Tag Archives: php

PHP 5.4 Packages for Red Hat

PHP 5.4 Packages for Red Hat | Red Hat Enterprise Linux is an excellent stable distro for mission critical enterprise environments. However the PHP and MySQL versions included are a tad behind mainstream. There is a great community repository from Rackspace that offers recent PHP, MySQL, and Python versions for Red Hat. The project page is: http://iuscommunity.org For Red Hat 5 and

Protect Against XSS by Enabling HttpOnly for Linux Apache PHP

Protect Against XSS by Enabling HttpOnly for Linux Apache PHP | HttpOnly is a session cookie flag created to protect against cross site scripting and theft of session cookies. For good security, this should be enabled for PHP running under Apache especially for sites such as WordPress, Drupal, Joomla, and other popular PHP-based web applications. OWASP has some information on HttpOnly. I’ll show you how to

Fun with SHODAN

Fun with SHODAN | Shodanhq.com is awesome. These are fun: http://www.shodanhq.com/search?q=X-Powered-By%3A+PHP%2F5.1.2 Many sites running old PHP from 2006. Edit as desired to find an old php target. http://www.shodanhq.com/search?q=X-AspNet-Version%3A+1.1.4322 Incredible how many sites still use ASP .NET 1.x http://www.shodanhq.com/search?q=%22cisco-ios%22+%22last-modified%22 Web management pages for Cisco devices that have authentication disabled. http://www.shodanhq.com/search?q=Server%3A+Microsoft-IIS%2F5.0+ IIS 5.0 http://www.shodanhq.com/search?q=Server%3A+Apache%2F1. Ancient versions of Apache still in use

Test Your Server for MySQL Injection

Test Your Server for MySQL Injection | Q: What tools are used for testing for MySQL and other database injection vulnerabilities? The following are often used to automate testing for SQL injections by network and security admins: sqlmap – automatic SQL injection and database takeover tool Havij – automated SQL injection tool metasploit – security framework (Metasploit as you may be aware