Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
9 views31 pages

php1 1

The document provides an overview of PHP, emphasizing its role in connecting databases to front-end applications, which is crucial for understanding vulnerabilities. It includes instructions for setting up a PHP server using Apache on Linux, creating basic PHP files, handling HTML form inputs, and addressing potential security issues like XSS injections. Additionally, it covers methods for reading files in PHP and the importance of using functions like htmlspecialchars() to prevent harmful code execution.

Uploaded by

francismizo77
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
9 views31 pages

php1 1

The document provides an overview of PHP, emphasizing its role in connecting databases to front-end applications, which is crucial for understanding vulnerabilities. It includes instructions for setting up a PHP server using Apache on Linux, creating basic PHP files, handling HTML form inputs, and addressing potential security issues like XSS injections. Additionally, it covers methods for reading files in PHP and the importance of using functions like htmlspecialchars() to prevent harmful code execution.

Uploaded by

francismizo77
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 31

PHP

PHP

▪ Php is dynamic language that connects the servers


database to the front end thus it is very important
for us as hackers
▪ We need to know some basics and how to connect the
front end to the database thus we will know more
about the vulnerabilities found in php and source
code review
PHP

▪ First we need to get php server to get our site up


and working
▪ In linux we can use apache server or ngnix in
# sudo apt install apache2
# sudo systemctl start apache2
# sudo systemctl enable apache2
# sudo apt install php libapache2-mod-php
PHP

▪ After installing apache server go to /var/www/html


▪ And start making your file index.php
PHP

Observe we put php inside html code and put


<?php here_php_code ?>

After saving the file can go to


http://localhost/index.php
PHP


PHP

▪ And the output would be


PHP

▪ Variables in php should be as


▪ $I = 11
▪ $x = "this is test"
▪ $y = NULL
PHP

▪ About functions
PHP

▪ We can pass argument for the function as


function somefunction($name){}

When calling it then


somefunction("ahmed")
PHP
PHP

▪ To connect the html page inputs as username ,


passwords …
▪ First we make html input as
<input name=username >
<input name=password >
<input name=button type="submit">
PHP

Save as index.php
<html>
<body>
<form action="welcome.php" method="POST">
Name: <input type="text" name="name"><br>
E-mail: <input type="text" name="email"><br>
<input type="submit">
</form>
</body>
</html>
PHP

See that
<form action="welcome.php" method="POST">

Which tells us to send the output to welcome.php file


with the method post but we need to configure
welcome.php (there are two methods to send data GET
and POST ]
PHP

<html>
<body>
Welcome <?php echo $_POST["name"]; ?><br>
Your email address is: <?php echo $_POST["email"]; ?>
</body>
</html>
PHP

▪ Remember that we catch any html tag by its name


attribute
PHP
PHP

▪ Here we will start the vulnerability assessment as


most of injections are in input field
and parameters
▪ Post parameters as above are transmitted inside the body of the
request but the Get request is in the link as
▪ https://example.com?id=1
▪ Id is input field but transmitted over Get request
PHP

▪ To recive Get request then we use


▪ $_GET['the_name_here']
▪ And to get the post request we use
▪ $_POST['the_name_here']
PHP

▪ This is how the php server recive the data from


POST request
PHP

What if we don't know even the coming request is Get


or Post
We use $_SERVER['']
PHP

▪ Some times hackers inject inside input something called


xss as
▪ https://example.com?id="/><script>alert()</script>
That is reflected inside the code as
>
PHP

▪ So programmers use escaping functions to help them


filter all of these injections as

▪ Observe that we use htmlspecialchars() function


PHP

htmlspecialchars() encodes the content of the input


to html encoding which can not be harmful to the
internal backend system

As the full code of the backend is working as


PHP
PHP

▪ What if we need to dell with files as read and


write

This command read the file called webdicitionary.txt


PHP
PHP

▪ There are many options to read files as readfile()

▪ There is another way to open files as

▪ Here we opened the file with the mode read "r"


After that we need to use fread to read the content
PHP
PHP

▪ This will open the file and read the content of it


with the two functions , fopen() and fread()
PHP

▪ Final
https://chat.whatsapp.com/GzmAbX2OmLG5iqeh3hFoRC
+201003425890
https://t.me/rednexus1

You might also like