PHP – Page 7 – WindowsTechs.com

Vulnerability help in nginx/1.20.2 php/5.4.16 [closed]

Posted on May 14, 2023 by user292922

I’m studying, but I don’t know how to approach it, please help
Both nginx/1.20.2 php/5.4.16 were written in the header
nmap
80/tcp open http
443/tcp open https
8080/tcp open http-proxy
8443/tcp open https-alt

php.ini
display_errors… Continue reading Vulnerability help in nginx/1.20.2 php/5.4.16 [closed]→

PHP Packagist supply chain poisoned by hacker “looking for a job”

Posted on May 5, 2023 by Paul Ducklin

I pwned you! Gizza job! You know it makes sense! Continue reading PHP Packagist supply chain poisoned by hacker “looking for a job”→

Lfi to rce in PHP [closed]

Posted on April 28, 2023 by webhack31333

I’m currently working on a cyber wargame using LFI to get an RCE. However, there are not many readable files such as log files and environ. What attack should I try to read the flag? In the case of flag, it exists as an executable file wit… Continue reading Lfi to rce in PHP [closed]→

PHP website getting hacked – dir names changed [closed]

Posted on April 16, 2023 by Leonardo Santos

I’m new to PHP and Apache. I come from Node.js/Java backends and I’m new to this tech stack (PHP, CGI, Apache etc). My site currently uses ckeditor to handle user uploads and has high traffic. Often, someone, somehow just changes the names… Continue reading PHP website getting hacked – dir names changed [closed]→

PHP CTF: Vulnerabilities in PHP before 2007?

Posted on April 15, 2023 by Dave

I came across a CTF that i’m trying to solve, the goal is fairly simple: Bypass the authentication form and access the admin-restricted area. You can find the code snippet below.
Things to consider:

The CTF is a simulation and a demonstra… Continue reading PHP CTF: Vulnerabilities in PHP before 2007?→

PHP code review: is it open to object code injection through unserialize [closed]

Posted on March 24, 2023 by Dave

I’m trying to figure out if the code below is open to object injection:
<?php
// loggin level
define(‘CRIT’, 5);
define(‘ERROR’, 4);
// secret is defined somewhere in the script like this
define(‘SECRET’, ‘mYs3cr37P4… Continue reading PHP code review: is it open to object code injection through unserialize [closed]→

This is supposed to be vulnerable to SQL injection but I can’t really see how. Is it really that bad?

Posted on March 20, 2023 by None

See bellow php code that takes a url param, queries a db and then returns a string:
$inpt = ereg_replace("[^A-Za-z0-9" . ” . "]", "", $_GET[‘param’]);
$rtrn = $core_db->Execute("Select col1, col2, … Continue reading This is supposed to be vulnerable to SQL injection but I can’t really see how. Is it really that bad?→

What harm did the potentially hazardous file on my server cause? [closed]

Posted on March 18, 2023 by Abid

My hosting provider reported the following harmful file on my server
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-utf-8">
<title>utf</title>
</head&g… Continue reading What harm did the potentially hazardous file on my server cause? [closed]→

pick a value from array [migrated]

Posted on March 14, 2023 by Kaleem Rehman

i have a curl request which fetches response, response comes as plain text, i need to read a value from response.
i have used below method it works using ID, i want to use name of field rather than ID as sequence could change.
response rec… Continue reading pick a value from array [migrated]→

Can I have phpMyAdmin on a 2018 home laptop? [closed]

Posted on February 28, 2023 by Honzoraptor007

How does this work – will having a database ruin my computer performance in any way? And I don’t mean anything about security just laptop perofrmance. Thanks for answer.

Continue reading Can I have phpMyAdmin on a 2018 home laptop? [closed]→