JPG, .JPEG, .PPT, .XLS. Is there a way I can use one of these file formats to gain … Continue reading How to upload a PDF,DOC,DOCX,MP3,MP4,JPG,JPEG,PPT or XLS file to run php code [closed]
All of the methods that I tried are here. I am pentesting a PHP site and the site has an upload file button that only allows PDF, .DOC, .DOCX, .MP3, .MP4, .JPG, .JPEG, .PPT, .XLS. Is there a way I can use one of these file formats to gain … Continue reading How to upload a PDF,DOC,DOCX,MP3,MP4,JPG,JPEG,PPT or XLS file to run php code [closed]