Css – CSP and inline styles from color picker
I am using CSP on my website to keeps things locked down as much as possible. I have an HTML editor on the website, and I wanted to allow users to choose text colors from a color picker. This involves…
WordPress – unwanted injection in index, config and setting and load in wp-include
There is about one month that my WordPress site redirect to unwanted sites. every day I check main files, and I find index.php, wp-config.php, wp-settings.php and load.php in wp-includes injected randomly, an @include an .oti file type which exists in…
SQL injection in Laravel 10
I have codes see below which is works. $city = City::find(1); $city->location = DB::raw('geomfromtext('point(' . $location . ')')'); $city->save(); Question 1: Is there SQL injection issue in the codes above because I using DB::raw() which sticking the string(variable) in without…
dealing with eval in PHP
Disclaimer: This is just an example to learn about PHP code injections and not production code used in any way. I am fully aware that this is not good coding practice. I have the following PHP Script: <!DOCTYPE html PUBLIC…
how to fix vulnerabilitie segment in my javascript code
i am not the strongest js user, but i need it and i wrote some code for my webpage which works on apache and php. in my ajax requests i have that code in if (dataX['var1'] == '1.1' || dataX['var1']…
How to block modification of .htaccess file wordpress
please tell me what can I do to protect my .htaccess file ? Recently I was hacked and I noticed that I can navigate into different place of my wp-admin (Posts, settings, plugins,...) they show permission page - forbiden. A…
Server side injection on ASP.NET backend (IIS) by arbitrary file upload
I'm not an expert in cyber security and exploits. I need help figuring out if my app is vulnerable and in what way. Let's assume I'm an idiot (and I'm not to this extent), and I leave the possibility for…
Regex or viable method for erasing this piece of malicious PHP code? – Oscommerce
At my company, we have a problem with most eCommerce software like osCommerce and OpenCart and some content management sites like Wordpress or Joomla!. This is the code we find in, pretty much, every footer.php, header.php and index.php file in…