All posts by Pramod T P

Unbuffered Queries

Unbuffered MySQL queries execute the query and then return a resource while the data is still waiting on the MySQL server for being fetched. This uses less memory on the PHP-side, but can increase the load on the server. Unless the full result set was fetched from the server no further queries can be sent over the same connection. Unbuffered queries can also be referred to as “use result”.

func_get_args

Returns an array in which each element is a copy of the corresponding member of the current user-defined function’s argument list.

<?php
 function testFunction() {
 echo "Number of arguments : " .func_num_args();
 }
testFunction(1, 2, 3);
?>

It outputs Number of arguments : 3

ob_start

This function will turn output buffering on. While output buffering is active no output is sent from the script (other than headers), instead the output is stored in an internal buffer.

The contents of this internal buffer may be copied into a string variable using ob_get_contents(). To output what is stored in the internal buffer, use ob_end_flush(). Alternatively, ob_end_clean() will silently discard the buffer contents.

<?php
 function callback($buffer) {
 return (str_replace("PHP", "PHP Codez", $buffer));
 }
 ob_start("callback");
?>
 <p>Welcome to PHP</p>
<?php
 ob_end_flush();
?>

The output will be Welcome to PHP Codez

quote_meta

The quotemeta() function adds backslashes in front of some predefined characters in a string.

This function can be used to escape characters with special meanings, such as ( ), [ ], and * in SQL.

This function is binary-safe.

The predefined characters are:

  • period (.)
  • backslash (\)
  • plus sign (+)
  • asterisk (*)
  • question mark (?)
  • brackets ([])
  • caret (^)c
  • dollar sign ($)
  • parenthesis (())

Example

<?php
 $str = "PHP Codez. (Welcome)";
 echo quotemeta($str);
?>

It outputs PHP Codez\. \(Welcome\)

header_remove

It is used to remove previously set headers

<?php
 header("X-Foo: Bar");
 header("X-Bar: Baz");

echo "<pre>";print_r(headers_list());

header_remove("X-Foo"); 
 echo "<pre>";print_r(headers_list());
?>

Output

Array
(
    [0] => X-Powered-By: PHP/7.1.14
    [1] => X-Foo: Bar
    [2] => X-Bar: Baz
)Array
(
    [0] => X-Powered-By: PHP/7.1.14
    [1] => X-Bar: Baz
)

parse_url

This function parses a URL and returns an associative array containing any of the various components of the URL that are present.

  • scheme – e.g. http
  • host
  • port
  • user
  • pass
  • path
  • query – after the question mark ?
  • fragment – after the hashmark #

This function is not meant to validate the given URL, it only breaks it up into the above listed parts. Partial URLs are also accepted, parse_url() tries its best to parse them correctly.

<?php
 $url = 'phpcodez.com/index.php?user=1';
 echo "<pre>";print_r(parse_url($url)); 
?>
Output
Array
(
    [path] => phpcodez.com/index.php
    [query] => user=1
)

SimpleXML

SimpleXML is an extension that allows us to easily manipulate and get XML data.

SimpleXML provides the ability to iterate over items in an XML document, as well as
access items within it as if they were object properties

SimpleXML provides an easy way of getting an element’s name, attributes and textual content if you know the XML document’s structure or layout.

SimpleXML turns an XML document into a data structure you can iterate through like a collection of arrays and objects.

  • SimpleXML allows removal of attributes.
  • SimpleXML allows addition of new attributes.
  • SimpleXML allows removal of nodes.
  • SimpleXML allows addition of new nodes.

Session Fixation

Session Fixation is an attack that permits an attacker to hijack a valid user session. The attack explores a limitation in the way the web application manages the session ID, more specifically the vulnerable web application. When authenticating a user, it doesn’t assign a new session ID, making it possible to use an existent session ID. The attack consists of obtaining a valid session ID (e.g. by connecting to the application), inducing a user to authenticate himself with that session ID, and then hijacking the user-validated session by the knowledge of the used session ID. The attacker has to provide a legitimate Web application session ID and try to make the victim’s browser use it.

The session fixation attack is a class of Session Hijacking, which steals the established session between the client and the Web Server after the user logs in. Instead, the Session Fixation attack fixes an established session on the victim’s browser, so the attack starts before the user logs in.

There are several techniques to execute the attack; it depends on how the Web application deals with session tokens. Below are some of the most common techniques:

• Session token in the URL argument: The Session ID is sent to the victim in a hyperlink and the victim accesses the site through the malicious URL.

• Session token in a hidden form field: In this method, the victim must be tricked to authenticate in the target Web Server, using a login form developed for the attacker. The form could be hosted in the evil web server or directly in html formatted e-mail.

• Session ID in a cookie:

The following helps to protect against session hijacking and fixation attacks.

  • Use SSL and set the $secure cookie parameter to true .
  • Set the session.use_only_cookies php.ini parameter to 1 .
  • Protect against XSS vulnerabilities in the application.
  • Rotate the session id on successful login and logout using session_regenerate_id()

Cookie Hijacking

Cookie Hijacking, sometimes also known as session hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim’s compute