Collaborate Disseminate
If you’re looking for a simple-to-use web-based GUI for administering your relational MySQL databases and then some, Adminer may be what you’re looking for. Continue reading How to Install Adminer on Ubuntu Server
I today found some files created and deleted and edited on my website. I don’t know how it is done. But I know it can be done by some PHP Functions like :
mkdir(‘Folder’); file_put_contents();scandir();…
But these codes only execute if … Continue reading Running PHP commands on my website from a form input
I’m working on an assignment that I’m not sure how to approach. I have to emulate a network-attached storage server (NAS) with a possibly compromised server. In practice, I’m creating a local Laravel website to demonstrate security feature… Continue reading Transmission and storage of data on a compromised server
I have an Ubuntu server with a user "demo". The user has been setup to run a php script on login with usermod demo -s /path/to/php/script.php. The password for the demo account will be public, so anyone can use it.
The PHP script… Continue reading SSH to a public account which is forced to run a PHP script. What additional security measures do I need to take?
I am rewriting a php code in Java 8 where Rijndael-128 cipher (AES) is being used for encryption decryption. The IV being used is 16 characters (128 bit) long, but the key being used is 18 characters (144 bit) long.
I have tried to write e… Continue reading Using random block size for Rijndael-128 with CBC mode [migrated]
I encountered a funny User-Agent header that is a Base64 encoded value of a serialised PHP object. It was only by chance that it didn’t fit in the MySQL field where such agents are logged, resulting in an error logged in Sentry.
This is li… Continue reading PHP exploit attempt using User-Agent header: base64 encoded string containing a serialised PHP object [closed]
A friend challenged me in a programming question: You have a list of paths, make the paths a multidimensional associative array of paths.
Sample input:
$paths = [
"a/a/a",
"a/a/b",
"a/b/a"
];
Samp… Continue reading PHP, is addslashes() in eval() really that unsafe?
I am creating a simplified lead and call management system for a friend’s small business.
I would like to know the best practices for hardening password storage and verification using PHP 7.4 and MySQL 7.4.30.
I would like something very s… Continue reading Best practices for storing passwords for PHP and MySQL applications [duplicate]
I am new to web security, and I need your help in confirming things. As the title says, I am looking for and researching for a safe way to take in user input that may contain special characters/HTML/bbcode/script tags and safely store it i… Continue reading Best way to store user input that has HTML tags and <script> tags and display it on client side as is but still being safe from mainstream attacks
I’m running:
Ubuntu 20.02
Apache/2.4.41
PHP 7.4.3
I am running a simple web server that will accept file uploads, store them and catalog them in a database.
When I check /var/log/apache2/error.log, I see
–2022-06-01 00:07:44– https://… Continue reading How do I prevent this PHP/Apache exploit?