undefined | Better HN

0 pointsipaddr4y ago0 comments

What features are used unintentionally leading to serious bugs?

0 comments

3 comments · 2 top-level

nicce4y ago· 1 in thread

Take a look for https://book.hacktricks.xyz/pentesting/pentesting-web/php-tr... for example. (Note also, that is the only programming language specific list, which is one mile long.)

ipaddrOP4y ago

These are older issues. When you see comments like: This bypass was tried apparently on PHP 5.2.5 and I couldn't make it work on PHP 7.3.15) I'm not sure these apply anymore. The loose == vs strict === exists in many languages. You can make the same mistake in Javascript.

emodendroket4y ago

The ease of the "just put it on the filesystem and it can be run!" system also opens up security vulnerabilities when people want to enable file uploads, for instance. I think the proliferation of places you can put configuration for the runtime is also a potential source of issues, as are various forms of string escaping that should be avoided.

j / k navigate · click thread line to collapse