PHP – Page 57 – WindowsTechs.com

PHP assert code injection

Posted on January 28, 2019 by Raphaël D

Not sure if in this case if it is possible to inject malicious code in $entityId and if it will be processed by php.

$entityId = $_GET[“name”];

public function getMetaData($entityId) {
assert(‘is_string($entityId)’);
}

… Continue reading PHP assert code injection→

RSA message not the same after the description

Posted on January 27, 2019 by oliver

I want to implement RSA in PHP, the problem I’m having is that it doesn’t work with prime numbers greater than 199

I have P and Q as 2 prime numbers between 11 and 199, mod = P * Q, n = (Q – 1) * (P – 1) and e = 65537.

If I… Continue reading RSA message not the same after the description→

How to extract and verify PDF signature (PKCS7) with openssl?

Posted on January 24, 2019 by nowox

I would like to detect signed PDFs in PHP and verify if the signature is valid. From this document I have written this PHP code below.

What it does is:

Extract the PKCS7 code (it works because I can get the details from … Continue reading How to extract and verify PDF signature (PKCS7) with openssl?→

RSA generating private and public keys

Posted on January 24, 2019 by oliver

I’m trying to implement RSA encryption in PHP. I’m stuck at generating the public and private keys.

I have P = 61, Q = 53, MOD = P * Q = 3233, N = (Q – 1) * (P – 1) = 3120. How do I chose the value of e after computing all G… Continue reading RSA generating private and public keys→

PHP PEAR supply chain attack: Backdoor added to installer

Posted on January 24, 2019 by Zeljka Zorz

Some additional details have emerged about the recent security breach involving the PHP PEAR (PHP Extension and Application Repository) webserver, but much is still unknown. What happened? The PEAR project maintains a system for distributing PHP softwa… Continue reading PHP PEAR supply chain attack: Backdoor added to installer→

Poisoned PEAR. PHP extension repository download infected for up to six months

Posted on January 23, 2019 by Graham Cluley

The administrators of the PEAR package manager website have taken the site offline, having discovered that hackers breached the site, and apparently planted malicious code into the software.
Continue reading Poisoned PEAR. PHP extension repository download infected for up to six months→

Name of this cipher/encoding method?

Posted on January 23, 2019 by Bruce Ediger

I see a common method of encoding in PHP malware where there’s some bytes of key, which gets used to decode that many bytes of encoded text. Decoded bytes get appended to the key on the fly. The decoding is subtracting the ke… Continue reading Name of this cipher/encoding method?→

PHP PEAR Site Hacked; Tainted Package Available for Months

Posted on January 23, 2019 by Liviu Arsene

The official PHP Extension and Application Repository (PEAR) website has been shut down after an apparent hack caused the original PHP PEAR package manager to be replaced by attackers with a tainted version. The framework developers have taken the webs… Continue reading PHP PEAR Site Hacked; Tainted Package Available for Months→

Security for FTP connection within a server

Posted on January 23, 2019 by Vishnu

In PHP, I am accessing another user’s files using FTP on the same server. In this case, do I need to use secure FTP or is it ok to have normal FTP as both source and destination are on the same server?

Continue reading Security for FTP connection within a server→

how to exploit file upload functionality

Posted on January 19, 2019 by user8255299

I’m pentesting a website, where i’m testing an upload functionality and it only accepts pdf files and when we visit the url where the file gets uploaded it shows download prompt instead of any content. so i was able to bypass… Continue reading how to exploit file upload functionality→