PHP – Page 52 – WindowsTechs.com

Is my session schema vulnerable to session fixation?

Posted on May 10, 2019 by Chetan Soni

I have a PHP application, where two session IDs are being used.

I will use foo and bar as example for those session IDs.

The foo session ID is being generated at the login page.
The bar session ID is being generated after a successful … Continue reading Is my session schema vulnerable to session fixation?→

Is php code with such features vulnerable to RCE?

Posted on May 9, 2019 by Alex Velickiy

I’m participating in one bugbounty program.
This site runs on php (Apache) and uses amfphp library.

Here are the things I found I can make this library do for me:

Include (include_once call) any file on disk that ends with… Continue reading Is php code with such features vulnerable to RCE?→

Serious Phar Flaw Allows Arbitrary Code Execution on Drupal

Posted on May 9, 2019 by Lindsey O'Donnell

Drupal, Typo3 and Joomla are all impacted by the bug. Continue reading Serious Phar Flaw Allows Arbitrary Code Execution on Drupal→

SQL injection authentication bypass

Posted on May 9, 2019 by Cash-

I am testing a SQLi login bypass on the PHP code below:

if(isset($_POST[“login”]) && isset($_POST[“password”])) {
$sql=”select * from users where login='{$_POST[“login”]}’ and password='{$_POST[“password”]}'”;
… Continue reading SQL injection authentication bypass→

Why Empire Launcher payload is not working in system() in PHP?

Posted on May 8, 2019 by Utkarsh Agrawal

I created a parameter passing through system() i.e. cmd. Now I run Empire tool with http listener and launch powershell launcher. Got the huge bunch of base64 encode string.

Now I pass this string to the parameter cmd, which was passing t… Continue reading Why Empire Launcher payload is not working in system() in PHP?→

How to spoof file extension when it is appended to the file name every time?

Posted on May 7, 2019 by Bill Richard

I have an arbitrary file upload vulnerability and I can put my file in any directory. Unfortunately, the serverside script appends “.jpg” ALWAYS to the end and I’m having trouble bypassing it. %00 (NULL), \, nothing seems to … Continue reading How to spoof file extension when it is appended to the file name every time?→

PHP code execution attempts on an ASP website

Posted on May 7, 2019 by Mrj

I found multiple PHP code execution attempts on my web server, which is running on asp. What happens when one attempts to execute php code on an asp web server? Will this create an impact on the server, and is there any chanc… Continue reading PHP code execution attempts on an ASP website→

WP Live Chat WordPress Plugin Re-Patches File Upload Flaw

Posted on May 6, 2019 by Lindsey O'Donnell

After researchers were able to bypass a file upload validation flaw patch in WP Live Chat, a new patch has been issued. Continue reading WP Live Chat WordPress Plugin Re-Patches File Upload Flaw→

encrypting file and user have public key to decrypt in barcode

Posted on May 4, 2019 by KristenL

I want code very secure system and I need some answers and help.

Is this secure if encrypting file and it is possible decrypt with barcode/QRCode where is decryption key to view it.

I’ve thinking of use libsodium and ARGON2… Continue reading encrypting file and user have public key to decrypt in barcode→

How to check if this attack was successful?

Posted on May 2, 2019 by Alex

Having no clue about these hacking/ injection attacks, I really wonder what this is called and how to check if damage was done. If this is the wrong place to ask, I’d appreciate some guidance on how to proceed.

Our website r… Continue reading How to check if this attack was successful?→