This is kind of a simple tip, but it's a useful one. If you need to send data to a server to see how it reacts, or need to receive data from a server, rather than writing a script.. just use NetCat! There are versions of NetCat for Windows and if your *nix distribution doesn't come pre-installed with NetCat, just get rid of it now. Read the rest of this entry »
Jul
15
TrueCrypt is a tool for creating encrypted "harddrives" on Windows and Linux. It can also encrypt things like flash drives and external harddrives. Read the rest of this entry »
Jul
12
Just change the $infile and $outfile variables, and run the script, and it'll spit out a base64 encoded PHP file ready for distribution.
<?php
$infile = '';
$outfile = '';
$h1 = fopen($infile, 'r');
$h2 = fopen($outfile, 'w');
$tmp = fread($h1, filesize($infile));
$tmp = preg_replace("/<?[ph]*/i", "", $tmp);
$tmp = preg_replace("/?>/i", "", $tmp);
$contents = "<? eval(base64_decode('";
$contents .= base64_encode($tmp);
$contents .= "')); ?>";
fwrite($h2, $contents);
fclose($h1);
fclose($h2);
echo("Done");
?>
Jul
11
What is an RFI?
An RFI (or remote file inclusion) is a web application vulnerability that allows users to include any file that they wish, to be executed by your server. I'll explain more on this later, but this is the simple answer.
Read the rest of this entry »
Jul
11
When you're only expecting an integer value, do something like this in your code:
if(is_numeric($_GET['id'])){
$query = "SELECT name WHERE id = '" . $_GET['id'] . "'";
}
else{
die("ID is not numeric.");
}
Also, this is another way:
$query = "SELECT name WHERE id ='" . intval($_GET['id']) . "';
It'll save you some headaches 