PHP & URL Injection attacks

I’ve recently been asked to look at some PHP script. It seems that some naughty person has used a vulnerability in the script to tack on a bit of script via the URL and use that to sent lots and lots of emails, presumably to their multitude of family and close friends.

Not being a PHP expert, guru or even newbie, this is a bit of a challenge for me, but an interesting one nonetheless.

Iv’e been doing a little reading up about it and, it seems, this kind of attack has been around for a little while, as indicated by this blog entry I stumbled upon…

Email injection attack

I’ll be taking a good look at all this over the next couple of days & I’ll report what I find.

technorati tags:, , , ,


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: