Collaborate Disseminate
I’ve found a couple of suspicious-looking PHP files on my webserver obfuscated by a substantial block of eval. Ideally, I’d like to know what they do, but I’m struggling to decrypt them.
Everything else on the server matches my git repo, s… Continue reading If a malicious PHP file never appears in the Apache log is it safe to assume it never executed?
I’d like to set up a PHP web server so that the PHP can not read PHP files.
The reason is that we had some attacks where people were able to read (instead of executing) PHP files and thereby get access to sensitive information like databas… Continue reading How to prevent PHP to read PHP files [closed]
I’d like to set up a PHP web server so that the PHP can not read PHP files.
The reason is that we had some attacks where people were able to read (instead of executing) PHP files and thereby get access to sensitive information like databas… Continue reading How to prevent PHP to read PHP files [closed]
Impacted are PHP-based websites running a vulnerable version of the web-app creation tool Zend Framework and some Laminas Project releases. Continue reading RCE ‘Bug’ Found and Disputed in Popular PHP Scripting Framework
I am currently developing a Slack app in PHP.
I’m trying to make the app as secure as possible, that’s for sure.
So far, I have done the following:
Verified the requests using signing secrets
Making sure the requests are less than 5min ol… Continue reading Using parametrized queries in PHP
I am currently developing a Slack app in PHP.
I’m trying to make the app as secure as possible, that’s for sure.
So far, I have done the following:
Verified the requests using signing secrets
Making sure the requests are less than 5min ol… Continue reading Using parametrized queries in PHP
I was trying to reproduce this vulnerability:
https://www.exploit-db.com/exploits/49294
According to the explanation, it is possible to bypass a check in a Wordpress plugin by appending a special char after php extension.
I was trying the … Continue reading PHP execution with special characters in the end
I am a beginner PHP programmer and wanting to continue learning everything that catches my attention, I analyze it until I understand it. I recently came across about 2 pages online, a store and a payment processing page like PayPal, and I… Continue reading What security can cookies give to my website?
in a certain page I have a newsletter subscription form, where the user enters his e-mail address and then through PHP an authenticated e-mail is sent to myself with the user’s information (e-mail address he declared, IP address, Hostname,… Continue reading php / email / iis
A year or so ago, I set up this system which, whenever Composer (that’s PHP’s packet/library update manager) fetched new updates to my few (but critically required) third-party libraries, created a copy of the Composer dir and opened up Wi… Continue reading Do people even exist who actually vet all the updates to their open source software?