In this post, I will explain how a hacker can bypass file upload restrictions to upload arbitrary files using null byte injection. To fully understand the null byte vulnerability, we must take a look at how the C language handles strings. This is important because at some point, PHP relies on C/C++ functions to handle … Read more
Most developers these days are well aware of the importance of validating user input. Validating user input prevents a user from injecting malicious code on your web forms. Injecting code into a form on a website is known as Cross Site scripting (XSS) and is different from CSRF. It is unfortunate that a lot of … Read more
WordPress, everyone’s favorite CMS, has a new version: 4.2.3 available today. This should be considered as a security release for all previous versions, and of course, we strongly recommend you to update your wordpress website immediately. Here at Boston Web Group, we’ve seen tons of WordPress sites get hacked. It’s a sad thing to see, … Read more