PHP – Page 50 – WindowsTechs.com

Exploit include_once in PHP Code

Posted on June 2, 2019 by koapsi

For a project we were asked to find and exploit the “Remote Code Injection” vulnerability of a web application. After hours of search (we have the source code of the web application as it is running on localhost), we came to … Continue reading Exploit include_once in PHP Code→

Are public paths/folder structures mean security risks for a website?

Posted on June 2, 2019 by Catso

I’m just wondering..
Are public,visible paths/folder structures mean security risk for a website? For example, as you can see our folder structure and file names are clearly visible in our ajax calls. This code is public beca… Continue reading Are public paths/folder structures mean security risks for a website?→

PHP to hack web pages? [on hold]

Posted on June 2, 2019 by Freddy Limachi Ortega

I want to start studying hacking, and what I want to know if it is necessary to have knowledge in php to hack a web page made with php, I currently have knowledge in python, mysql, html and javascript, thanks in advance

… Continue reading PHP to hack web pages? [on hold]→

Semantic URL Attack Mitigation

Posted on June 1, 2019 by Cash-

I want to know what is the best approach for preventing URL Jumping / URL Tampering Attacks

Example

updateprofile.php?uid=1

I can change to

updateprofile.php?uid=2

I can update the second user’s profile without loggi… Continue reading Semantic URL Attack Mitigation→

‘=’ ‘OR’ SQL Injection Login Bypass Question

Posted on June 1, 2019 by Cash-

I was testing SQLI Cheatsheets on a vulnerable test site.
This particular injection ‘=’ ‘OR’ seems to work on the login page.

Why does that injection work? What’s the back-end SQL code, if I could imagine myself?

I used Bur… Continue reading ‘=’ ‘OR’ SQL Injection Login Bypass Question→

How to ignore htmlentities() to steal cookies in php page

Posted on May 27, 2019 by Rick Williams

I have a messageboard running at http://10.8.0.240/a9q2/messageboard.php.

I can use my ‘student’ login to login the messageboard and post messages which can be seen by the admin and other students.

The admin has a “secre… Continue reading How to ignore htmlentities() to steal cookies in php page→

Static analysis technique [on hold]

Posted on May 27, 2019 by Jiahao Cai

Is there a static analysis technique work as follows:
For example, given the following code,

$table = [‘a’, ‘b’, ‘c’, ‘d’, ‘e’];
$index = rand(0, 1000) % 5;
$val = $table[$index];

Pick a variable $val, the technique can … Continue reading Static analysis technique [on hold]→

Presistent XSS Filter Bypass Question

Posted on May 27, 2019 by Cash-

I was testing out a stored XSS on a test site I made which is vulnerable so the problem is when I tried executing the usual “><script>alert(‘XSS’)</script>

It did not work instead. But this particular “>&lt… Continue reading Presistent XSS Filter Bypass Question→

how can i bypass chrome Cross-Origin Blocking to perform dns rebinding?

Posted on May 25, 2019 by mina nageh

here is the article that i am trying to follow .. DNS-Rebinding-Attack

i didn’t use linux like the Writer did …. i registered an account on a Free Web Hosting site … then uploaded the php files on it after adding my rout… Continue reading how can i bypass chrome Cross-Origin Blocking to perform dns rebinding?→

how use IFrames in my site for surfing Ads by site users without risking?

Posted on May 25, 2019 by edopro

How to use ip Iframe on my site without risking for surfing ads by site users, safely?
Is iFrame a good way?

What methods can be used for security?
Displ… Continue reading how use IFrames in my site for surfing Ads by site users without risking?→