-
enabled allow_url_fopen https://stackoverflow.com/questions/24049534/is-allow-url-fopen-safe
-
Source Code Revelation http://www.phpfreaks.com/tutorial/php-security
-
Session Hijacking.
If someone steals a session key, is that bad? And the answer is: if you aren’t doing anything important in that session then the answer is no. But if you are using that session to authenticate a user, then it would allow some vile person to sign on and get into things. This is particularly bad if the user is important and has a lot of authority. Session IDs can also be vulnerable server-side if you’re using shared hosting services which store session information in globally accessible directories, like /tmp
Cookies are on browser. Prevention is to make sure there's no script on user input.
$validator = Validator::make($request->all(), [
// Do not allow any shady characters
'names' => 'required|max:255|regex:[A-Za-z1-9 ]',
]);
if ($validator->fails()) {
return redirect('/')
->withInput()
->withErrors($validator);
}
- Cross-site
See https://www.sitepoint.com/preventing-cross-site-request-forgeries/
- SQL injection attack
SELECT StudentName, StudentAddress, StudentBirthday
FROM Registry
WHERE StudentID = 999 OR 1=1;
-- //see the OR 1=1 evaluates to true?
Another example:
SELECT BankAccountName, BankAccountAmount
FROM ACCOUNTS
WHERE ID = 1337; DROP TABLE ACCOUNTS;
-- // see the DROP TABLE ACCOUNTS!??
Prevention is by using:
$someVariable = Input::get("some_variable");
DB::select("SELECT * FROM some_table WHERE some_col = :somevariable", array(
'somevariable' => $someVariable,
));