Browser Extensions and PHP Session IDs

The Issue

One way applications protect against abuse (such as replay attacks) is by assigning a nonce (number used once) to a client connection. This randomly generated number is made available to the client for as long as the connection remains active and is commonly stored server-side to the session, and identified by that connection’s PHPSESSID. This PHPSESSID is associated with the client in a cookie, and shared with each future connection.Read More

Tags | addon, browser, chrome, cookie, extension, firefox, form data, formdata, httponly, params, php, phpsessid, safari, samesite, secure

FileChecker WordPress Plugin

Those who attempt to seize control of WordPress sites often do so by burying obfuscated code in the PHP scripts of plugins, themes or the WordPress core. This is done through various exploits in improperly secured PHP, less-restricted file system permissions, or server counter-measures.Read More

Tags | base64_decode, eval, filechecker, fwrite, grep, gzinflate, malicious code, plug-in, plugin, protect, protection, secure, security, str_rot13, virus, word press, wordpress, wp