Saji Nediyanchath saji89

Let's say you have a file like this:

<?php
declare(strict_types=1);

class Foo
{
    protected $x;
    public function __construct(array $x = [])

TL;DR - Don't use this code ever.

Everything Wrong with this Library

Hard-coded key.
Hard-coded, static initialization vector for CBC mode.
Does not provide authenticated encryption
Passes decrypted value to unserialize()

Pour all of the ingredients above into a pot, add a little bit of Python, and you've got a remotely exploitable code injection vulnerability in any project that depends on this "confidential string" library.

What is this?

Following this guide will set up a local Elasticsearch with Kibana and Marvel using Homebrew and Homebrew Cask

Prerequisites

If you already have Java installed on your system, skip steps Install Cask and Install Java

If you already have Java and Homebrew installed on your system, skip steps Prerequisites, start at Install Elasticsearch and Kibana after running $ brew update

Install Homebrew

$ ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

The Problem

During transition to python3, much code is now written that works on python2 or python3. Python 2 is becoming less common, and has even been removed from default installs of Ubuntu Server in 15.10 and going forward.

A summary of Ubuntu releases and python inclusion in the default install of Ubuntu Server:

12.04 precise: python 2 only (2.7.3)
14.04 trusty: python 2 only (2.7.5) and python3 (3.4.0)
14.10 utopic: python 2 (2.7.8) and python3 (3.4.2)

Debug your PHP in Docker with Intellij/PHPStorm and Xdebug

For your local dev, create a Dockerfile that is based on your production image and simply install xdebug into it. Exemple:

FROM php:5

RUN yes | pecl install xdebug \
&amp;&amp; echo "zend_extension=$(find /usr/local/lib/php/extensions/ -name xdebug.so)" &gt; /usr/local/etc/php/conf.d/xdebug.ini \

📂 Persistent "pipes" in Linux

In a project I'm working on I ran into the requirement of having some sort of persistent FIFO buffer or pipe in Linux, i.e. something file-like that could accept writes from a process and persist it to disk until a second process reads (and acknowledges) it. The persistence should be both across process restarts as well as OS restarts.

AFAICT unfortunately in the Linux world such a primitive does not exist (named pipes/FIFOs do not persist

This page provides a full overview of PHP's SessionHandler life-cycle - this was generated by a set of test-scripts, in order to provide an exact overview of when and what you can expect will be called in your custom SessionHandler implementation.

Each example is a separate script being run by a client with cookies enabled.

To the left, you can see the function being called in your script, and to the right, you can see the resulting calls being made to a custom session-handler registed using session_set_save_handler().

	#!/bin/bash
	if [ "$EUID" -ne 0 ]
	then echo "Please run as root"
	exit
	fi

	# Register the packagecloud key
	wget -O - https://packagecloud.io/gpg.key \| sudo apt-key add -

	# Add deb http://packages.blackfire.io/debian any main to /etc/apt/sources.list.d/blackfire.list

	tail --lines=0 -f /var/log/apache2/error.log \
	\| grep --line-buffered -F "PHP Fatal error" \
	\| sed -u -e 's/\[[^]]*\]//g' \
	\| while read line ; do say $line; echo $line ; done