Skip to content

Anas0x1/PHP_Security

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

56 Commits
CORS
CORS
 
 
CSRF
CSRF
 
 
File Upload
File Upload
 
 
HTMLi
HTMLi
 
 
SQLI
SQLI
 
 
SSTI
SSTI
 
 
XSS
XSS
 
 
clickjacking
clickjacking
 
 
redirect
redirect
 
 
serialization
serialization
 
 
ssrf
ssrf
 
 
README.md
README.md
 
 

Repository files navigation

PHP_Security

Web Application Vulnerabilities in PHP

This project demonstrates various web application vulnerabilities commonly found in PHP applications. Each vulnerability is accompanied by both a vulnerable and a secure version of the code. The code samples are organized in a single folder for easy reference.

Vulnerabilities Covered

  1. Cross Origin Resource Sharing (CORS)

    • Vulnerable Code: vuln_cors.php
    • Exploit Code: exploit_cors.html
    • Secure Code: secure_cors.php

  2. Cross-Site Request Forgery (CSRF)

    • Vulnerable Code: vuln_csrf.php
    • Exploit Code: exploit_csrf.html
    • Secure Code: secure_csrf.php

  3. File Upload

    • Vulnerable Code: vuln_file_upload.php
    • Secure Code: secure_file_upload.php

  4. HTML Injection (HTMLi)

    • Vulnerable Code: vuln1_htmli.php
    • Vulnerable Code: vuln2_htmli.php
    • Secure Code: secure_htmli.php

  5. SQL Injection (SQLi)

    • Vulnerable Code: vuln_sqli.php
    • Secure Code: secure_sqli.php

  6. Server Side Template Injection (SSTI)

    • Vulnerable Code: vuln_ssti.py
    • Secure Code: secure_ssti.py

  7. Cross-Site Scripting (XSS)

  8. Clickjacking

    • Exploit Code: exploit_clickjacking.php

  9. Open Redirect

    • Vulnerable Code: vuln_redirect.php

  10. PHP Serialization

  11. Server Side Request Forgery (SSRF)

    • Vulnerable Code: vuln_ssrf.php
    • Secure Code: secure_ssrf.php

Running the Code

  1. Clone the repository to your local machine:

    git clone https://github.com/0x0anas/PHP_Security.git

  2. Navigate to the project directory:

    cd PHP_Security

  3. Choose the vulnerability you want to explore and navigate to its directory.

  4. Run the PHP code using a local development server or any PHP server environment.

Usage

  1. Study the vulnerable code to understand the vulnerability and how it can be exploited.

  2. Review the secure code to learn about best practices for mitigating the vulnerability.

  3. Experiment with different inputs to observe how the vulnerable code behaves and how the secure code prevents exploitation.

Contribution

Contributions are welcome! If you discover additional vulnerabilities or have suggestions for improving the existing code, feel free to submit a pull request or open an issue.

Disclaimer

This project is for educational purposes only. Do not use the vulnerable code in a production environment. Always follow best practices for securing web applications to prevent exploitation of vulnerabilities.

About

Web application vulnerabilities written in PHP.

Topics

php vulnerabilities

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages