Collaborate Disseminate
I am new to type juggling attacks in PHP, and only just encountered a magic hash exploit in a war game recently.
Could someone explain why the below PHP code evaluates to true?
I understand that the ‘e’ letter for exponent causes PHP to th… Continue reading Type juggling in PHP [migrated]
I am working on the following war game from Defend The Web, which requires me to do a source code review to login as the user memtash. The code is on GitLab here.
Here is my methodology:
Reset the password for user memtash which causes me… Continue reading Crashing the sha1() function in PHP?
Imagine the following situation: you have a third party software which still uses PHP7 despite of the EOL.
The risk there will be further post-EOL vulnerabilities is as I estimated considerably higher that zero.
If it’s not possible to mig… Continue reading Post-EOL security patches for PHP7
I have a python script on a webserver. The user data are stored in a database. The python script receives the user data as parameters, e.g.:
python3 script.py –name "Andy Wright"
In the script.py, I will write the value of the … Continue reading Securing user input used as parameter for python script?
This bundle has nine interactive courses to help you learn a variety of high-demand coding skills faster and easier.
The post Learn how to code with interactive training for only $40 appeared first on TechRepublic.
Continue reading Learn how to code with interactive training for only $40
I would like to apply 2FA in my PHP application
There are a few third-party 2FA libraries that help with this but none of it is PHP native.
Need advice on which one is widely used to implement 2FA and is secure in terms of code so that our… Continue reading 2FA for PHP Application [closed]
We are using JWT (Json Web Token), with HS256 algorithm.
Is it ok to use PHP’s password_hash() functions output for the secret part?
It’s output is a 128 bit random salt with the user’s password hashed together with bcrypt.
(the reason we … Continue reading JWT secret part from php password_hash() (128bit random salt and password hashed together)?
In one of my PHP apps, I have a part where it scrapes the content of random links on the internet using file_get_contents, and then it runs a regex on this content to find all the email addresses in it. Now, these "links" it scra… Continue reading Is running PHP file_get_contents on random user-generated links safe?
A friend found several suspicious PHP files on his server when we was upgrading his Wordpress install. They are all in the public_html folder and the filenames are the name of his domain with seemingly random digits next it.
I’ve "bea… Continue reading Found several potentially malicious PHP files but not sure what they are doing? [duplicate]
I have found many curious PHP files on my hosting server. Those files are generated automatically with a specific name. I have researched all files; It may be some shell. Also, I have found some exciting PHP mailer scripts.
I have removed … Continue reading My web server automatically generates some specific malicious .php file [duplicate]