Collaborate Disseminate
On an small audience highly confident web application we are about use CSP to add a level of security. Most parts of the application could be moved to script files and script-src set to ‘self’ would be sufficient. Some parts however still… Continue reading nonce generation based on php session id
A web server running iis 10 ,PHP (windows) allows users to upload any type of pdf (the location and filename does not change on the server ). The files uploaded go though some file extension check which I was unable to bypass(I tried addin… Continue reading What can I do with a Pdf upload vulnerability on a CTF server?
I’m not sure if this is a valid way how to filter LFI, because if you bypass in_array function you can include any file, for example /etc/passwd.
Is it possible to bypass in_array function?
<?php
$file = $_GET[‘file’];
$files = array(&q… Continue reading Is this really a way to filter LFI?
I am doing a pentest, and I got a shell on the server. I got the DataBase connections from phpconfig. dbname, dbhostname, user, password. How can I access such a database and retrieve its data?
Continue reading How to Use Database Connections Credentials?
I have a PHP system and I need to store some tokens for operations like:
Database username and password
API token
Keys for encryption
It turns out that for a long time only I manage the source code, but soon other people will need to mai… Continue reading Best practice for storing security tokens in source code [duplicate]
The Python module “ctx” and a fork of the PHP library “phpass” have recently been modified by an unknown attacker to grab AWS credentials/keys and send them to a Heroku app. But what at first seemed like the work of a malicious … Continue reading Hijacking of popular ctx and phpass packages reveals open source security gaps
More supply chain trouble – this time with clear examples so you can learn how to spot this stuff yourself. Continue reading Poisoned Python and PHP packages purloin passwords for AWS access
I want to filter user input like this:
$data = file_get_contents(‘php://input’);
if ($data != null && $data !==”) {
$parsedData = json_decode($data, true);
}
// find quickmodule name
$moduleName = $_GET[‘module’];
// valida… Continue reading PHP 7.4.3 preg_match bypass
I am trying to find bugs in a source code in php and I found this
<?php
$Key=$_POST["key"];
$FileName=$_POST["filename"];
$FileData=$_POST["filedata"];
$Key=(base64_decode($Key));
$FileName=(ba… Continue reading File can upland bug works on my localhost but it’s not working on the server [closed]
I am interested in to find out how download video from different social networks websites work. As I understand, we sending post request with video url, after that, on the backend we somehow get this video source, sending back to frontend … Continue reading Question about video downloader websites and encrypted response [closed]