There is about one month that my WordPress site redirect to unwanted sites. every day I check main files, and I find index.php, wp-config.php, wp-settings.php and load.php in wp-includes injected randomly, an @include an .oti file type which exists in…
I have codes see below which is works. $city = City::find(1); $city->location = DB::raw('geomfromtext('point(' . $location . ')')'); $city->save(); Question 1: Is there SQL injection issue in the codes above because I using DB::raw() which sticking the string(variable) in without…
Disclaimer: This is just an example to learn about PHP code injections and not production code used in any way. I am fully aware that this is not good coding practice. I have the following PHP Script: <!DOCTYPE html PUBLIC…
i am not the strongest js user, but i need it and i wrote some code for my webpage which works on apache and php. in my ajax requests i have that code in if (dataX['var1'] == '1.1' || dataX['var1']…
please tell me what can I do to protect my .htaccess file ? Recently I was hacked and I noticed that I can navigate into different place of my wp-admin (Posts, settings, plugins,...) they show permission page - forbiden. A…
I'm not an expert in cyber security and exploits. I need help figuring out if my app is vulnerable and in what way. Let's assume I'm an idiot (and I'm not to this extent), and I leave the possibility for…
At my company, we have a problem with most eCommerce software like osCommerce and OpenCart and some content management sites like Wordpress or Joomla!. This is the code we find in, pretty much, every footer.php, header.php and index.php file in…