Collaborate Disseminate
<?php
include("https://example.com");
?>
I came across the opinion that including webpages in such pattern can be dangerous; further more, in XAMPP for windows php.ini there is allow_url_include=Off ; perhaps because s… Continue reading Should including an external webpage in PHP be dangerous in principle?
I am creating a web application that is sending sensitive data between servers. I need to take user inputted web form data from website 1 (abc.com) and post the data to website 2 (xyz.com/api). Website 2 will capture the data from websi… Continue reading Sending Post Requests Server to Server
Somebody hacked my webserver and uploaded many of the following files with random names in different subdirectories of my webroot. The file looks something like this and – even though I managed to beautify it – I am unable to decipher the … Continue reading What does this potentially malicious php code do? [duplicate]
I am currently working on an implementation reading data from a csv file from within a WordPress plugin. It was suggested the file be added within the plugin in an assets directory. I have concerns in doing this. In particular, I’m worried… Continue reading Does adding a csv file to a wordpress plugin introduce security risks to the site?
Granulate announced the latest addition to its gProfiler, which now provides support to Graviton processors. With this new addition to gProfiler, organizations running workloads on ARM-based Graviton instances can enjoy out-of-the-box, system-wide visi… Continue reading Granulate gProfiler provides support to Graviton processors to improve code quality
I stumbled upon some strange entries in our PHP sessions, they look like this:
PHPREDIS_SESSION:${9923XXXXX+99XXXXXX} (<- I have changed some digits to ‘X’)
PHPREDIS_SESSION:http://hitbXXXXXXXXXXX.bxss.me/ (<- I have changed some let… Continue reading Source of strange sessions
Granulate released new Kubernetes filters feature to the company’s gProfiler. gProfiler is an open-source production profiling solution that measures the performance of code in production applications to facilitate computing optimization, improve code … Continue reading Granulate adds Kubernetes filtering feature to open-source gProfiler
The app is divided into two parts, the fronted – written with the Angular framework and the backend, simple PHP files which handle the login, API calls, etc.
My current flow is the following:
User creates an account/login. Credentials are… Continue reading Am I handling JWT token correctly?
Please explain how this recent Cockpit CMS exploit works, specifically using the $func operator of the MongoLite library, in more detail. How does it exactly make the PHP code behave?
As I understand it, the PHP code uses MongoLite to conn… Continue reading MongoDB NoSQLi in Cockpit CMS – use of $func?
PHP (and by extension WordPress) only supports MySQL native & sha256 password authentication.
MariaDB Server only supports MySQL native & ed25519 password authentication.
Since MySQL native password authentication uses SHA-1 and is… Continue reading Is MariaDB Server obsolete for PHP and WordPress projects?