Showing posts from 2015

How to send files to remote server via SSH in PHP

This example describes ‘How to SSH to remote server in PHP and send files from one server to another server using libssh2.’ ssh2_connect() – Connect to a remote server
ssh2_scp_send() – Send a file via SSH
ssh2_exec() – Execute a command on a remote server Install libssh2 and then install PECL SSH2 extension for PHP. Example:    $ip = ""; $username = "test"; $port = 22; $public_ssh_key = "/var/www/html/ssh_keys/"; $private_ssh_key = "/var/www/html/ssh_keys/id_dsa"; if(function_exists("ssh2_connect")) { $ssh_conn = ssh2_connect($ip, $port); if($ssh_conn) { //Validate your username with ssh keys if(ssh2_auth_pubkey_file($ssh_conn, $username, $public_ssh_key, $private_ssh_key, 'secret')) { // Check file list $stream = ssh2_exec($ssh_conn, 'ls -l /home/test/'); if($stream) { stream_set_blocking($stream, true); while ($buf = fread($stream,4096)) { flush(); // comment this line $data.=$buf; print_r($buf…

Top Ten Web Hacking Techniques

Update 02.14.2011: Open voting for the final 15 is now underway. Vote Now!

This post will serve to collect new attack techniques as they are published. If you think something should be added, please comment below and I'll add them.

"Every year the Web security community produces a stunning amount of new hacking techniques published in various white papers, blog posts, magazine articles, mailing list emails, etc. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and so on. Beyond individual vulnerability instances with CVE numbers or system compromises, we're talking about actual new and creative methods of Web-based attack. The Top Ten Web Hacking Techniques list encourages information sharing, provides a centralized knowledge-base, and recognizes researchers who contribute excellent work."

Current 2011 List
Bypassing Flash’s local-with-filesystem SandboxAbusing HTTP Status Codes to Expose Private InformationSpyT…

PHP / SQL Security – The Big Picture

Web Security Whether your site is the web presence for a large multinational, a gallery showing your product range and inviting potential customers to come into the shop, or a personal site exhibiting your holiday photos, web security matters. After the hard work put in to make your site look good and respond to your users, the last thing you want is for a malicious hacker to come along, perform a PHP hack and break it somehow. There are a number of problems in web security, and unfortunately not all of them have definite solutions, but here we'll look at some of the problems that should be considered every time you set out to write a PHP script to avoid a PHP hack attack. These are the problems which, with well-designed code, can be eliminated entirely. Before looking in detail at the solutions, though, lets take a moment to define the problems themselves. SQL Injection In this attack, a user is able to execute SQL queries in your website's database. This attack is usually p…

PHP / SQL Security – SQL Commands and Non-String Variables

SQL Injection SQL (Structured Query Language) is the language used to interface with many database systems, including MySQL, PostgreSQL and MSSQL. Certain words and characters are interpreted specially by SQL, as commands, separators, or command terminators, for instance. When a user enters data into a form, there is nothing stopping them entering these special commands and characters. Consider the PHP code below: $query = “INSERT INTO orders(address) VALUES('$_GET['address']')”;
$result = mysql_query($query); A form with a textbox named address would be used to gather the information for this page. We'll ignore any other form elements for now, but obviously there'd be the order items, a name, possibly a price, a delivery date, and so on, which would also all need storing in a database. Imagine a perfectly legitimate user comes along and enters the following address 14 King's Way
Kingham County The database would spit back an error because the SQL comm…

what is SQL injection and how to prevent it

SQL Injection is one of the many web attack mechanisms used by hackers to steal data from your database.  It is the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database. If inputs are not sanitized properly, web applications may result in SQL Injection attacks that allow hackers to view information from the database and/or even wipe it out. SQL Injection: A Simple Example Take a simple login page where a legitimate user would enter his username and password combination to enter a secure area to view his personal details or upload his comments in a forum. When the legitimate user submits his details, an SQL query is generated from these details and submitted to the database for verification. If valid, the user is allowed access. In other words, the web application that controls the login page will communicate with the database thr…

PHP Object-Relational Mapping: ORM or ROM?

- NetMake - ScriptCase sponsors the PHP programming innovation award
NetMake is the newest sponsor of the PHP programming innovation award
organized by the PHPClasses site.

This company develops a productivity tool named ScriptCase to help PHP
developers create Web applications in a faster way. The main aspect of
ScriptCase that distinguishes it from other PHP productivity tools is
that the tool itself is a Web based application.

Despite being on the Brazilian market since 2001, only recently NetMake
has been expanding to the international market by making available
ScriptCase in English.

- 2Checkout payments available to accept credit cards
Some users have complained that they wanted to buy premium subscriptions or post paid jobs in the site jobs board, but due to restrictions of Paypal they cannot make the payments.

Therefore the site now accepts credit card payments using the 2Checkout payment services. 2Checkout is company that acts as a res…