| Re: Data injection problems [message #169634 is a reply to message #169586] |
Mon, 20 September 2010 11:21   |
Captain Paralytic
Messages: 204
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 18 Sep, 15:26, Stephan Bird <sjb2...@yahoo.com> wrote:
> On Sat, 18 Sep 2010 11:32:24 +0200 in
>
>
>
>
>
> 1l199652q821h5celav9s6sv2sjbl2v...@mfesser.de, Michael Fesser wrote:
>> .oO(Michael Fesser)
>
>>> Same here. I don't have the time right now to investigate a bit further,
>>> but I see at least some problems in the PHP code. At the end there are
>>> includes which include files via HTTP, even if they're on the same
>>> server. While this not only causes a lot of overhead, it could also be
>>> possible that somewhere else in the code there might be a code injection
>>> vulnerability. Or the server was compromised and automatically adds this
>>> code, unless it recognizes some know user agents. As said - in my Opera
>>> the code is clean.
>
>> Short addition: Opera and Firefox show clean code, Lynx gets the spam.
>
>> And BTW the page is also vulnerable to cross-site scripting because of
>> things like this:
>
>> […] value="<?php echo $_REQUEST['backpack'] ?> […]
>
> Thanks for this - any way to harden against this? I was aiming to return
> to the form in the case of missing data with previous entries still filled
> out, otherwise to submit.
>
> I have changed the password, re-uploaded as suggested upstream but the
> spurious links come back - does this suggest a problem with my server then?
>
> Stephan
If you are running Apache, check that no one has got into
your .htaccess file.
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]