During an internship at NitroTeam.kz, my students found several vulnerabilities in LibreHealth: Broken Access Control (CVE-2022-31496), Cross-Site Scripting (CVE-2022-31492, CVE-2022-31493, CVE-2022-31494, CVE-2022-31495, CVE-2022-31497, CVE-2022-31498).
Yii2 is one of the popular PHP frameworks with difficult name to read. Correct use of frameworks significantly reduces development time, and also covers most of the security issues. But this, of course, does not mean the absolute safety of Yii2 applications, since there is always a human factor in any system. This short note… Continue reading A note on Yii2 code generation safe usage
Made report at Open Sysconf’19 about PHP backdoors with my colleague @joe1black. In this report were considered backdoors of different levels: common and uncommon with examples. PDF in russian language.