All Questions
7 questions
1vote
2answers
152views
Are there any attack vectors against the Smarty-PHP template engine when using a trusted template?
This is actually a general question about template engines. If I use Smarty-PHP to generate a website, and the templates and content are both created by me (assumed non-malicious), does this create ...
- 135
3votes
1answer
14kviews
How can I use phpinfo.php file to find new files on a server
I have been given a server to hack into for a cyber security class I have taken. After using dirb to look at the file structure, the only accessible file was the phpinfo.php file. I need to use this ...
- 211
-1votes
2answers
512views
Block requests containing URL of other websites
GET / HTTP/1.1" 200 166113 "-" "Mozilla/5.0 (compatible; dsada/2.0; +http://www.asd.com/search/asddd.html) I found this request repeated continuously in my logs. How can I prevent this (requests ...
4votes
2answers
3kviews
Are hiding and obfuscating the URL parameter keys a protection against tampering?
Does the use of mod_rewrite make PHP array injection (web parameter key tampering) impossible when the keys are unknown (and hard to guess)? Let's say we have the following URL: https://example.com/...
- 7,657
1vote
1answer
1kviews
Securely send password to script as parameter
I have an expect script on my server which opens a WebDAV connection to another server, expects a username and password, and then sends $arg1 and $arg2 as the username and password respectively. ...
- 125
4votes
3answers
3kviews
Is web app safe in not public folder?
I'am wondering if it's really safe to use this structure of my web application. WEBAPP Application Controllers Models Views ... Framework ... ...
- 141
2votes
1answer
888views
Have I done enough not be compromised through image uploading
I know that you can never be sure that you have done enough to be secure, and I also know that file uploading is hard to make correct. Before asking this question I read some of the related posts here ...
- 1,785
