Quantcast
Channel: PHPDeveloper.org
Browsing all 11 articles
Browse latest View live

Community News: Ubuntu Updates PHP Packages

The Ubuntu linux group has released an update for their PHP packages to help protect their users from issues like security bypass and remote exploits. This fixes a weakness and some vulnerabilities,...

View Article



Gareth Heyes' Blog: Faking the unexpected

Gareth Heyes has an example of yet another way he's seen developers incorrectly handle incoming connections and the information inside. This time, he focuses on the remote IP coming from the client....

View Article

Gareth Heyes' Blog: Exploiting PHP SELF

Gareth Heyes has a new post today talking about one of the vulnerable values in the $_SERVER superglobal - PHP_SELF. I thought it might be a good idea to gather a few test cases demonstrating the...

View Article

GNUCitizen.org: Reviewing Practical PHP Exploitation Techniques

From the GNUCitizen blog, there's a new post about a recent meeting (of the OWASP London Chapter) where several presentations were given on methods for exploiting PHP applications. The three talks...

View Article

Stefan Esser's Blog: Some facts about the PHPList vulnerability and the...

Some of you might have heard about the hacking of the phpBB.com website earlier this week. Well, Stefan Esser has posted a bit more about the vulnerability in the PHPList software that lead to the...

View Article


Community News: PHP Remote Exploit - Floating Point Issue Causes Freeze/Crash

As reported by both The Register and Zend, there's a new remote exploit bug that possibly has something to do with the way 32-bit processors handle floating point numbers. From Zend: Due to the way...

View Article

PHP.net: Security Notice (wiki.php.net)

On PHP.net there's a quick security advisory for those that didn't see the news - the wiki.php.net machine was compromised but has been wiped and all accounts reset and requiring a password reset. The...

View Article

PHP-Security.net: New PHP-CGI Exploit (CVE-2012-1823)

The PHP-Security.net site has two posts related to the recently discovered bug in PHP (hence the new versions) related to the CGI handling in certain server configurations. In the first they detail...

View Article


DevShed: Hackers Compromise PHP Sites to Launch Attacks

According to this new post on DevShed, there have been several targeted attacks against U.S. bank websites (DDoS), some of which involved the compromise of PHP-based applications. Once the hackers got...

View Article


Greg Freeman: Steps to Take When you Know your PHP Site has been Hacked

Greg Freeman has posted the second part of his "hacked PHP application" series (part one is here). In this new post he looks at the aftermath - what to do and check to do cleanup and fixes so it...

View Article

Jani Hartikainen: Library author: Don't provide an exploitable interface

Jani Hartikainen has shared a recommendations to library authors out there - don't make your library exploitable. That is, don't make it, by default, open to common attacks like SQL injection or...

View Article
Browsing all 11 articles
Browse latest View live




Latest Images