Oct 28

Anyone who wants to SEO optimize their website or blog knows that they need to redirect all users to the same place so that search engines don't come up with duplicate information. It's very easy to do with .htaccess files, but if you aren't able to make those, you can also do it with PHP.

$site = "mysite.com";
if(strpos($_SERVER['HTTP_HOST'], "www.") !== 0){
	header("Location: http://www." . $site . $_SERVER['REQUEST_URI']);
}

Just change the $site variable, put it in the header of your site, and you're done :)

Posted in PHP | No Comments »
Oct 20

Everyone's seen the following in almost every SQL injection tutorial on the planet:

UNION ALL SELECT 0,0,0,0,0 FROM users

This is the standard method of SQL injection: slide in a UNION statement to join two SELECT statements together and thus get the data you're looking for. This is fun, but it often produces ugly and hard to interpret results. Read the rest of this entry »

Posted in PHP, Vulnerabilities | No Comments »
Oct 14

I was browsing around the PHP online manual (the single best resource for learning about PHP) and I came up with several things that I didn't know about that were pretty interesting.

  1. Alternate syntax for control structures (if, while, etc) 
    <?php $a = "b";
if($a == "a"): ?>
a = a
<?php elseif($a == "b"): ?>
a = b
<?php else: ?>
a = ?
<?php endif; ?>
  2. Changing modified and accessed time of a file 
    touch("fake.txt", time()-1*60*60*24*365, time()-1*60*60*24*365);
  3. Highlighting a file for PHP syntax with one line 
    highlight_file('file.php');

Actually, I already knew about all of these, I just wanted to share :P

Posted in PHP | 2 Comments »
Oct 10

First off, I want to stress that the idea of an XSS fuzzer in GreaseMonkey is not my own unique idea - I saw WhiteAcid's XSS Assistant a few months ago and played with it a little bit with some success. However, his is very different from mine, mainly in that it is far more detailed and pretty than mine is. Well, I liked the concept of this XSS fuzzer, but I wanted to change how it worked. Read the rest of this entry »

Posted in Javascript, Vulnerabilities | 3 Comments »
Oct 3

Does anyone have any clue as to why on one day your blog can be completely spam-free, and then the next day and every day after that you have dozens of spam comments in your queue every time you come online? If anyone has any suggestions, excluding captchas (because they're not worth the effort for humans to comment on my blog), for preventing spam, I'm all ears.

In unrelated news, apparently Cialis has been nominated as the new drug that no one wants but will be pushed upon every man, woman and child on the Internet by spammers. This is a blow to the Viagra campaign which until recently held a monopoly in online spam.

Posted in News | 7 Comments »

Next Entries »