Mind blowing SEO improving and Google rank increasing Signature Rotator SEO Tool.

Thread: 

Most common php vulnerabilities?

Tags: None
Ads
ivan Offline referral

Posts: 713
Joined: Jul 2013
Reputation: 6

#1
Senior Member
What are the most common PHP vulnerabilities?
chod Offline referral

Posts: 860
Joined: Jul 2013
Reputation: 85

#2
Posting Freak
For what version though? Each version has their own and many are patched very quickly.

The most common vulnerability in PHP is the coder. But you have other issues like SQL injection, remote file inclusion, session jacking, cross site request forgery, directory traversal, revealing the source code, XSS.
www.AdminEmpire.com
www.BlimptonTech.com - Best Free Online JavaScript tool to minify JavaScript files.
victor Offline referral

Posts: 638
Joined: Jun 2013
Reputation: 33

#3
Senior Member
Yeah YouTube is loaded with video tutorials about SQL injection LOL
ivan Offline referral

Posts: 713
Joined: Jul 2013
Reputation: 6

#4
Senior Member
I am not asking about specific PHP version but rather in general! What makes SQL injection possible?
chod Offline referral

Posts: 860
Joined: Jul 2013
Reputation: 85

#5
Posting Freak
Go read about it Ivan, stop being lazy and asking to be spoon fed. And I stated General issues as well in my response. I asked about what specific version because that will add more vectors to the equation as well.
www.AdminEmpire.com
www.BlimptonTech.com - Best Free Online JavaScript tool to minify JavaScript files.
maya Offline referral

Posts: 1,058
Joined: May 2013
Reputation: 34

#6
Posting Freak
Quote:SQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).[
http://en.wikipedia.org/wiki/SQL_injection
chod Offline referral

Posts: 860
Joined: Jul 2013
Reputation: 85

#7
Posting Freak
(10-03-2013 06:18 PM)Maya Wrote:  
Quote:SQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).[
http://en.wikipedia.org/wiki/SQL_injection
That does not answer his question (He asked how is it possible, not what it is) and could not be properly answered in a post here since most people on here do not read past a couple sentences.

Just SQL injection alone is a massive subject, let alone all the other things I stated before.
www.AdminEmpire.com
www.BlimptonTech.com - Best Free Online JavaScript tool to minify JavaScript files.
marcus_avrelius Offline referral

Posts: 2,424
Joined: May 2013
Reputation: 102

#8
Support Team
The majority of websites have the issue with SQL injection however they don't realize that until it already too late, and it's actually very difficult know where the problem is because the code and everything appears to work fine!
chod Offline referral

Posts: 860
Joined: Jul 2013
Reputation: 85

#9
Posting Freak
Test your code before going to production for things like SQL injection and you won't ever have to worry about it, plus there are ways to prevent it from happening if you use prepared statements and parameterized queries. What that means is the statement sent and parsed separately from any parameters. If this is done it would then be impossible to inject anything malicious SQL wise.

Just because your code "works" does not mean it is ready for production.

Also forgot to say the adapter you use, can change how the code should be used, make sure you understand the differences between them when you're programming.
www.AdminEmpire.com
www.BlimptonTech.com - Best Free Online JavaScript tool to minify JavaScript files.
ivan Offline referral

Posts: 713
Joined: Jul 2013
Reputation: 6

#10
Senior Member
Thanks Chod not I understand that there are ways to prevent SQL injection.
marcus_avrelius Offline referral

Posts: 2,424
Joined: May 2013
Reputation: 102

#11
Support Team
That is why most powerful companies hire hackers to test their security!
chod Offline referral

Posts: 860
Joined: Jul 2013
Reputation: 85

#12
Posting Freak
You dont need a "hacker" to test your own code, their are tons of methods to do so, free and easily. Granted you have to read and learn more things, but will only make you stronger in the long run.
www.AdminEmpire.com
www.BlimptonTech.com - Best Free Online JavaScript tool to minify JavaScript files.
Evanto Offline referral

Posts: 14
Joined: Jan 2014
Reputation: 1

#13
Junior Member
You can check your website security by pentesting your php code
synergypower Offline referral

Posts: 61
Joined: Apr 2016
Reputation: 0

#14
Member
Almost all sites have the problem with SQL injection injection however they don't recognize that until it already too delayed, and it's actually extremely tough know where the problem is because the rule and everything seems to work excellent.





User(s) browsing this thread: 1 Guest(s)