Understanding PHP Object Injection

phpclasstutorialPHP injection or PHP Object Injection is an application level vulnerability that allows an attacker to perform various kinds of malicious attacks such as SQL Injection, Application Denial of Service, Code Injection and Path Traversal based on the context. The vulnerability generally occurs when the input supplied by the user is not sanitized properly before passing to the unserialize()PHP function(takes single serialized variable and converts it into the PHP value). PHP contains the object serialization feature that allows attackers to pass serialized strings to a vulnerable unserialize() call. This results in an arbitrary PHP object injection into the scope of the application. Serialized strings are those that create representations of the values that can be stored.

In order to exploit the PHP Object Injection vulnerability completely, two conditions should be met:

1)     The application should have a class that implements a PHP magic method (like _destruct, _construct, _set or _wakeup) that can be used to carry out different malicious attacks.

2)     All the classes that are used during an attack should be declared when the function unserialize() is being called, else object autoloading should be supported for those classes.

Learn about PHP programming by taking a course at Udemy.com

[Read more…]

Basic Introduction to Import Classes in JSP

Web Application Database System in Code BackgroundReusable components or libraries are one of the most important features of good software. Libraries, once created, reduce development time for future projects. One important technique for using existing classes in JSP pages is by using the import directive. There are many existing Java applications that have a lot of core logic implemented in Java classes. For example, consider an employee payroll processing application. The logic for calculating employee bonus pay out and stock options has been written in Java. The application is revamped to use JSP, AJAX and Hibernate but you still want to continue using this core bonus calculation class instead of rewriting it. JSP provides a method to import Java classes using “directives.” Here, we will look at importing Java classes in JSP pages.

Learn more about JSP by taking an online class at Udemy.com [Read more…]

Object Oriented Programming in C : An overview

oopsinterviewquestionsObject Oriented Programming (OOP) is a programming concept where the program in question is made up of objects and properties of those objects.

Consider an example about a medical facility where both the doctors and patients are objects. These objects have distinct characteristics and the job of one object cannot be performed by another, unless they are related. In addition, these objects interact with each other just like doctors and patients interact with one another and there is generally an outcome of this interaction.

Before we can elaborate on the concept of OOP in C programming, it’s necessary to understand the concept of objects first. You can then relate objects to structures in C and learn how to use structures in C programming.

Learn more about Object Oriented Programming by taking an online class at Udemy.com

[Read more…]

Using AJAX with JSP

jsf ajaxAsynchronous JavaScript and XML (AJAX) is a concept used to develop web-based applications.In the context of web applications currently under development, fast reloading of pages is one of the most important properties. A slow application will cost you users and search engine rank, because slow load times are one of the biggest factors in website bounce rate.

The main advantage of AJAX is that it avoids refreshing the entire page. In older form submissions, the entire page reloads and processes on the server. The time it takes depends on the user’s connection and your server’s speed. Using AJAX, the time to load is drastically reduced, which makes AJAX a popular framework for web developers. We will discuss few examples in detail so that you learn how to bring AJAX and JSP together.

Learn AJAX by taking an online class at Udemy.com

[Read more…]

The “while” Loop Keyword in Perl : An Introduction

perlstringfunctionsPerl is a general purpose, dynamic, highly capable programming language developed by Larry Wall. Perl’s family includes Perl 5 and Perl 6. Developed in 1987, PERL stands for Practical Extraction and Report Language. Though Perl has borrowed quite a lot of features from other languages such as C, it continues to be very popular among programmers since it is better than other programming languages in many aspects. Perl 5 is widely used in network programming, graphics programming and system administration. Perl has features for supporting object-oriented programming models and complex data structures.

Looping in PERL:

Computers are always great for performing repetitive tasks. All programming languages provide certain ways for handling iterative tasks. PERL language comes with a variety of loops such as “for”, “while”, “do..while” and many more.

The “While” loop is a control flow statement that iterates in a code based on a particular Boolean condition. A repetitive “if” statement can be considered as a while loop. The syntax below will help you understand it better:

New to Perl? Take an online class at Udemy.com

[Read more…]

Connect with MySQL Database Using PHP

php database connectionPHP is a general purpose scripting language that is best suited for web development. PHP is very fast and flexible and powers most popular websites of the world. PHP stands for PHP Hypertext Preprocessor and most web developers create dynamic content that interacts with databases through PHP.

A database is an organized collection of data so that a computer program can easily gain access to the desired piece of information. Traditional databases are organized using the concept of a field, record and files where a set of fields makes the records and set of records makes a file. Note that we are going to use PHP to connect to the MySQL database.

First, we are going to open a connection with a database and after opening the database, we can perform different functions such as adding, deleting, updating and altering records.

Learn PHP programming and MySQL from scratch with an online course at Udemy.com

[Read more…]

An Overview of the PHP setcookie() Function

php setcookiePHP was made to facilitate server-side programming for web developers. Initially, it was known as the Personal Home Page; however, the recursive acronym PHP Hypertext Pre-processor stuck later. The power of PHP lies in its simplicity. It provides a clear and concise programming interface to either construct web pages or standalone web applications.

Another very interesting feature of PHP is that it converts all the PHP code to HTML when it is rendered by the browser. PHP can be thought of as a set of directives for an HTML parser, informing it of data that must be fetched from the server and then displayed on the browser.

Learn PHP programming from scratch through a course at Udemy.com

[Read more…]

Your First JSP on Apache Tomcat Server

apache tomcat tutorial

If you want to run Java Servlets or JSP pages on your web server, you probably want to install the Apache Tomcat Server. If you’re familiar with Apache, Tomcat will come as second nature to you. Tomcat is an open-source, free HTTP server available for both Linux and Windows operating systems. The best way to learn the system is to create a simple web application. This article walks you through your first JSP setup to get you familiar with the Tomcat platform.

[Read more…]

An Introduction to the LIMIT Clause in MySQL

sql primary keySQL or Structured Query Language is a set of instructions used for interacting with relational databases. As a matter of fact, it is the only language that is understood by most of databases. SQL statements are used basically for performing tasks such as updating data in a database or retrieving data from the database. The common RDBM systems that use SQL are Microsoft SQL Server, Oracle, Access, Ingres, and Sybase. SQL is composed of three major components called the Data Definition Language, Data Manipulation Language and Data Control Language. RDBMS consists of one or more objects known as tables where data or information is stored. You can use select statements along with specified conditions to retrieve desired data from your tables. By default, all records that satisfy those conditions are returned. However, you might just want a subset of records. In SQL, this can be accomplished using the LIMIT statement.

Learn SQL Programming from scratch. Take an online class at Udemy.com

[Read more…]

The “for” Loop Keyword in Perl : An Overview

perl operatorsPerl is a high level, dynamic and general purpose language developed by Larry Wall. It contains Perl 5 and Perl 6 in its family. Perl was basically developed for text processing. PERL stands for Practical Extraction and Report Language. It can run on a variety of platforms such as MAC OS, Windows and different versions of UNIX. It was originally developed for the UNIX shell replacement for helping system administrators to be more productive. We are going to discuss about the “for” keyword in Perl. It’s also known as C-style; however, it is used in various other programming languages.

Learn more about Perl programming through a course at Udemy.com

[Read more…]