| Re: Data injection problems [message #169586 is a reply to message #169576] |
Sat, 18 September 2010 14:26   |
Stephan Bird
Messages: 4
Registered: September 2010
Karma:
|
Junior Member |
|
|
On Sat, 18 Sep 2010 11:32:24 +0200 in
1l199652q821h5celav9s6sv2sjbl2v943(at)mfesser(dot)de, Michael Fesser wrote:
> .oO(Michael Fesser)
>
>> Same here. I don't have the time right now to investigate a bit further,
>> but I see at least some problems in the PHP code. At the end there are
>> includes which include files via HTTP, even if they're on the same
>> server. While this not only causes a lot of overhead, it could also be
>> possible that somewhere else in the code there might be a code injection
>> vulnerability. Or the server was compromised and automatically adds this
>> code, unless it recognizes some know user agents. As said - in my Opera
>> the code is clean.
>
> Short addition: Opera and Firefox show clean code, Lynx gets the spam.
>
> And BTW the page is also vulnerable to cross-site scripting because of
> things like this:
>
> […] value="<?php echo $_REQUEST['backpack'] ?> […]
>
Thanks for this - any way to harden against this? I was aiming to return
to the form in the case of missing data with previous entries still filled
out, otherwise to submit.
I have changed the password, re-uploaded as suggested upstream but the
spurious links come back - does this suggest a problem with my server then?
Stephan
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]