Collaborate Disseminate
I have been working on a project and I wonder if it’s possible to exploit curl_exec function while in PHP.
Scenario:
I have the PHP script that checks a domain for me, but the curl is not secured, can it be exploited via the request, ex:… Continue reading Is it possible to exploit php curl?
i have found a simple script php with untrusted user input to make a captcha
I would like to know if this practice can lead to a code exuction or os command injection ?
The user input looks like this :
https://x.com/x.php?captcha=YToyOnt… Continue reading Insecure captcha to RCE? [closed]
.htaccess is now a very common URL rewrite to make it SEO friendly and cover the database IDs.
What are the ways to explore php file on the server given to URL via .htaccess?
Example :
The URL is www.domain.com/news/56.
I expect to fin… Continue reading How to find PHP filename and ID of the URL?
I “minimally trust” the PHP and PostgreSQL projects to provide non-compromised binaries of their respective programs, which I both depend on. This means that I trust them in the sense that I have no real choice but to trust them.
However,… Continue reading Am I missing something in regards to using third-party PHP libraries?
Why are stored procedures and prepared statements the preferred modern methods for preventing SQL Injection over mysql_real_escape_string() function?
phpmyadmin
picture
index.php file
$id = ‘8’;
$idr = $row[‘id’]; echo ‘id-‘.$id.’ : ‘;
for ($i = 0; $i <= $id; $i++) {
$sql=”SELECT * FROM menu WHERE parent=’$i’ “;
$result = mysqli_query($db,$sql);
$slug = $row[‘slug’]; echo $… Continue reading how create sorting sql/php with parent
I am working with a PHP vulnerability. Below is the code snippet. Basically, I need to print the contents of get_flag.php.
My train of thought is that the following could be the vulnerabilities in the code
The global $secret variable
The … Continue reading Print contents of PHP file in CTF
I’m in the process of creating a password reset functionality for my project. I currently have my website send a password reset link to the user’s email if they request it and validates the link properly when clicked (checks for selector a… Continue reading Is it safe to save a user’s email into php session variable for later use?
I started learning PHP and I wanted to practice PHP code using xampp or wamp server. But after reading this and doing some google research,I thought that installing server software on my home pc might be dangerous. I thought it would be … Continue reading Installing xampp on virtual box?
Suppose I have a very simple PHP application that acts as a front-end for an SQL database. The user enters their query into a box, and the app shows the query results in a table.
To prevent a user from modifying the table, the SQL user o… Continue reading Is SQL injection still a bad thing if the user is restricted to non-harmful queries?