1. File Upload Vulns - Only allow safe files to be updated.

2. Code Execution Vulns:

Don‘t use dangerous functions.

Filter use input before execution.

3. File inclusion:

Disable allow_url_fopen & allow_url_include.

Use static file inclusion.

Suggest using Hard Code Style, not using any variables, which is much more secure.

index.php?page=news.php index.php code: include($_GET(‘page‘));

index.php
code:
include(‘page.php‘);

Ethical Hacking - Web Penetration Testing(7)