Latest Tech

Latest Posts

secure your website , scripts , patches , php , html , jquery , asp . 

How to Protect Your PHP File from Direct Access Using CSRF Tokens and PHP Sessions
PHP Web Application Security: Prevent Unauthorized Access to Your data.php File

How to Protect Your PHP data.php File from Direct Access, CSRF, and DoS Attacks via AJAX

Details
Written by: khalil shreateh
Category: Websites Security
Hits: 92
If you have been building web applications for any length of time, you have probably written a PHP file that handles data requests from the front end — something like data.php. Maybe it pulls records from a database, returns user-specific content, or processes a form submission triggered by an AJAX call. Whatever it does, there is a very good chance that file is sitting on your server with far less protection than it deserves.

Why Your data.php File Is a Security Risk You Cannot Ignore

The problem is not that developers are careless. The problem is that security is easy to overlook when you are focused on making features work. You get the AJAX request firing correctly, the data coming back the right way, and everything looking good in the browser — and then you move on. But what happens when someone types the URL of your data.php file directly into their browser? What happens when an attacker crafts a page that silently triggers your endpoint using a logged-in user's session? What happens when a script replays the same valid request hundreds of times in a matter of seconds?

These are not hypothetical edge cases. They are real, well-documented attack vectors that affect web applications of every size. The good news is that protecting against them does not require expensive tools or deep expertise in cybersecurity. A solid understanding of PHP sessions, CSRF tokens, and basic request validation is enough to close the most common vulnerabilities. This article walks you through exactly that, layer by layer.

Read more: How to Protect Your PHP data.php File from Direct Access, CSRF, and DoS Attacks via AJAX

Cross-Site Request Forgery (CSRF) Exploit And Prevention

Details
Written by: khalil shreateh
Category: Websites Security
Hits: 6379

In this article you will learn what is Cross-Site Request Forgery (CSRF), How to exploit CSRF and how to protect against it . 

An introduction to JavaScript-based DDoS

Details
Written by: khalil shreateh
Category: Websites Security
Hits: 6878

One of the oldest and most pervasive attacks launched against websites is the Distributed Denial of Service (DDoS) attack. In a typical DDoS attack, an attacker causes a large number of computers to send data to a server, overwhelming its capacity and preventing legitimate users from accessing it.

Read more: An introduction to JavaScript-based DDoS

WordPress Brute Forcer 2.0

Details
Written by: khalil shreateh
Category: Websites Security
Hits: 20075

This is a python script that performs brute forcing against WordPress installs using a wordlist.

Read more: WordPress Brute Forcer 2.0

Uploading Shell Via SQL Injection Vulnerability

Details
Written by: khalil shreateh
Category: Websites Security
Hits: 34126

In the Name of ALLAH the most beneficent and the Merciful

It was a myth for me to upload files on IIS servers, when the user is admin and we have the path also. There are ways to write files with xp_cmdshell but that is not enabled on every SQL Server due to security reasons and also not enabled by default. After i read these articles

Read more: Uploading Shell Via SQL Injection Vulnerability

  1. Arbitrary File Download, Upload Shell, Deface
  2. Limit Login Attempts - Blocking Brute Force Attacks
  3. Remote Code Execution (RCE)
  4. Bypass web server error 403 forbidden

Page 1 of 4

Information Security

Social Media Share
About Contact Terms of Use Privacy Policy
© Khalil Shreateh — Cybersecurity Researcher & White-Hat Hacker — Palestine 🇵🇸
All content is for educational purposes only. Unauthorized use of any information on this site is strictly prohibited.