Most common php vulnerabilities?

What are the most common PHP vulnerabilities?

Find

Reply

For what version though? Each version has their own and many are patched very quickly.

The most common vulnerability in PHP is the coder. But you have other issues like SQL injection, remote file inclusion, session jacking, cross site request forgery, directory traversal, revealing the source code, XSS.

www.AdminEmpire.com
www.BlimptonTech.com - Best Free Online JavaScript tool to minify JavaScript files.

Find

Reply

Yeah YouTube is loaded with video tutorials about SQL injection LOL

Find

Reply

I am not asking about specific PHP version but rather in general! What makes SQL injection possible?

Find

Reply

Go read about it Ivan, stop being lazy and asking to be spoon fed. And I stated General issues as well in my response. I asked about what specific version because that will add more vectors to the equation as well.

www.AdminEmpire.com
www.BlimptonTech.com - Best Free Online JavaScript tool to minify JavaScript files.

Find

Reply

Quote:SQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).[

http://en.wikipedia.org/wiki/SQL_injection

Find

Reply

(10-03-2013 06:18 PM)Maya Wrote:  

Quote:SQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).[

http://en.wikipedia.org/wiki/SQL_injection

That does not answer his question (He asked how is it possible, not what it is) and could not be properly answered in a post here since most people on here do not read past a couple sentences.

Just SQL injection alone is a massive subject, let alone all the other things I stated before.

www.AdminEmpire.com
www.BlimptonTech.com - Best Free Online JavaScript tool to minify JavaScript files.

Find

Reply

The majority of websites have the issue with SQL injection however they don't realize that until it already too late, and it's actually very difficult know where the problem is because the code and everything appears to work fine!

Find

Reply

Test your code before going to production for things like SQL injection and you won't ever have to worry about it, plus there are ways to prevent it from happening if you use prepared statements and parameterized queries. What that means is the statement sent and parsed separately from any parameters. If this is done it would then be impossible to inject anything malicious SQL wise.

Just because your code "works" does not mean it is ready for production.

Also forgot to say the adapter you use, can change how the code should be used, make sure you understand the differences between them when you're programming.

www.AdminEmpire.com
www.BlimptonTech.com - Best Free Online JavaScript tool to minify JavaScript files.

Find

Reply

Thanks Chod not I understand that there are ways to prevent SQL injection.

Find

Reply

That is why most powerful companies hire hackers to test their security!

Find

Reply

You dont need a "hacker" to test your own code, their are tons of methods to do so, free and easily. Granted you have to read and learn more things, but will only make you stronger in the long run.

www.AdminEmpire.com
www.BlimptonTech.com - Best Free Online JavaScript tool to minify JavaScript files.

Find

Reply

You can check your website security by pentesting your php code

MyBB custom theme designs[>Portfolio<]
.5$ domain[Limited]

Find

Reply

Almost all sites have the problem with SQL injection injection however they don't recognize that until it already too delayed, and it's actually extremely tough know where the problem is because the rule and everything seems to work excellent.

Find

Reply