OK, I can see how this would be a problem if you logged user agents in the database, someone sent an SQL injection attempt, and you didn't use prepared statements or escape those values. But... uh... how is PHP "injection" supposed to do anything? Is someone eval-ing the user agent or what? Maybe I'm missing something. -Matt
On Tue, Sep 16, 2008 at 2:39 PM, Terre Porter <[EMAIL PROTECTED]>wrote: > Hey all, > > Just thought I'd pass on this observation though not related directly to > the > framework but this happens to be the only list I'm on anymore. > > Anyways, I've been monitoring a large influx of code injection attempts by > inserting php code in the server variables, HTTP_USER_AGENT mostly. These > sometimes are included with a URL Injection attempt but not always. > > Also for those out there who have some CF or ASP (I think) there are a lot > of the following being appended to page requests. Trimmed but should make > the point... > [EMAIL PROTECTED](4000);[EMAIL PROTECTED] > =CAST(0x4445...%20AS%20CHAR(4000));EXEC(@S > ); > > Just as a reminder to everyone to write more secure code. > > Here are some numbers from a smaller site I'm logging, avg 2500 visitors a > day. > > Date..............# > > 01/Sep/2008 86 > 02/Sep/2008 119 > 03/Sep/2008 56 > 04/Sep/2008 31 > 05/Sep/2008 93 > 06/Sep/2008 84 > 07/Sep/2008 129 > 08/Sep/2008 141 > 09/Sep/2008 47 > 10/Sep/2008 136 > 11/Sep/2008 96 > 12/Sep/2008 140 > 13/Sep/2008 200 > 14/Sep/2008 250 > 15/Sep/2008 130 > 16/Sep/2008 36 > > URL Injection attempts from 1773 unique ip addresses. (that's a few > infected > machines) > > These numbers don't count all the HTTP_USER_AGENT code injection attempts > as > those are getting blocked but .htaccess currently. > > Just wanted to let people know the script-kiddy scanners are out playing. > > Terre > >
