PHP – Page 43 – WindowsTechs.com

RFI not working properly, how to open a shell? [on hold]

Posted on November 12, 2019 by ismaeel ali

When i am trying to backdoor a web page given to me to find a specific file, upon requesting a shell i am given the following warnings on the page, and no other information is given. Should a shell pop up? I am kind of new to… Continue reading RFI not working properly, how to open a shell? [on hold]→

Secure GET-based remote API access via PHP

Posted on November 11, 2019 by xorist

I am programming a way in PHP for my users to be able to access a remote API though my website. I was wondering if any of you had some input on whether or not this was secure (NOT considering any vulnerabilities that may be on the remote s… Continue reading Secure GET-based remote API access via PHP→

How exactly works this SQL injection example related to the DVWA application?

Posted on November 10, 2019 by AndreaNobili

I am a software developer converting do application security and I have some doubts about SQL injection example.

I am following a tutorial related the famous DVWA: http://www.dvwa.co.uk/

So I have the following doubt (proba… Continue reading How exactly works this SQL injection example related to the DVWA application?→

what should be done to use sodium in a secure way?

Posted on November 7, 2019 by WesleyJ.

Now, I’ve done some research by googling about the subject and reading the manual and read
other topics about this at stackoverflow.

But still I have a question about the security and secrecy behind the encryption extenstion… Continue reading what should be done to use sodium in a secure way?→

Search Engine Poisoning

Posted on November 5, 2019 by byten

There are symptoms in google when doing a search like:

site: example.subdomain.domain.com (my pretend example site)

Search engine is returning a particular false result for 1 php web server where it:

1) Displays a generic … Continue reading Search Engine Poisoning→

Backend Authentication of Mobile App: Session ID vs. OAuth

Posted on November 4, 2019 by Fabian

Currently I am developing an iOS/Android app and a corresponding backend in PHP. In the last days I read a lot about user authentication and now I am a bit confused.

For now I am using a session ID for user authentication. A… Continue reading Backend Authentication of Mobile App: Session ID vs. OAuth→

Best way to let 2 servers communicate (with PHP) avoiding IP Spoofing?

Posted on November 1, 2019 by Virgula

Let’s say I have my ServerB that accept any request and it checks the PHPSESSID and compares the IP saved into the session (thanks to session values) with the IP that made the HTTP request. The IP saved into the Session is th… Continue reading Best way to let 2 servers communicate (with PHP) avoiding IP Spoofing?→

PHP team fixes nasty site-owning remote execution bug

Posted on October 29, 2019 by Danny Bradbury

The PHP development team has fixed a bug that could allow remote code execution in some setups of the programming language. Continue reading PHP team fixes nasty site-owning remote execution bug→

PHP Bug Allows Remote Code-Execution on NGINX Servers

Posted on October 28, 2019 by Tara Seals

CVE-2019-11043 is trivial to exploit — and a proof of concept is available. Continue reading PHP Bug Allows Remote Code-Execution on NGINX Servers→

PHP RCE flaw actively exploited to pop NGINX servers

Posted on October 28, 2019 by Zeljka Zorz

A recently patched vulnerability (CVE-2019-11043) in PHP is being actively exploited by attackers to compromise NGINX web servers, threat intelligence firm Bad Packets has confirmed. For a successful exploitation, target servers must have the PHP-FPM (… Continue reading PHP RCE flaw actively exploited to pop NGINX servers→