| Re: Data injection problems [message #169575 is a reply to message #169564] |
Sat, 18 September 2010 09:28   |
Michael Fesser
Messages: 215
Registered: September 2010
Karma:
|
Senior Member |
|
|
.oO(Beauregard T. Shagnasty)
> Michael Fesser wrote:
>
>> ... You have to validate the output of the script, i.e. the result in
>> the browser. And I get a green there.
>
> At the W3C validator?
Yes, but now I see what I did differently and also the malicious code.
> No green I see.
>
> Errors found while checking this document as HTML 4.01 Strict!
> Result: 547 Errors, 14 warning(s)
>
> < http://validator.w3.org/check?uri=http%3A%2F%2Fwww.cwmcadnantvalley.co.uk%2 Fbookenq.php&charset=%28detect+automatically%29&doctype=Inline& ss=1&group=0&verbose=1&user-agent=W3C_Validator%2F1.1>
Indeed. What I did was to open the page in my Opera and use its built-in
feature to send the source of the current page to the W3 validator. And
there I got a green. So obviously my Opera got another code than the W3
validator.
> See the source from line 130 on, and note the positioning to waaay off
> page. (I don't know how that code gets there.)
Same here. I don't have the time right now to investigate a bit further,
but I see at least some problems in the PHP code. At the end there are
includes which include files via HTTP, even if they're on the same
server. While this not only causes a lot of overhead, it could also be
possible that somewhere else in the code there might be a code injection
vulnerability. Or the server was compromised and automatically adds this
code, unless it recognizes some know user agents. As said - in my Opera
the code is clean.
Micha
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]