Selection of texts by PHPSecure Team

You will find here complete articles and files on various subjects relating to PHPSecure.


10 mars 2004
Injection d'headers dans la fonction mail() de PHP
Les failles sur le net permettant l'envoi d'un mail anonyme peuvent souvent servir à un hacker, ou pour une arnaque quelconque. On pense que ce genre de problèmes apparaît uniquement si on laisse le choix du destinataire.
Ce texte montre qu'il y a d'autres moyens d'envoyer un e-mail anonyme qu'en utilisant le champ du destinataire...
169107 reading read it ..

08 décembre 2003
Injection (My)SQL via PHP
Ce texte analyse en détails différentes possibilités, plus de 10 techniques, de l'injection SQL (avec une base de donnée MySQL) via le langage PHP. Texte incontournable pour la sécurité d'un site !
243775 reading read it ..

04 march 2003
phpinfo() and the security
A lot of people use phpinfo() function because their PHP applications include this function in the code, or to check the configuration of PHP, etc .. However phpinfo() can be dangerous for the site.
47164 reading read it ..

22 january 2003
Secure your cookies
The cookies are easily usable in PHP thanks to the setcookie() function. Some systems of authentification based on the cookies. The problem is that these systems are NEVER 100% secure. This text explains why.
0 reading read it ..

17 january 2003
Bug PHP Array
Safety PHP isn't summarized to use of the language. The language itself can contain bugs, and these bugs isn't always without consequent on safety. Bug PHP Array is one of those. It is explained here, like its consequences.
24253 reading read it ..

19 décember 2002
Cross Site Scripting : Comprehension and securisation
Any site on the safety worthy of this name must have its description of the Cross Site Scripting.
39279 reading read it ..


24 oct 2005
Regular Expression Injection
By Christian Wenz
In order to combat web application security issues, two main aspects must always be considered: Input must be validated, output must be escaped. A lack of input validation can lead to a dangerous injection attack, most prominently known are SQL Injections or command injections, and more recently XPath injections [1]. This paper presents a new way of attack called RegEx Injections/Regular Expression Injections.
12 reading read it ..

23 feb 2004
Injections PHP/MySQL (2)
[no desc available yet]
82392 reading read it ..

23 décember 2002
Secure its scripts PHP
The purpose of this article is to explain you the principles of different safety PHP by analyzing fonctions/scripts being able to be vulnerable.
107954 reading read it ..

19 décember 2002
Exploitation of the vulnerabilities with applications PHP
Applications PHP often suffer from the same vulnerabilities, here some explanations on various holes.
46306 reading read it ..

19 décember 2002
PHPLIB : A model safe for the flow of the data in PHP.
Récently replaced by PEAR, PHPLib places at the disposal of the programmer several tools to facilitate its work. PHPLib can however make your applications vulnerable if there is a lack of attention.
13369 reading read it ..

French English