PHP & URL Injection attacks

I’ve recently been asked to look at some PHP script. It seems that some naughty person has used a vulnerability in the script to tack on a bit of script via the URL and use that to sent lots and lots of emails, presumably to their multitude of family and close friends.

Not being a PHP expert, guru or even newbie, this is a bit of a challenge for me, but an interesting one nonetheless.

Iv’e been doing a little reading up about it and, it seems, this kind of attack has been around for a little while, as indicated by this blog entry I stumbled upon…

Email injection attack

http://xtian.goelette.info/comment.php?type=trackback&entry_id=38

I’ll be taking a good look at all this over the next couple of days & I’ll report what I find.

technorati tags:, , , ,

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: