* You are viewing the archive for the ‘PHP Security’ Category

Worst “trojan” ever

While idly browsing pastebin (yes, sometimes I do that), I found something interesting. It’s some mildly obfuscated PHP scripted malware. Curious what it might do, I started reverse engineering it and found what must be the worst coded trojan ever.

Continue Reading

Why HTTP_HOST is evil

When browsing Stackoverflow I often notice users asking questions somehow involving the use of HTTP_HOST. I nonchalantly hint on its vulnerable nature and fail to produce a hint on an article explaining why. Which is why I decided to take matters into my own hands.

Continue Reading