Collaborate Disseminate
Is there any way that i can use the compromised website as the shell
What i am trying to achieve is to get a reverse shell on the machine,not a webshell.The target machine has a website hosted on it open to public.The machine is behind a … Continue reading Php intermediate shell
I came upon this script just by luck, actually. Ironically, it’s stored in a protected folder on my website and I don’t think
<?
$catches =’r’; $comforter =’$r)ciEVi’; $heroin = ‘SgD’;
$intimal = ‘T’; $eldin = ‘e’;$introspections= … Continue reading How do I go about decoding this malicious PHP script? [duplicate]
I would like to create a new token for each request and would like to us the following template-
<script>
var current_token=<?php echo $_SESSION[‘csrf_token’]; ?>
$.ajax({
type: “POST”,
… Continue reading Regenerating CSFR token in AJAX requests
I have a Laravel site, I thought I patched this issue already.
I got these in my session.php
‘secure’ => true,
‘http_only’ => true,
But OpenVas still detected that I still need to it.
It also listed it 3 times
Am I miss… Continue reading Missing HTTPOnly Cookie Attribute in Laravel 7
Applications are a gateway to valuable data, so it’s no wonder they are one of attackers’ preferred targets. And since modern applications aren’t a monolithic whole but consist of many separate components “glued together” … Continue reading Application threats and security trends you need to know about
I have a VPS. There is a web-application running on this VPS.
A user can log into his account, create a project (the system automatically creates a folder for this project) and then, he can create and edit PHP files via the file manager wi… Continue reading How to secure user folders on the server from the scripts running in other user folder on the same server?
I would kindly ask you to review the following code and tell me if it’s enough to prevent most of SQL injection and XSS attacks.
SQL injection: treated via PDO prepared statements;
XSS: All user’s inputs are parsed in every documents thr… Continue reading SQL injection and XSS prevention
I obfuscated my web software with srcProtector and I archived files, I uploaded a new version of the software on the website.
The problem is I forgot to copy files in a new path for backup.
VERY VERY BAD!
Code looks like:
I tried already … Continue reading I obfuscated my commercial software, i lost source [closed]
Kindly stop redirecting my questions to that unrelated one which doesn’t answer my question whatsoever. I’ve already read every answer there and it doesn’t help at all. If it did, why would I ask this much more specific question?
This has been a continous worry and problem for me for ages:
For practical and logical reasons, I am forced to trust some third-party PHP libraries. These are installed, updated and managed with Composer, and live in C:\PHP-untrusted-exte… Continue reading Is there some mechanisms in PHP to assign "less trust" to scripts in a given dir?