Latest php advisories

Home Articles Random Stuff PHP Advisories PHP Advisories

Backends RSS Team

PHPSecure II

When release the trilogy ?
Perfect remake
Boring ..
It isn't a good job

Selection of texts by PHPSecure Team

You will find here complete articles and files on various subjects relating to PHPSecure.

LAST ARTICLES

10 mars 2004

Injection d'headers dans la fonction mail() de PHP
Les failles sur le net permettant l'envoi d'un mail anonyme peuvent souvent servir à un hacker, ou pour une arnaque quelconque. On pense que ce genre de problèmes apparaît uniquement si on laisse le choix du destinataire.
Ce texte montre qu'il y a d'autres moyens d'envoyer un e-mail anonyme qu'en utilisant le champ du destinataire...
163155 reading read it ..

08 décembre 2003

Injection (My)SQL via PHP
Ce texte analyse en détails différentes possibilités, plus de 10 techniques, de l'injection SQL (avec une base de donnée MySQL) via le langage PHP. Texte incontournable pour la sécurité d'un site !
240311 reading read it ..

04 march 2003

phpinfo() and the security
A lot of people use phpinfo() function because their PHP applications include this function in the code, or to check the configuration of PHP, etc .. However phpinfo() can be dangerous for the site.
44012 reading read it ..

22 january 2003

Secure your cookies
The cookies are easily usable in PHP thanks to the setcookie() function. Some systems of authentification based on the cookies. The problem is that these systems are NEVER 100% secure. This text explains why.
0 reading read it ..

17 january 2003

Bug PHP Array
Safety PHP isn't summarized to use of the language. The language itself can contain bugs, and these bugs isn't always without consequent on safety. Bug PHP Array is one of those. It is explained here, like its consequences.
22687 reading read it ..

19 décember 2002

Cross Site Scripting : Comprehension and securisation
Any site on the safety worthy of this name must have its description of the Cross Site Scripting.
38084 reading read it ..

LAST FILES

24 oct 2005

Regular Expression Injection

By Christian Wenz
In order to combat web application security issues, two main aspects must always be considered: Input must be validated, output must be escaped. A lack of input validation can lead to a dangerous injection attack, most prominently known are SQL Injections or command injections, and more recently XPath injections [1]. This paper presents a new way of attack called RegEx Injections/Regular Expression Injections.
12 reading read it ..

23 feb 2004

Injections PHP/MySQL (2)
[no desc available yet]
79716 reading read it ..

23 décember 2002

Secure its scripts PHP
The purpose of this article is to explain you the principles of different safety PHP by analyzing fonctions/scripts being able to be vulnerable.
100318 reading read it ..

19 décember 2002

Exploitation of the vulnerabilities with applications PHP
Applications PHP often suffer from the same vulnerabilities, here some explanations on various holes.
44741 reading read it ..

19 décember 2002

PHPLIB : A model safe for the flow of the data in PHP.
Récently replaced by PEAR, PHPLib places at the disposal of the programmer several tools to facilitate its work. PHPLib can however make your applications vulnerable if there is a lack of attention.
12409 reading read it ..