Video yükleniyor...

Video Yüklenemedi

Bu video yüklenirken bir sorun oluştu. Bu geçici bir ağ sorunundan kaynaklanıyor olabilir veya video kullanılamıyor olabilir.

Ana Sayfaya Dön

Improperly Secured PHP Functions Can Lead to Full System Acces 🧵

OffSec

320,939 subscribers

11,993 görüntüleme • 1 yıl önce •via X (Twitter)

Bilim & Teknoloji

Anya Rossi• Live Now

Private livecam show

5 Yorum

OffSec profil fotoğrafı

OffSec1 yıl önce

A vulnerable PHP function, system(), allowed us to execute arbitrary commands on the target. By capturing a generated password and modifying the request, we successfully executed id—proving remote code execution (RCE) was possible.

OffSec profil fotoğrafı

OffSec1 yıl önce

What this means: ⭕️ Attackers can escalate this to a reverse shell, gaining full control over the system. ⭕️ Web apps that allow unsanitized user input in system commands are high-risk targets.

OffSec profil fotoğrafı

OffSec1 yıl önce

Key takeaway: If you're securing web applications, always assume input can be weaponized and lock down execution paths before attackers do. Prevent this by disabling functions (system, exec, shell_exec) and implementing proper input validation.

OffSec profil fotoğrafı

OffSec1 yıl önce

For more tutorials, join OffSec Live: 🗓️ Friday, February 14th, 2025 at 6:00 p.m. ET 💻 PG Practice Machine: Shiftdel 🎯 Topic: PEN-200 - Common Web Application Attacks, Locating Public Exploits and Linux Privileges Escalation

毛玉真 profil fotoğrafı

毛玉真1 yıl önce

确实，PHP函数如果没有妥善保护，可能会导致系统被完全访问。这提醒我们在开发中要加强安全措施，确保代码安全，避免潜在风险。💰

Benzer Videolar

LEAD SECURED ✅

LEAD SECURED ✅

Rays on FanDuel Sports Network

10,271 görüntüleme • 2 yıl önce

Finished full tile and object interaction + action system I'm building my own game engine in JS. Should have the basic engine functions ready now. Time to add fun things ✨

Finished full tile and object interaction + action system I'm building my own game engine in JS. Should have the basic engine functions ready now. Time to add fun things ✨

Danny Postma

38,658 görüntüleme • 1 yıl önce

Introducing #Chainlink Functions—the serverless #Web3 platform for connecting any data, device, or system to smart contracts. Functions brings Web2 services like Amazon Web Services, Meta, and Google Cloud on-chain to empower devs to #LinkTheWorld to Web3.

Introducing #Chainlink Functions—the serverless #Web3 platform for connecting any data, device, or system to smart contracts. Functions brings Web2 services like Amazon Web Services, Meta, and Google Cloud on-chain to empower devs to #LinkTheWorld to Web3.

Chainlink

359,681 görüntüleme • 3 yıl önce

Pitchfest Opener by Tina Dai ✨ co-lead of Bufficorn Ventures Full video below 👇🧵

Pitchfest Opener by Tina Dai ✨ co-lead of Bufficorn Ventures Full video below 👇🧵

ETHDenver 🏔🦬🦄

38,926 görüntüleme • 3 ay önce

🗣️ Important reminder: All MPs can now correct the official record when they make a mistake. This improvement to the parliamentary correction system comes after campaigning from Full Fact. We hope to see our politicians lead by example.

🗣️ Important reminder: All MPs can now correct the official record when they make a mistake. This improvement to the parliamentary correction system comes after campaigning from Full Fact. We hope to see our politicians lead by example.

Full Fact

59,417 görüntüleme • 1 yıl önce

We sat down with Epic Engineering Lead Aidan McDu to discuss how the new Custom Lightsaber system was built in UEFN. Using Custom Inventory & Items and Verse, players can create their own lightsaber with unique hilts, crystals, Force abilities, and more. Here's how the team brought customizable lightsabers to Fortnite 🧵:

We sat down with Epic Engineering Lead Aidan McDu to discuss how the new Custom Lightsaber system was built in UEFN. Using Custom Inventory & Items and Verse, players can create their own lightsaber with unique hilts, crystals, Force abilities, and more. Here's how the team brought customizable lightsabers to Fortnite 🧵:

Fortnite Developers

36,197 görüntüleme • 1 ay önce

2. Why brain health matters. Your brain controls every system in your body: • Nervous system • Immune response • Hormone regulation A neglected brain can lead to: • Brain fog • Mood swings • Poor memory • Neurodegenerative diseases.

2. Why brain health matters. Your brain controls every system in your body: • Nervous system • Immune response • Hormone regulation A neglected brain can lead to: • Brain fog • Mood swings • Poor memory • Neurodegenerative diseases.

Joey Yochheim

328,416 görüntüleme • 1 yıl önce

In Coach Cortney Braswell’s system, Cover 6 functions as a boundary-reduction call: 🔹 Cover 2 to boundary, Quarters to field 🔹 9-tech Anchor = force, Mike spills, Will boxes 🔹 Structure aligns to field/boundary, not formation Full breakdown:

In Coach Cortney Braswell’s system, Cover 6 functions as a boundary-reduction call: 🔹 Cover 2 to boundary, Quarters to field 🔹 9-tech Anchor = force, Mike spills, Will boxes 🔹 Structure aligns to field/boundary, not formation Full breakdown:

Football Coach™️

25,594 görüntüleme • 1 yıl önce

Tymek Kucharczyk has secured the lead after the opening- corner incident! 😲

Tymek Kucharczyk has secured the lead after the opening- corner incident! 😲

INDY NXT by Firestone

17,197 görüntüleme • 7 gün önce

Rosé easily secured the lead dancer position and people are still trying to convince everyone otherwise🫢 #ROSÉ #로제

Rosé easily secured the lead dancer position and people are still trying to convince everyone otherwise🫢 #ROSÉ #로제

Rosé Stan ( ၴႅၴ

43,616 görüntüleme • 18 gün önce

Breaking: We can now prove that AI is correct. DeepProve-1 is the first production-ready zkML system to cryptographically verify a full LLM inference. Lagrange has successfully proven the inference of OpenAI’s GPT-2, moving verifiable AI from theory to production: 🧵

Breaking: We can now prove that AI is correct. DeepProve-1 is the first production-ready zkML system to cryptographically verify a full LLM inference. Lagrange has successfully proven the inference of OpenAI’s GPT-2, moving verifiable AI from theory to production: 🧵

LAGRANGE

249,005 görüntüleme • 9 ay önce

🚨In Hong Kong, crossing the street improperly can result in a police citation, with pedestrians facing fines of up to $255.

🚨In Hong Kong, crossing the street improperly can result in a police citation, with pedestrians facing fines of up to $255.

RussiaNews 🇷🇺

20,076 görüntüleme • 1 ay önce

"You can't fix a system problem from the system creating the problem." - Jeff Booth ⚡️ The debt system is a psyop designed to steal your time. I sat down with Jeff Booth to discuss the inevitable collision between Exponential AI and Insolvent Debt. Full episode in 🧵

"You can't fix a system problem from the system creating the problem." - Jeff Booth ⚡️ The debt system is a psyop designed to steal your time. I sat down with Jeff Booth to discuss the inevitable collision between Exponential AI and Insolvent Debt. Full episode in 🧵

Peter McCormack 🏴‍☠️🇬🇧🇮🇪

26,094 görüntüleme • 3 ay önce

Refreshed castle building system More in🧵

Refreshed castle building system More in🧵

Highland Keep

61,875 görüntüleme • 9 ay önce

Crimson Desert has a Wanted System that can lead to you getting a bounty or going to jail for commiting crimes. Just look at all these dudes chasing him 😭

Crimson Desert has a Wanted System that can lead to you getting a bounty or going to jail for commiting crimes. Just look at all these dudes chasing him 😭

KAMI

510,741 görüntüleme • 3 ay önce

The Lorenz system is a model that describes chaotic behavior in atmospheric convection. Its study reveals how small changes in initial conditions can lead to different outcomes.

The Lorenz system is a model that describes chaotic behavior in atmospheric convection. Its study reveals how small changes in initial conditions can lead to different outcomes.

Samuel Vaiter

11,386 görüntüleme • 1 yıl önce

“I’m counting on you to lead so I can lead.” 💛

“I’m counting on you to lead so I can lead.” 💛

sky

13,174 görüntüleme • 1 yıl önce