Archive for the 'PHP' Category
become a hacker with webgoat
Filed under: Information, Injection, LFI, PHP, RFI, XSS, sql, tools | Tags: ajax, flaws, hacking, learn, PHP, security, tutorial, webgoat, websecurity
Comments(0) WebGoat is a insecure web application which is designed to teach web application security concepts.
You can try hacking: Access Control Flaws, Authentication Flaws, Session Management Flaws, Cross-Site Scripting (XSS), Buffer Overflows, Injection Flaws, Improper Error Handling, Insecure Storage, Denial of Service, Insecure Configuration, Web Services and AJAX Security.
There is a “Lesson Plan” a kind of tutorial and in the “Hints Menu” you can view the parameters, cookies, the Code and the solution.
It’s a lot of fun and you learn more about web application security.
hardening wordpress
Filed under: PHP, Security | Tags: PHP, security, web, wordpress
Comments(0) I had positive feedback after posting my article about hardening Joomla!, so I will now focus on the blog-software wordpress.
Here are a couple of tips that you can use to make your wordpress a bit securer.
Change the default name of your administrator login (admin) and choose a strong password for all your accounts. It’s also a good idea to use different login- and author-names, wordpress has also a great user levels.
Read more »
hardening the famous PHP-CMS Joomla!
Filed under: Information, PHP, Security | Tags: cms, joomla, PHP, security, web
Comments(2) I’m not a big fan of Joomla! but a client wanted to use it and so I had a closer look on it, to make it a bit securer.
For the moment I work with the 1.0.14 version and read that the Joomla1.5 work with safe mode on and has some nice security features.
Here are some tips which you can also use if you aren’t a Joomla head.
hide your php source code (expired)
Filed under: Information, PHP, Security | Tags: bcompiler, crypt, PHP, phpbytecode, source
Comments(10) I’m a big fan of the open source philosophy but sometimes it’s useful to have an unreadable binary source code.
In this posting i will show you how to use and how to install bcompiler to encode your scripts in phpbytecode, enabling you to protect the source code.
Read more »
Spam protection with Akismet
Filed under: PHP, spam, tools | Tags: akismet, antispam, PHP, security, spam
Comments(0) Akismet, or Automattic Kismet, is a text spam filtering service created by Automattic, the corporation which employs most of the main developers of WordPress.
When a new comment is posted on your site, Akismet webs service catches the comment and tests whether a comment is valued as “spam” or “not spam”. Read more »
The null byte to hack includes
Filed under: Injection, LFI, PHP, RFI, Security | Tags: include, inclusion, LFI, local file inclusion, null, null byte, PHP, remote file inclusion, RFI, security
Comments(3) The null byte (also null terminator) is a character with the value zero, present in the ASCII and Unicode character sets. Strings end if there is a null character.
In PHP this character looks like this %00.
Ok whats the deal with null bytes?
A lot of people think that this method below, to include a file which has a fix extension (.php), is a bullet prof one, but that’s not true.
include ($_GET['site'].”.php”);
?>
If you call the script with a null byte in the URL it’s possible to include any local or remote site!
http://example.com/?site=../../../../etc/passwd%00
Protect your application against SQL injections part 2
Filed under: Injection, PHP, sql | Tags: Database, Injection, mysql, PHP, security, sql, sql-injection
Comments(0) In part 1 we made sure that the value is an integer, but what if a value could be a string?
You have to escape special characters in a string for using in a SQL statement. This means that a single quote (’) get a backslash before (\’).
There are escape functions for each popular database:
Protect your application against SQL injections part 1
Filed under: Injection, PHP, sql | Tags: Database, Injection, mysql, PHP, security, sql, sql-injection
Comments(3) Many applications use a database to store data. Popular products are MySQL, SQLite and PostgreSQL.
A lot websites use a number called ID in the URL to get more information to a dataset like a product or a posting.
The problem of using ID’s is if they aren’t validated, bad guys and girls can spy, change or destroy your database by manipulating the SQL query.
This attack is called SQL injection.
An example to get the field “title” in the row with the value of $_GET['id']
System call injection
Filed under: Injection, PHP, Security | Tags: escapeshellarg, escapeshellcmd, exec, Injection, PHP, shell, system
Comments(1) With the follow commands you can execute an external program on the system (server).
- shell_exec
- proc_open
- system
- exec
- passthru
- popen
- “ (back tick operator)
This form sends a domain name and prints the result back from the linux program whois.
Pixy: XSS and SQLI Scanner for PHP Programs
Filed under: Information, PHP, XSS, sql, tools | Tags: Information, Injection, PHP, scanner, security, sql, sqli, sqlinjection, tools, XSS
Comments(0) Pixy is a free Java program that performs automatic scans of PHP 4 source code, aimed at the detection of Cross-site scripting (XSS) and SQL injection (SQLI) vulnerabilities. Pixy takes a PHP program as input, and creates a report that lists possible vulnerable points in the program, together with additional information for understanding the vulnerability.
There is also a easy to use webinterface where you can upload your files or paste the code to analyse it.
