* You are viewing the archive for the ‘PHP Security’ Category
While idly browsing pastebin (yes, sometimes I do that), I found something interesting. It’s some mildly obfuscated PHP scripted malware. Curious what it might do, I started reverse engineering it and found what must be the worst coded trojan ever.
February 17, 2011
Tags: apache, httphost, PHP, Security
When browsing Stackoverflow I often notice users asking questions somehow involving the use of
HTTP_HOST. I nonchalantly hint on its vulnerable nature and fail to produce a hint on an article explaining why. Which is why I decided to take matters into my own hands.