PHP: cURL and htpasswd [apache auth]

Posted on March 25, 2011 by Nick Mallare

After spending literally all afternoon working on it, here an example of the code I finally got to work!

curl_setopt( $this->_curlHandle, CURLOPT_URL, ‘site.com/password-protected’ );
curl_setopt( $this->_curlHandle, CURLOPT_USERPWD, ‘username:password’ );
curl_setopt( $this->_curlHandle, CURLOPT_RETURNTRANSFER, true );
curl_setopt( $this->_curlHandle, CURLOPT_HTTPAUTH, CURLAUTH_ANY );
$result = curl_exec($this->_curlHandle);

I have bolded the part that was the culprit! I hope this saves you time [and your company money ].

Nick

Fair Compensation and Website Security

Posted on August 25, 2009 by Nick Mallare

Just throwing a question out there. What would you deem fair compensation if somebody found a security exploit in your website?

This particular exploit that I discovered offered access to half of a members credit card number, as well as personal information [i.e. - full name, address, etc] for every order on their [e-commerce] website.

Since first finding the exploit, I have also been able to exploit the download section of the website. I can gain access to every file on the site, without having to purchase them. I am still waiting on a return phone call on this particular issue.

What do you think [a] I was offered and [b] what I should have been offered?

Nick

nickmallare.com

By Nick, for You

Category Archives: Security

PHP: cURL and htpasswd [apache auth]

Fair Compensation and Website Security