Tagged Questions
0
votes
2answers
233 views
Was I a victim of an “Apache PHP Remote Exploit” attack?
I have a server in my computer for testing purposes, accessible from the outside.
I was reviewing the access.log file, and I saw
89.187.33.50 - - [29/Mar/2014:03:39:01 +0100] "HEAD / HTTP/1.0" 200 -
...
1
vote
1answer
136 views
WordPress Private Expoit? [closed]
I have a friend who said he has a private exploit for all WordPress ran websites. I asked him to take down my private blog, to see if it is real. He couldn't do it. I tried to get some more ...
8
votes
2answers
2k views
Exploiting PHP via GET params
To be clear, this is in the interest of ethical testing to secure an application on behalf of my work.
Now that that's out of the way, here are the details:
Un-sanitised GET params are used in a ...
4
votes
1answer
314 views
Exploited by newbie3viLc063s
My debian server got exploited by some scriptiekiddie who used Newbie3viLc063
http://pastebin.com/jma8JRG1 .
Scriptkiddie uploaded logo_php.png to my server (My permissions sucked :s) and he did run ...
2
votes
2answers
526 views
how to bypass “header” in php
While reading an article I encounter an interesting thing I did not know about:
if(!isset($_SESSION['usr_id']) || !isset($_SESSION['usr_name']))
{
header('Location: index.php');
}
...Which ...
1
vote
5answers
680 views
Site backdoor & eval()
I'm running a Joomla 1.7 site which was hacked today. Below script did the hack.
...
0
votes
6answers
5k views
Use PHP to check uploaded image file for malware?
I want my users to be able to upload a photo. Currently I am not checking the uploaded photo for problems of any kind, although I do limit the size to 32k.
Is there any way for me to check uploaded ...
4
votes
2answers
947 views
What exploit types do I need to protect against in PHP?
I recently learned that apparently, it is common for people to attempt SQL injections using the HTTP referrer in PHP. What other inputs do I need to protect against? I am currently "cleaning up" ...
1
vote
1answer
85 views
sigsegv in php5.3.10
I found an overflow situation in php5.3.10.
Probably it's not 'something new', but if I can understand this,
it will help me to find this kind of bug faster in the future.
What can I do to check ...
2
votes
1answer
215 views
Is it safe to invoke PHP GD functions if you don't know whether file is a valid image?
There is image upload function in web application. After image is uploaded, it's resized using functions from PHP GD like imagecopyresampled and others. Before invocation of PHP GD's functions there ...
7
votes
3answers
12k views
How can I use this path bypass/exploit Local File Inclusion?
I have tried to run a vulnerability scanning script (Uniscan 6.0) on some websites and then I found a site which is exploitable with this following path. (included a word "invalid" , params/website ...
2
votes
1answer
897 views
Help in understanding a PHP exploit code found on a wordpress application
I've found this code in base 64 on all php files of one of my client's sites (wordpress) and I'm trying to understand what it does.
I'm also trying to figure out if it was an application exploit or a ...
