Collaborate Disseminate
This question already has an answer here:
How does password_hash/password_verify in php work?
2 answers
I’ve been using p… Continue reading Why does php password_hash() generate different hashes for the same input? [duplicate]
I would like some advice on how to troubleshoot a problem on Wordpress/Apache/PHP/MySQL
I am looking at the following:
select *
from wp_options opt
where option_name like ‘%wp_user_roles%’
order by option_name
Yesterday, fo… Continue reading user_roles getting deleted from wp_options table in wordpress
Say you have a website which takes file uploads of a certain type and places them in a subdirectory (let’s call it “videos”) in the web root.
I have heard from various sources that trusting uploaded files is never safe, beca… Continue reading Is storing files under a web server root unsafe if it is handled by PHP and blocked by the web server site configuration file?
I am pentesting a PHP website running on Apache in a Ubuntu server.
I found a vulnerability that allows me to write files to the target system.
I know it’s possible to write a php shell to the HTTP root directory and get RCE… Continue reading Is it possible to gain RCE from Arbitrary file write by an unprivileged user?
I’m by no means a security expert. I own a very small personal site which I wrote in php mostly for practice and all that.
I noticed a weird url call in my logs
process.php?d=MV0f+F6R+6Nn/B4VDh1FRJ9fSEjpPw==&b=1
I tri… Continue reading I saw a weird url in my logs, dunno how to proceed
In a LAMP environment is it possible for an upload to create a directory/folder and if so how to prevent it via PHP?
I recently built a Downloads Manager that will debut though before I do so I want to know what file extensions I should explicitly disallow from being accepted?
Running LAMP/WAMP the most obvious I’ve come up with since the … Continue reading File extensions that should NOT be allowed to be uploaded
Our hosting provider wants to update our legacy application server (Plesk).
We usually place older PHP projects (PHP 5.3 – 5.6) there, so they can sit in a stable environment until their unknown EOL.
Now the thing is, our p… Continue reading Does it really improve security to update PHP interpreter version without any code changes at all?
I need some serious help. I managed to upload a PHP shell using an upload form with some tweaking. No such restrictions except it renames the uploaded file to md5.But when I tried to execute the shell, It shows a 500 error. I… Continue reading Unable to execute PHP, throws 500 error. Able to upload and execute all others
I have a follow up question on this answer about executing image files as php. The answer explains that nginx support virtual directories. One can run
www.something.com/blan.php/one/two/3
and one/two/3 will be virtual sub… Continue reading How can nginx run a file with jpg extension as a php file?