undefined | Better HN

0 pointsipaddr4y ago0 comments

What features are used unintentionally leading to serious bugs?

0 comments

The ease of the "just put it on the filesystem and it can be run!" system also opens up security vulnerabilities when people want to enable file uploads, for instance. I think the proliferation of places you can put configuration for the runtime is also a potential source of issues, as are various forms of string escaping that should be avoided.

nicce4y ago

Take a look for https://book.hacktricks.xyz/pentesting/pentesting-web/php-tr... for example. (Note also, that is the only programming language specific list, which is one mile long.)

ipaddrOP4y ago

These are older issues. When you see comments like: This bypass was tried apparently on PHP 5.2.5 and I couldn't make it work on PHP 7.3.15) I'm not sure these apply anymore. The loose == vs strict === exists in many languages. You can make the same mistake in Javascript.

j / k navigate · click thread line to collapse

0 comments

emodendroket4y ago

nicce4y ago

Take a look for https://book.hacktricks.xyz/pentesting/pentesting-web/php-tr... for example. (Note also, that is the only programming language specific list, which is one mile long.)

ipaddrOP4y ago

j / k navigate · click thread line to collapse