Collaborate Disseminate
In one of my PHP apps, I have a part where it scrapes the content of random links on the internet using file_get_contents, and then it runs a regex on this content to find all the email addresses in it. Now, these "links" it scra… Continue reading Is running PHP file_get_contents on random user-generated links safe?
I created this flask script where it locks a page and looks to see if the code is correct, if its correct they get access, but if not it says incorrect code try again.
This is my code
from flask import Flask, request
app = Flask(‘app’)
@a… Continue reading Could my flask code be exploited in any way? [closed]
I have found many curious PHP files on my hosting server. Those files are generated automatically with a specific name. I have researched all files; It may be some shell. Also, I have found some exciting PHP mailer scripts.
I have removed … Continue reading My web server automatically generates some specific malicious .php file [duplicate]
I face some sort of "MitM" attack type that I don’t really know how to search, because I don’t really know what it is called, so I am in the dark here, and need some help and advice.
Let’s say there is a shopping website: shop.co… Continue reading "Pass-through" website interception detection and prevention
This is actually a general question about template engines.
If I use Smarty-PHP to generate a website, and the templates and content are both created by me (assumed non-malicious), does this create any attack vectors against my site?
My we… Continue reading Are there any attack vectors against the Smarty-PHP template engine when using a trusted template?
I have a desktop app that takes a file format and parses it to get some JSON data that is then send to a server.
My problem is figuring out if it is possible to somehow parse the data on the client and then send this JSON data to the serve… Continue reading Parse a File on Client and Send to Server Without Client Manipulating Data
I have a desktop app that takes a file format and parses it to get some JSON data that is then send to a server.
My problem is figuring out if it is possible to somehow parse the data on the client and then send this JSON data to the serve… Continue reading Parse a File on Client and Send to Server Without Client Manipulating Data
I am learning pentesting, currently studying Server Side Template Injection. I understood there are two types of SSTI – plaintext context and code context – but struggle to understand what exactly is the practical difference between them.
… Continue reading Server Side Template Injection (SSTI): Difference between plaintext context and code context?
I have a web server that will be used to manage the stock of a warehouse in a factory. The web server will be accessed only locally so the clients can update and view the available stock. The server can be accessed by 192.168.0.10/index.ht… Continue reading Do I need https for a web server that will be used locally? [duplicate]
I have seen some service providers that use certificates for client authentication, so that any browser without the certificate will be rejected. However, the browsers with trusted certificates could access their portals without login. How… Continue reading How to configure server for client certificate authentication?