| View previous topic :: View next topic |
| Author |
Message |
mg66
-
Joined: 15 Aug 2004
Posts: 85
Location: USA, Illinois
|
|
| Back to top |
   |
 |
TRUSTAbyss
-
Joined: 29 Oct 2003
Posts: 3752
Location: USA, GA
|
 Posted: Sun Sep 11, 2005 3:15 am Post subject: |
 |
|
That looks like a Code Injection attack. Download the cmd.gif and rename it to
cmd.txt , you will see that it contains Malicious PHP code. I would ban the client
from your server to avoid any other problems that may occur. LateR!
Sincerely , TRUSTpunk |
|
| Back to top |
|
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Sun Sep 11, 2005 5:29 pm Post subject: |
|
|
TRUSTpunk,
Yes, this looks like a code injection attack but nothing can prove that it was effective (the log file only isn't sufficient).
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
 |
|
mg66
-
Joined: 15 Aug 2004
Posts: 85
Location: USA, Illinois
|
|
| Back to top |
|
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Mon Sep 12, 2005 12:48 pm Post subject: |
|
|
| mg66 wrote: | What can I check from here?
I went through all my php pages and see nothing out the norm. |
Reviewing the code inside your /index.php file can help us know if the parameters that were sent to it on the URL could have been interpreted and used to do something "bad" on your server.
If you want us to check it, please send it to us by email.
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
|
|
mg66
-
Joined: 15 Aug 2004
Posts: 85
Location: USA, Illinois
|
|
| Back to top |
|
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Tue Sep 13, 2005 3:28 pm Post subject: |
|
|
| mg66 wrote: | | I emailed the code. thanks for taking the time to look. |
The log entry shown above injected two variables: x and cmd.
In your script x is used in a switch() block but the injected value has no effect and is simply ignored.
The other variable cmd which is injected is also ignored since it is not even referenced in your script.
So there was no problem with this injection and your script doesn't look as vulnerable even if there are weired values and variables sent to it.
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
|
|
mg66
-
Joined: 15 Aug 2004
Posts: 85
Location: USA, Illinois
|
|
| Back to top |
|
|
TRUSTAbyss
-
Joined: 29 Oct 2003
Posts: 3752
Location: USA, GA
|
| Posted: Tue Sep 13, 2005 8:40 pm Post subject: |
|
|
If Register Globals is on , could they use this attack even if $cmd is not
referenced in the PHP script ? Im just wondering if thats possible. LateR! |
|
| Back to top |
|
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Wed Sep 14, 2005 11:14 am Post subject: |
|
|
| TRUSTpunk wrote: | If Register Globals is on , could they use this attack even if $cmd is not
referenced in the PHP script ? Im just wondering if thats possible. LateR! |
As far as we know, the answer is "no".
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
|
|
|
