Tag Archives: Injection

XPath Null Byte Injection in PHP

Back in July this year, in Mitigating XPath Injection Attacks in PHP I was writing about how to properly quote a string in PHP’s Xpath 1.0. The code presented there was based on the assumption that the resulting expression is … Continue reading

Posted in Hakre's Tips, PHP Development, Pressed, Surviving the Internet | Tagged , , , , , , , | Leave a comment

Mitigating XPath Injection Attacks in PHP

PHP has two libxml based extensions that allow to execute XPath 1.0 expressions: DOM (by the DOMXPath class) and SimpleXML (with its xpath() method). Both extensions are prone to XPath Injection Attacks, a common attack form. Albeit all this, and … Continue reading

Posted in Hakre's Tips, PHP Development, Pressed, Surviving the Internet | Tagged , , , , , , , | 1 Comment

PHP Autoload Invalid Classname Injection

There are many ways to attack an application, many are working by injecting some malicious data hoping to trigger a deserved action in the end. Most of these are possible when input data is not properly sanitized. This can have … Continue reading

Posted in Features, Hakre's Tips, PHP Development, Pressed, The Know Your Language Department | Tagged , , , , , | 1 Comment