PHP – Page 53 – WindowsTechs.com

Unknown code on my website comments [on hold]

Posted on April 29, 2019 by 567hz

During the last few weeks, I often find on my website these “Comment”:

{“name”:”BryantFlogy”,”email”:”cgorillamail@gmail.com”,”message”:”Hi,
htmlkurss.xyz \r\n \r\nI've been visiting your website a few times
and de… Continue reading Unknown code on my website comments [on hold]→

Disable login page for DVWA [on hold]

Posted on April 29, 2019 by Jshee

I am doing some “non-nefarious” testing for my own knowledge and want to disable the login page for DVWA (http://www.dvwa.co.uk/)

The login page includes code that should be modified, and I found this post about this very t… Continue reading Disable login page for DVWA [on hold]→

Metasploit Exploitation with Virtual Hosts (PHP_Include Exploit)

Posted on April 28, 2019 by asphyz

I am currently trying to build an example of a host vulnerable to Remote File Inclusion vulnerabilities. I have a docker application which hosts 3 vulnerable websites, and in order to access them I have my hosts file set up a… Continue reading Metasploit Exploitation with Virtual Hosts (PHP_Include Exploit)→

GoDaddy Shutters 14,000 Subdomains Tied to ‘Snake Oil’ Scams

Posted on April 26, 2019 by Tom Spring

GoDaddy worked with researchers to shut down 15,000 domain-shadowing websites tied to bogus affiliate marketing offers promoted via spam campaigns. Continue reading GoDaddy Shutters 14,000 Subdomains Tied to ‘Snake Oil’ Scams→

Plausible scenario for a PHP session fixation attack with default settings?

Posted on April 24, 2019 by Your Common Sense

Recently I was musing on the problem and realized that I cannot think of a plausible scenario for a session fixation attack against a PHP application running with default settings.

Given session.use_only_cookies’s default va… Continue reading Plausible scenario for a PHP session fixation attack with default settings?→

Security issues with using JWT + cookies for session authentication?

Posted on April 22, 2019 by IMB

Trying to get my head around not using traditional $_SESSIONS to keep user logged-in across pages. Are there security issues with storing JWT in cookies to authenticate a user session?

Here’s a bare example of what I’m tryin… Continue reading Security issues with using JWT + cookies for session authentication?→

Uploading of backdoor results in the server removing file extensions. Any workaround? [on hold]

Posted on April 22, 2019 by Simiii123

I am totally new within the scene of information security, but find it extremely interesting and thus taking a course at my university, where we have to break into a website/webserver. The website is an image sharing website…. Continue reading Uploading of backdoor results in the server removing file extensions. Any workaround? [on hold]→

PHP HTTP Reverse Shell?

Posted on April 16, 2019 by ayoa

Is there a PHP HTTP reverse shell? I haven’t been able to find one, only ones that transmit using TCP packets (not HTTP).

Note, I mean actually using HTTP packets as the C2, not just transmitting TCP packets over port 80.

M… Continue reading PHP HTTP Reverse Shell?→

Is there a cleaner way to save a copy of an object (with its data) for access throughout the application than making it global?

Posted on April 15, 2019 by coolpasta

The framework is WordPress. There’s a thing such as “filters”. Filters are, more or less, global variables but without the stigma, the way they work is: you give the filter a name and what you want to be inside of it:

add_fi… Continue reading Is there a cleaner way to save a copy of an object (with its data) for access throughout the application than making it global?→

Bypassing password authentication in example PHP

Posted on April 12, 2019 by Charming Potato

I have pseudocode of the following script:

$pass = ‘…’;
$answer = ‘….’

extract($_GET);

if (($inp)) {
if ($inp === get_contents($pass)) {
return $answer
} else {
echo “Wrong!”
}
}

My … Continue reading Bypassing password authentication in example PHP→