Collaborate Disseminate
password_hash() is the recommended function in PHP to generate password hashes. The standard usage is password_hash($password, PASSWORD_DEFAULT); and default hash with PASSWORD_DEFAULT is bcrypt. The benefit is using the buil… Continue reading PHP password_hash (bcrypt) vs sha-3
I need to search the string on other files, but I can’t copy. Because when I paste it’s just blank space. Some times this code is injected on bootstrap.css and bootstrap.min.css, but now has pass to other *.css files. I know … Continue reading Code injection, need to search for string on other files
I am currently revising for computer security exam and I am stuck on the following question from past exam paper
1c <form action=”message.php” method=”get”>
2c <p>Message: ¡input type=”text” name=”message” /&… Continue reading Find security weaknesses in this website (exam question) [on hold]
Spam campaign features obfuscated .zipx archive that unpacks LokiBot attack. Continue reading LokiBot Trojan Spotted Hitching a Ride Inside .PNG Files
If you’re running Magento you should be on the look out for hackers testing stolen card data – it could get your PayPal account suspended. Continue reading Is your e-commerce site being used to test stolen card data?
Recently I found strange file inside Wordpress sources directory of a page I have written and I am maintaining. It was a luck case. I deploy my sources from git so when I typed git status on a server I saw one new file.
Besi… Continue reading Found malware in my WordPress, what is it and what it does? [on hold]
I run a little website that has a radio station on it. From time to time, I get listeners that when I search back through their IP, I get the generic IIS or Apache screen that are pages that are used when they are installed o… Continue reading How can someone detect if the website visitor is running a server? [on hold]
A researcher has discovered a high-severity bug in a popular PHP library used for creating PDFs. Continue reading Flaw in popular PDF creation library enabled remote code execution
suppose I have the following code that will display an image. The name of the image is supplied by the user as follows:
https://example.com/image.php?image=cat.jpg
My image.php file contains
$image = $_GET[‘image’];… Continue reading Is there a way to exploit file_get_contents that has a prepended website?
I’m using a rich text editor (Nicedit) with a cms project I’m making. In order to reduce the likelihood of SQL injections, I’m using the mysqli_real_escape_string function to escape the user input before putting it into the database.