Collaborate Disseminate
I manage a Debian GNU/Linux web server (Debian 10 Buster with its bundled 4.19 kernel). I put in place simple iptables logging rules a long time ago, among other things. Here they are:
# iptables -A OUTPUT -d [mySmtpSmarthost]/32 -p tcp -m… Continue reading Does a log entry with "SPT=81" despite nothing listening on that port indicate my server is hacked?
If a website is vulnerable to Local File Inclusion (LFI), how can you use it to find out the PHP version? Is there any file which says the version of PHP being used. I’m trying to do a PHP sessions LFI to RCE attack, but I don’t know where… Continue reading How can you find the PHP version a website is using using LFI?
I am creating a website with the CMS MediaWiki and its extension named ContactPage. The website is principally all core and I use only that one extension ContactPage (as one which is not one of the core extensions already shipped with the … Continue reading Is a simple text field a good alternative for phone/website fields if a form’s data isn’t saved in a database?
Hi I’m relatively new to sqlmap and trying to find an exploit in my project web. Here is how i run it;
python3 sqlmap.py -u http://localhost/output3/members.php?valueToSearch=mira
I have tried to use the various variables along with it as… Continue reading sqlmap SQL injection not injecting [closed]
I want to know if is bad to trust the PHP’s global variable $_SERVER values.
I have a scenario that I change between developer and production site, and I have a config.php file. On this file, I check $_SERVER[‘SERVER_NAME’] value, to deter… Continue reading Is it bad to trust PHP’s $_SERVER information?
My laptop (hp) has been harshly hit by a ransomware virus, and i really need to retrieve my files (PhD thesis and academic resources), I tried many ways and many other professionals did the same but no result is scored. Can someone guide m… Continue reading How should I retrieve my files in my laptop?
Let’s say I have the following PHP code:
<?php
echo file_get_contents($_GET[‘path’] . ".txt");
Obviously, it’s insecure as path traversal is possible when passing e.g. ../../file as a GET parameter.
But is there any way f… Continue reading Can string concatenation in file_get_contents() be exploited in PHP?
I made a Webshop system with HTML, CSS, PHP and JavaScript. I read many security articles. I used OWASP ZAP, Mozilla Observatory, and Arachni to find vulnerabilities and fix them. The tools say my webshop is safe. But I’m not 100% sure if … Continue reading How to check the security of a webshop? [closed]
I’m only a beginner so if any more info is needed just request and i’ll update the question.
For one of my modules we are covering cross-site scripting and I have been given a series of PHP files that I need to get a script through to prin… Continue reading Bypassing htmlentities() for XSS attack
This is about a PHP7.4 based shopping platform (opencart (v3.0)).
For testing purposes I had a dummy set up at site.com/xyz. The admin page of that was site.com/xyz/admin. The login and pw for the admin page was also admin. I know, but the… Continue reading How to trace script injection/infection in php app