PHP – Page 4 – WindowsTechs.com

I have access to companies internal files through SSRF and Path traversal both but want to leverage it further to website takeover

Posted on March 9, 2024 by oo7hacker

I have access to companies internal files through SSRF and Path traversal both but want to leverage it further to website takeover. Thus I can increase the impact and get more bounty then what they will pay now.
I have access to files like… Continue reading I have access to companies internal files through SSRF and Path traversal both but want to leverage it further to website takeover→

Hackaday Links: March 3, 2024

Posted on March 4, 2024 by Dan Maloney

Who’d have thought that $30 doorbell cameras would end up being security liabilities? That’s the somewhat obvious conclusion reached by Consumer Reports after looking at some entry-level doorbell cameras available …read more Continue reading Hackaday Links: March 3, 2024→

How to prevent absolute path traversal in EasyPHP Webserver 14.1

Posted on February 23, 2024 by luminare

In the EasyPHP Webserver 14.1 software, there is an Absolute Path Traversal vulnerability in the dashboard index.php page.
https://www.exploit-db.com/exploits/51430
I reviewed the source code and tried to look for the vulnerable code but I… Continue reading How to prevent absolute path traversal in EasyPHP Webserver 14.1→

About .php virus, if not open or executed can it still infect you? [duplicate]

Posted on February 19, 2024 by panyin

Can a .php virus infect you from a download only even if you dont open it or execute it? And what can it do on a mobile device, is it still as dangerous as in a PC?

Continue reading About .php virus, if not open or executed can it still infect you? [duplicate]→

Can I set session time to 10 days without risking security issues?

Posted on February 14, 2024 by hyemark

We have a WordPress form that collects data on what marketing source (UTM) the user came from and upon submission, sends that UTM data to a 3rd party. Recently, a client asked me to have a web session to remember this session data for up t… Continue reading Can I set session time to 10 days without risking security issues?→

Lax SameSite and POST (2 minute)

Posted on February 11, 2024 by Johnny

I was going through this link https://medium.com/@renwa/bypass-samesite-cookies-default-to-lax-and-get-csrf-343ba09b9f2b to understand CSRF using samesite. Does that mean that the LAX+POST issue has been resolved by Chrome, which means tha… Continue reading Lax SameSite and POST (2 minute)→

TIOBE Index News (January 2024): Programming Language of 2023 Goes to C#

Posted on January 16, 2024 by Megan Crouse

Keep an eye on Dart and TypeScript in 2024, TIOBE Software CEO Paul Jansen suggests. Continue reading TIOBE Index News (January 2024): Programming Language of 2023 Goes to C#→

How to publish a php website privately so I can make tests?

Posted on January 12, 2024 by can kaygısız

I want to publish my website as http secure connection but I want to keep it private so only I can view it. I want to prepare and test its security before its official release.
Is there any service providing this kind of thing or can anyon… Continue reading How to publish a php website privately so I can make tests?→

How can I pen test my .php website that I host on my local machine?

Posted on January 12, 2024 by can kaygısız

Pen testing my own .php website
Well, I’ve made some kind of forum type website where you can share posts comments and information. There is a login panel (/index.php) at first and it’s already secure enough to block users from entering &q… Continue reading How can I pen test my .php website that I host on my local machine?→

How dangerous is disabling PHPHighRiskMethodsVariables_BODY from the AWS ACLs?

Posted on December 13, 2023 by James Nugent

Problem
Users in my application are being blocked (by the AWS WAF) from uploading files with certain names. In the specific case I am trying to solve, the problematic string is .* System (.*).*.
Background
The block is coming from the PHPH… Continue reading How dangerous is disabling PHPHighRiskMethodsVariables_BODY from the AWS ACLs?→