Symfony Encryption
I’ve identified encryption keys along with an encrypted database by symfony using AES-128. Does anyone know what cipher-suite symfony encrypts/decrypts data using and if they use a nonce/IV how is it derived?
Category Archives: PHP
Storing server-side secret key in environment variable – is a concern?
Is it a security concern to store server-side key in plaintext in environment variables? And specifically with PHP, would I be safe by not calling phpinfo() or other kind of dumper?
Continue reading Storing server-side secret key in environment variable – is a concern?
WordPress Suspicious:PHP Help [on hold]
I’ve tried to download a local copy of our website to play about with some minor front-end tweaks and my anti-virus flagged and prevented the download.
I used a plugin to scan WordPress and it flagged a file with this code:
… Continue reading WordPress Suspicious:PHP Help [on hold]
How do I escape webapp root directory in a php website?
This is part of a old CTF question which I’ve had trouble solving. I’m not sure what approach to take.
I’m given a single site:
http://user:token@host:port/public/index.php
the flag is in /tmp/flag.txt
Index.php is basica… Continue reading How do I escape webapp root directory in a php website?
WordPress WP Live Chat Support Plugin Fixes XSS Flaw
A cross-site scripting flaw in a popular WordPress plugin enables an unauthenticated attacker to insert JavaScript payloads into impacted websites. Continue reading WordPress WP Live Chat Support Plugin Fixes XSS Flaw
How are the laws considering storing country details of visitors of my website? (calculated of their ip adresses) [migrated]
I wanted to add the country of the people who left a review on a website but I was wondering how this regards towards the laws about privacy. I have been doing quite some research into this topic but there weren’t any solid a… Continue reading How are the laws considering storing country details of visitors of my website? (calculated of their ip adresses) [migrated]
How do scanners know which apache2 modules are installed?
My machines routinely get scanned by Qualys and other scanners that report my supported and patched version of php as wildly out of date (even though they’re patched quarterly, I get flagged on ancient CVE’s for php and apach… Continue reading How do scanners know which apache2 modules are installed?
Preferred access mode for a directory with PHP scripts and the PHP script itself
The people I work with have the tendency to set the access mode in numerical notation to 777 every time they face access right problems.
The mess is caused by using many users.
The creator of files (user: john),
The php … Continue reading Preferred access mode for a directory with PHP scripts and the PHP script itself
Is this scenario a file upload vulnerability?
I’m testing for file upload and the website has an extension and content type check (png/ jpg). But on intercepting using burp, I’m able to change the content to php code (content-type being image/png). The file gets uploaded… Continue reading Is this scenario a file upload vulnerability?
‘ OR 1=1/* SQL Injection Login Bypass Question
Recently I came across a SQL Injection Cheat Sheet which contains this particular cheat sheet which I am confused by ‘ or 1=1/*
Assuming I am testing it on this server-side code below.
SELECT * FROM users WHERE login=’$logi… Continue reading ‘ OR 1=1/* SQL Injection Login Bypass Question