Sunday, May 28, 2017
Home / Programming / PHP Loopholes

PHP Loopholes

Again and again, Filipino Government websites keep getting hacked by several hacking groups. Well defacing is the common case here which is internet vandalism on my part. I’d like to point that implementing security to filter simple and sophisticated attacks is very easy. You know what they said. If you want to catch the criminal, think like a criminal.
If you ask me, there are four possible ways that a site can get hacked. SQLi (SQL Injection), LFI-RFI (Local, Remote File Inclusion), and XSS (Cross Site Scripting). Then again if you’re too naive about security I suggest disabling “error_reporting” during live mode.

The story goes into an infinite loophole. It’s simple really, they get hacked, news pop out, they restore it with the same file lol.

 

PHP Security Cheat Sheet

Source

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Silent OS 3.0 for Blackphone Completely revamped

Version 3.0 migrates Silent OS to Android Marshmallow 6.0.1 and delivers the Android safety patch …