All Questions
35 questions
0votes
0answers
389views
How to perform php post request attack with javascript sanitization?
The following code demonstrates the source code of this challenge and basically, I need to send a post request with arbitrary code to execute on the server. However, after multiple attempts Im unable ...
0votes
1answer
1kviews
Can POST request be changed in a HTTPS website?
I am trying to develop a website where I grab data using javascript and send it to PHP using ajax post. However, while researching, I found that the POST request can be modified using third-parties ...
1vote
1answer
2kviews
Changing $_SERVER['REMOTE_ADDR'] remotely
On a nginx web-server running the following config is to possible to change $_SERVER['REMOTE_ADDR'] remotely?: user www; pid /run/nginx.pid; error_log /dev/stderr info; events { ...
- 45
1vote
1answer
4kviews
Suspicious HTTP Requests in my logs [duplicate]
I'm running a PHP application with a user management system called userspice. It basically allows you to include the userspice PHP file and then control access to a certain PHP page. As I have seen ...
1vote
1answer
1kviews
Why is php-fpm trying to connect somewhere on port 443?
I have nginx and php-fm set up to front a word press site. I used certbot to setup TLS. When I load any page, I see selinux violations and it looks like php-fpm is trying to reach out to some port ...
- 320
2votes
1answer
5kviews
Missing HTTPOnly Cookie Attribute in Laravel 7 [duplicate]
I have a Laravel site, I thought I patched this issue already. I got these in my session.php 'secure' => true, 'http_only' => true, But OpenVas still detected that I still need to it. It ...
- 125
1vote
1answer
631views
PHP HTTP Reverse Shell?
Is there a PHP HTTP reverse shell? I haven't been able to find one, only ones that transmit using TCP packets (not HTTP). Note, I mean actually using HTTP packets as the C2, not just transmitting TCP ...
- 11
2votes
3answers
3kviews
How to prevent unauthorized users from accessing an image on my server just by URL?
I have a few dynamically generated images on my server (of high business value), which are supposed to be viewed only via our mobile app. The image is simply loaded from the URL as PNG. How can I ...
- 121
0votes
2answers
1kviews
Locale detection & huge Accept-Language header, can this be considered an atack vulnerability?
I was looking for some examples of automatic locale detection as I needed to do the same in my PHP app. Most of the answers I found were similar, only differing in the parsing methods. An example '...
- 111
2votes
0answers
972views
Random Alphabetical String Added to URL
I originally asked this question over at Stack Overflow, but someone there suggested asking here because it might be possible that something malicious may be causing the following issue: Users have ...
8votes
2answers
2kviews
What are the potential vulnerabilities of allowing a large http body size?
With NGINX and PHP I am allowing 5GB files to be 'uploaded' to my server although they will not be downloaded unless they are 'legitimate' (that is for another question ;)). I was wondering is this is ...
- 383
2votes
1answer
860views
What's so special about `eval("z!ax")`?
While checking out some error logs for our site, I noticed one odd-looking request that provided many parameters that we don't use: 'q' => 'die(\'z!a\'.\'x\');', 'w' => 'die(\'z!a\'.\'x\');', '...
- 129
0votes
1answer
3kviews
Array in HTTP GET/POST requests
In PHP server programming, URL-encoded GET/POST requests are parsed into associative "array" type upon receiving. For most of the time, query arguments can be assumed to be strings, however sometimes ...
- 374
4votes
2answers
2kviews
Vulnerable CRLF environment
I'm looking for a vulnerable CRLF environment. So far I've tested PHP and JSP. In PHP 5.6, header gives you a warning if you try to insert a newline: <b>Warning</b>: Header may not ...
- 2,097
2votes
2answers
3kviews
Manually exploiting blind SQL injection in SELECT statement in X-Forwarded-For header
I am struggling exploiting this vulnerability in the code below: <?php ini_set('display_errors', 0); define("INDEX", 1); include '../db.php'; if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) &&...
