All Questions
177 questions
0votes
0answers
97views
What are password encryption schemes that result in variable length common in MySQL and PHP?
I have stumbled across passwords on a MySQL database behind a PHP webapp. Here are some examples. 753a524d56b48d825328ce27 789e0ad30d15 7ba0868c23e0a2 d327e265ca2abcd7c 48276b3d5618850 ...
0votes
1answer
141views
Why can I not sql inject this piece of code? [duplicate]
This is the code: $stmt = $db->prepare("SELECT DISTINCT * FROM kurssit WHERE BINARY id=? AND BINARY avain=?"); $stmt->bind_param("is", $kurssi, $avain); // prepare and bind $...
0votes
0answers
2kviews
Best practices for storing passwords for PHP and MySQL applications [duplicate]
I am creating a simplified lead and call management system for a friend's small business. I would like to know the best practices for hardening password storage and verification using PHP 7.4 and ...
1vote
1answer
698views
Is MariaDB Server obsolete for PHP and Wordpress projects?
PHP (and by extension WordPress) only supports MySQL native & sha256 password authentication. MariaDB Server only supports MySQL native & ed25519 password authentication. Since MySQL native ...
0votes
1answer
934views
Using parametrized queries in PHP
I am currently developing a Slack app in PHP. I'm trying to make the app as secure as possible, that's for sure. So far, I have done the following: Verified the requests using signing secrets Making ...
0votes
3answers
325views
Is my login script secure – how to improve it?
I have a login system for my website that works as follows: In the database I have a table called users with the fields user, password and authentication_token. user gets set manually by request in ...
- 101
0votes
4answers
323views
Can here be SQL Injection
i got till moment when i do not know if it is secure! If SQL injection is inserted into myTableTwo via safe PDO query will it make my query below SQL injection open? Is the query below safe? $mysfield ...
- 103
0votes
0answers
1kviews
Sqlmap not detects error based injection
I am working on Hack the VM (hard machine) for my OSCP preparation There is a web app with two drop down boxes.. Year and month.. both contain numbers and a submit to fetch data from DB based on year ...
- 53
2votes
1answer
393views
Ways to detect CVE-2017-12419 intrusion
I have a free infinityfree.net web server that was vulnerable to CVE-2017-12419 for quite a big window of time. After fixing the gap and changing the passwords, what are some ways to detect if the ...
- 3,353
0votes
1answer
442views
Having problems with SQL injection with mysqli extension PHP
I am new to SQL injections, and people on Reddit asked me do the portswigger labs. Which I did up till before 2nd order ones. So I am pretty comfortable with usual SQL injections. Now I have myself ...
0votes
1answer
563views
SQL injection and XSS prevention
I would kindly ask you to review the following code and tell me if it's enough to prevent most of SQL injection and XSS attacks. SQL injection: treated via PDO prepared statements; XSS: All user's ...
0votes
0answers
408views
Unable to exploit SQL injection in the parameter
During my testing I have found a vulnerable parameter in an API (/api/v1/documents/?direction=desc&limit=30&mode=reports**&page=1**) and its parameter is page=1 at the end. Upon giving the ...
27votes
12answers
11kviews
Why are stored procedures and prepared statements the preferred modern methods for preventing SQL Injection over mysql real escape string() function
Why are stored procedures and prepared statements the preferred modern methods for preventing SQL Injection over mysql_real_escape_string() function?
- 287
0votes
1answer
161views
A New Blog Post is showing on top of my home page from Unknown user cyberanon - How to Remove the post? [closed]
I have just launched our brand new blog website (php/mysql). I don't have any idea about cyber security. Yesterday we published a topic on coronavirus vaccine. I just noticed a new post is sitting on ...
- 11
1vote
0answers
768views
SQLMAP with single URL application
I have a local application which will be accessible only after login. Its single URL application, URL of application won't change, just it use 'XMLHttpRequest' to refresh the content of screen based ...
