PHP: Hypertext Preprocessor is a web-based, server-side, multi-use, general-purpose, scripting and programming language that can be embedded in HTML. The PHP development, which was first created by Rasmus Lerdorf in 1995, is now being run by the PHP community.
The PHP programming language is still used by a large developer. It is the most known backend programming language. In PHP web applications, I prepared a list called "php security check list" which security researchers should know.
- Full Path Disclosure
- Arbitrary File Upload
- Arbitrary File Delete
- Arbitrary File Download
- Local File Inclusion
- Remote File Inclusion
- Cookie Injection
- Session hijacking
- Header Injection
- SQL Injection
- XML Injection
- XXE Injection
- Email Injection
- HTML Injection
- xPath Injection
- Code Injection
- Command Injection
- Object Injection
- Cross Site Scripting
- Cross Site Request Forgery
- Broken Authentication and Session Management
- Session Hijacking Attack