Finding vulnerabilities in PHP scripts

[Insider]

Just sharing, I really recommend reading this paper. Helpful if you want to program in php but still create secure code and avoid potential vulnerabilities in your code.

Finding vulnerabilities in PHP scripts
Name : Finding vulnerabilities in PHP scripts FULL ( with examples )
Author : SirGod
Email : sirgod08@gmail.com

Contents :

Code:

1) About
2) Some stuff
3) Remote File Inclusion
    3.0 - Basic example
    3.1 - Simple example
    3.2 - How to fix
4) Local File Inclusion
    4.0 - Basic example
    4.1 - Simple example
    4.2 - How to fix
5) Local File Disclosure/Download
    5.0 - Basic example
    5.1 - Simple example
    5.2 - How to fix
6) SQL Injection
    6.0 - Basic example
    6.1 - Simple example
    6.2 - SQL Login Bypass
    6.3 - How to fix
7) Insecure Cookie Handling
    7.0 - Basic example
    7.1 - Simple example
    7.2 - How to fix
8) Remote Command Execution
    8.0 - Basic example
    8.1 - Simple example
    8.2 - Advanced example
    8.3 - How to fix
9) Remote Code Execution
    9.0 - Basic example
    9.1 - Simple example
    9.2 - How to fix
10) Cross-Site Scripting
    10.0 - Basic example
    10.1 - Another example
    10.2 - Simple example
    10.3 - How to fix
11) Authentication Bypass
    11.0 - Basic example
    11.1 - Via login variable
    11.2 - Unprotected Admin CP
    11.3 - How to fix
12) Insecure Permissions
    12.0 - Basic example
    12.1 - Read the users/passwords
    12.2 - Download backups
    12.3 - INC files
    12.4 - How to fix
13) Cross Site Request Forgery
    13.0 - Basic example
    13.1 - Simple example
    13.2 - How to fix
14) Shoutz

In this tutorial I will show you how you can find vulnerabilities in php scripts.I will not explain
how to exploit the vulnerabilities,it is pretty easy and you can find info around the web.All the
examples without the basic example of each category was founded in different scripts.

Full guide // Source : https://dl.packetstormsecurity.net/paper...-vulns.txt

[Sehaal]

Thank you for this.
I didn't know anything listed in "Authentication Bypass" and will be using this knowledge for sure in the future.

[acid]

Already having read the document some time ago, thanks to share this here is a good point to anybody to start looking at php more closely.

[cisla]

I just want to notice that since PHP 7, the null byte vulnerability has been corrected regarding changelogs.

exec(), system() and passthru() functions have NULL byte protection now.

[Insider]

I just want to notice that since PHP 7, the null byte vulnerability has been corrected regarding changelogs.

exec(), system() and passthru() functions have NULL byte protection now.

Thank you for the information. Although these functions will still be useful to audit if the developer in question is using PHP 5.5+ which is from my understanding still a widely used and supported platform.

[hotmagnet]

Thanks for sharing this stuff mate. Need to try webapp side

[rachsec]

I think that people still doesn't care about security, I still find these kind of vulnerabilities in a ton of websites even the new ones (2018), developer in general focus on the final result whether is secure or not, they want to be productive and in the end they pay the price.

[Insider]

I think that people still doesn't care about security, I still find these kind of vulnerabilities in a ton of websites even the new ones (2018), developer in general focus on the final result whether is secure or not, they want to be productive and in the end they pay the price.

Yeah, unless the developers are security-focused on software, more than often profit is put before security. Like always :p Good news for us hackers, as well as white hats since we'd be without a job if we had no evil.

I ought to read this more in detail. It's been too long.