Displaying test cases 291026 - 291048 of 291048 in total
-
CVE-2006-0985
-
CVE-2006-1796
-
CVE-2006-6808
-
CVE-2007-1622
-
CVE-2007-5105
-
The test case shows a PHP Include VUlnerability. The defense mechanism protect from Remote File Inclusion with the Apache DOCUMENT_ROOT check and also the directory traversal with the regular expression.
-
The test case exposes a PHP Include Vulnerability. The defense mechanism uses the Apache DOCUMENT_ROOT information to check that the included file is in your document root.
-
The test case shows a PHP Include Vulnerability. A defense mechanism use the file_exists function and the configuration of PHP may allow the file_exists to return true with distant files, this may allow a Remote File Inclusion.
-
The test case shows a PHP File Inclusion vulnerability. The script ca represents a basic template engine.
-
The test case shows a not so weak encryption practice. Here the password is stored in the cookie as a salted SHA-256 of the password. The salted passwords are a common technique to create a better hash, the salt should be inserted in a database... We use the cookie to communicate with the black b...
-
The test case shows a weak encryption practice. Here the password is stored in the cookie as a salted SHA-1 of the password. The salted passwords are a common technique to create a better hash, the salt should be inserted in a database... We use the cookie to communicate with the black box tool; ...
-
The test case shows a weak encryption practice. Here the password is stored in the cookie as SHA-1 of the password. Even if SHA-1 is stronger than MD5, it is a weak algorithm. We use the cookie to communicate with the black box tool; it is a bad practice to store the password in the cookie.
-
The test case shows a weak encryption practice. Here the password is stored in the cookie as md5 of the password. We use the cookie to communicate with the black box tool; it is a bad practice to store the password in the cookie.
-
The test case shows a weak encryption practice. Here there is no encryption and the password is stored in the cookie as plain text. We use the cookie to communicate with the black box tool; it is a bad practice to store the password in the cookie.
-
The test case shows an SQL Injection in a PHP script. The defense mechanism is escaping the dangerous characters for the SQL query such as \', \" etc.
-
The test case shows an SQL Injection. The defense mechanism is the typecasting of the input variables.
-
The test case shows an SQL Injection in a PHP script.
-
The test case shows a basic Cross-Site Scripting in PHP. The associate level of defense is 2. Here we show how to use the replacements of the characters <,>,\',\" etc.
-
The test case shows a basic Cross-Site Scripting in PHP. The associate level of defense is 1. Here we show how to use the typecasting mechanism.
-
The test case shows a basic Cross-Site Scripting in PHP. The associate level of defense is zero because the input is directly printed without filtering.
-
Basic [b]Cross-Site Scripting[/b] (XSS) in PHP.[br] The attacker will write a JavaScript (hop.js) which reads the cookie and send it to: http://www.bad.com/getCookie.php which store it in a file.[br]
-
This test case show how to solve the [b]PHP Include[/b] problem.[br] The solution consists on the limitation of the possible target files.
-
This is a basic [b]PHP Include[/b] vulnerability.[br]Attackers can relay malicious code through web application to another system.