Top 7 PHP Security Vulnerabilities



Security is not a list of things you do. Security is a way of thinking, a way of looking at things, a way of dealing with the world that says “I don’t know how they’ll do it, but I know they’re going to try to screw me” and then, rather than dissolving into an existential funk, being proactive to prevent the problem. PHP has some major vulnerabilities which can be xploited and even prevented too. So lets start ..
SQL Injection
Number one on the hit list is the SQL injection attack. In this case, someone enters an SQL fragment (the classic example is a drop database statement, although there are many possibilities that don’t include deletions which could be just as destructive) as a value in your URL or web form. Never mind now how he knows what your table names are; that’s another problem entirely. You are dealing with an insidious and resourceful foe.
So, what can you do to avoid this? First and foremost you need to be suspicious of any input you accept from a user. Believe everyone is nice? Just look at your spouse’s family… they’re weird and freaky, some dangerously so.
The way to prevent this sort of thing is to use PDO Prepared Statements. I don’t want to go through a full discussion of PDO now. Suffice to say prepared statements separate the data from the instructions. In doing so, it prevents data from being treated as anything other than data.  
Must Read: So more details, read this Preventing Sql injection through prepared statements

XSS (Cross Site Scripting)

Curse the black hearts who thrive on this type of deception. Parents, talk to you children today lest they become evil XSS’ers!
The essence of any XSS attack is the injection of code (usually JavaScript code but it can be any client-side code) into the output of your PHP script. This attack is possible when you display input that was sent to you, such as you would do with a forum posting for example. The attacker may post JavaScript code in his message that does unspeakable things to your site. Please don’t make me go into detail; my heart weeps at what these brigands are capable of.
For more information and how to protect yourself, I suggest reading these fine articles on PHPMaster:

Source Code Revelation

This one has to do with people being able to see the names and content of files they shouldn’t in the event of a breakdown in Apache’s configuration. Yeah, I dig it, this is unlikely to happen, but it could and it’s fairly easy to protect yourselves, so why not?
We all know that PHP is server side – you can’t just do a view source to see a script’s code. But if something happens to Apache and all of a sudden your scripts are served as plain text, people see source code they were never meant to see. Some of that code might list accessible configuration files or have sensitive information like database credentials.
The solution centers around how you set up the directory structure for your application. That is, it isn’t so much a problem that bad people can see some code, it’s what code they can see if sensitive files are kept in a public directory. Keep important files out of the publicly-accessible directory to avoid the consequences of this blunder.

Remote File Inclusion

Hang on while I try to explain this: remote file inclusion is when remote files get included in your application. Pretty deep, eh? But why is this a problem? Because the remote file is untrusted. It could have been maliciously modified to contain code you don’t want running in your application.
Suppose you have a situation where your site at www.myplace.com includes the library www.goodpeople.com/script.php. One night, www.goodpeople.com is compromised and the contents of the file is replaced with evil code that will trash your application. Then someone visits your site, you pull in the updated code, and Bam! So how do you stop it?
Fortunately, fixing this is relatively simple. All you have to do is go to your php.ini and check the settings on these flags.
  • allow_url_fopen – indicates whether external files can be included. The default is to set this to ‘on’ but you want to turn this off.
  • allow_url_include – indicates whether the include()require()include_once(), and require_once() functions can reference remote files. The default sets this off, and setting allow_url_fopenoff forces this off too.

Session Hijacking

Session hijacking is when a ne’er-do-well steals and use someone else’s session ID, which is something like a key to a safe deposit box. When a session is set up between a client and a web server, PHP will store the session ID in a cookie on the client side probably called PHPSESSID. Sending the ID with the page request gives you access to the session info persisted on the server (which populates the super global $_SESSION array).
If someone steals a session key, is that bad? And the answer is: if you aren’t doing anything important in that session then the answer is no. But if you are using that session to authenticate a user, then it would allow some vile person to sign on and get into things. This is particularly bad if the user is important and has a lot of authority.
So how do people steal these session IDs and what can decent, God-fearing folk like us do about it?
Session IDs are commonly stolen via a XSS attack, so preventing those is a good thing that yields double benefits. It’s also important to change the session ID as often as is practical. This reduces your theft window. From within PHP you can run the session_regenerate_id() function to change the session ID and notify the client.
For those using PHP5.2 and above (you are, aren’t you?), there is a php.ini setting that will prevent JavaScript from being given access to the session id (session.cookie.httponly). Or, you can use the functionsession_set_cookie_parms().
Session IDs can also be vulnerable server-side if you’re using shared hosting services which store session information in globally accessible directories, like /tmp. You can block the problem simply by storing your session ID in a spot that only your scripts can access, either on disk or in a database.

Cross Site Request Forgery

Cross Site Request Forgery (CSRF), also known as the Brett Maverick, or Shawn Spencer, Gambit, involves tricking a rather unwitting user into issuing a request that is, shall we say, not in his best interest. But rather than me going on and on about CSRF attacks, refer to an outstanding example of just what kind of content we have here on PHPMaster: Preventing Cross-Site Request Forgeries by Martin Psinas.

Directory Traversal

This attack, like so many of the others, looks for for a site where the security is not all that it should be, and when if finds one, it causes files to be accessed that the owner did not plan to make publicly accessible. It’s also known as the ../ (dot, dot, slash) attack, the climbing attack, and the backtracking attack.
There are a few ways to protect against this attack. The first is to wish really, really hard that it won’t happen to you. Sometimes wishing on fairies and unicorns will help. Sometimes it doesn’t. The second is to define what pages can be returned for a given request using whitelisting. Another option is to convert file paths to absolute paths and make sure they’re referencing files in allowed directories.
These are Top 7 Vulnerabilities in PHP. Please do like and share this post and do join our facebook page AnonHackSociety

18 comments

Usually I do not read post on blogs, but I would like to say that this write-up very forced me to try and do it! Your writing style has been surprised me. Thanks, very nice article.

Corporate Training in Chennai

Reply

Are you interested in any kinds of hacking services?
Feel free to contact TECHNECHHACKS@GMAIL.COM.

For years now we’ve helped so many organizations and companies in hacking services.
TECHNECHHACKS is a team of certified hackers that has their own specialty and they are five star rated hackers.

We give out jobs to hackers (gurus only) to those willing to work, with or without a degree, to speed up the availability of time given to jobs!!

Thus an online binary decoding exam will be set for those who needs employment under the teams establishment.


we deal with the total functioning of sites like,



+ SOCIAL MEDIA (Facebook, Twitter, Instagram, Snapchat, google hangout etc.)

+ CREDIT CARDS INSTALLATION

+ WESTERN UNION TRANSFER

+ MONEY FLIPPING

+ BANK ACCOUNTS

+ IOS/OS

+ CRIMINAL RECORDS

+ SCHOOL GRADES

+ CREDIT SCORES

+ SPOUSES PHONE

+ BTC RECOVERY

+ BTC MINING


Thus bewere of scammers because most persons are been scammed and they ended up getting all solutions to their cyber bullies and attacks by US.

I am Jason williams one of the leading hack agent.

PURPOSE IS TO GET YOUR JOBS DONE AT EXACTLY NEEDED TIME REQUESTED!!!



And our WORK SUCCESS IS 100%!!!



I’m always available for you when you need help.

Contact or write us on:

Technechhacks@gmail.com

SIGNED....!

Jason. W.

Reply
This comment has been removed by the author.

Are you interested in any kinds of hacking services?
Feel free to contact TECHNECHHACKS.

For years now we’ve helped so many organizations and companies in hacking services.
TECHNECHHACKS is a team of certified hackers that has their own specialty and they are five star rated hackers.

We give out jobs to hackers (gurus only) to those willing to work, with or without a degree, to speed up the availability of time given to jobs!!

Thus an online binary decoding exam will be set for those who needs employment under the teams establishment.


we deal with the total functioning of sites like,


• SOCIAL MEDIA (Facebook, Twitter, Instagram, Snapchat, google hangout etc.)

• SCHOOL GRADES

• IOS/OS

• CREDIT SCORES

• BANK ACCOUNTS

• SPOUSES PHONE

Our special agents are five star rated agents that specializes in the following, and will specially be assigned to you for a special job well DONE.

• WESTERN UNION TRANSFER

• CREDIT CARDS INSTALLATION

• MONEY FLIPPING

• CRIMINAL RECORDS

• BTC RECOVERY

• BTC MINING

• BTC INVESTMENT

Thus bewere of scammers because most persons are been scammed and they ended up getting all solutions to their cyber bullies and attacks by US.

I am Jason williams one of the leading hack agent.

PURPOSE IS TO GET YOUR JOBS DONE AT EXACTLY NEEDED TIME REQUESTED!!!



And our WORK SUCCESS IS 100%!!!



We’re always available for you when you need help.

Contact or write us on:

Technechhacks@gmail.com

SIGNED....!

Jason. W

TECHNECHHACKS
2021©️All Right Reserved

Reply

Are you interested in any kinds of hacking services?
Feel free to contact TECHNECHHACKS.

For years now we’ve helped so many organizations and companies in hacking services.
TECHNECHHACKS is a team of certified hackers that has their own specialty and they are five star rated hackers.

We give out jobs to hackers (gurus only) to those willing to work, with or without a degree, to speed up the availability of time given to jobs!!

Thus an online binary decoding exam will be set for those who needs employment under the teams establishment.


we deal with the total functioning of sites like,


• SOCIAL MEDIA (Facebook, Twitter, Instagram, Snapchat, google hangout etc.)

• SCHOOL GRADES

• IOS/OS

• CREDIT SCORES

• BANK ACCOUNTS

• SPOUSES PHONE

Our special agents are five star rated agents that specializes in the following, and will specially be assigned to you for a special job well DONE.

• WESTERN UNION TRANSFER

• CREDIT CARDS INSTALLATION

• MONEY FLIPPING

• CRIMINAL RECORDS

• BTC RECOVERY

• BTC MINING

• BTC INVESTMENT

Thus bewere of scammers because most persons are been scammed and they ended up getting all solutions to their cyber bullies and attacks by US.

I am Jason williams one of the leading hack agent.

PURPOSE IS TO GET YOUR JOBS DONE AT EXACTLY NEEDED TIME REQUESTED!!!



And our WORK SUCCESS IS 100%!!!



We’re always available for you when you need help.

Contact or write us on:

Technechhacks@gmail.com

SIGNED....!

Jason. W

TECHNECHHACKS
2021©️All Right Reserved

Reply

Infycle Technologies, the top software training institute and placement center in Chennai offers the Best Digital Marketing course in Chennai for freshers, students, and tech professionals at the best offers. In addition to Digital Marketing, other in-demand courses such as DevOps, Data Science, Python, Selenium, Big Data, Java, Power BI, Oracle will also be trained with 100% practical classes. After the completion of training, the trainees will be sent for placement interviews in the top MNC's. Call 7504633633 to get more info and a free demo.

Reply

Top 7 Php Security Vulnerabilities >>>>> Download Now

>>>>> Download Full

Top 7 Php Security Vulnerabilities >>>>> Download LINK

>>>>> Download Now

Top 7 Php Security Vulnerabilities >>>>> Download Full

>>>>> Download LINK

Reply

Post a Comment