Hello Jake, Wednesday, November 7, 2007, 12:52:11 PM, you wrote:
> Without divulging who your client is, would it be possible to remove > any references to their site/company from the offending code and post > it here? Without access to your registration.php script I think we'll > all just be wasting our time with wild guesses. > - jake > On Nov 6, 2007 11:31 PM, <[EMAIL PROTECTED]> wrote: >> Hello All, >> >> I have a client site that has a registration form with a captcha image >> that is suppose to prevent spammers from dumping their junk. The form >> has two text input windows and a fair amount of personal information >> is collected as well. >> >> I just noticed that this client has been getting regular injection >> attacks that have been failing because it is a comment spammer and the >> INSERT query is failing on a duplicate key error. For privacy and >> security reasons I can not post the error message but it cites the php >> file name and the injection looks like it is being added to one of the >> text boxes. >> >> The form has "Required" fields as well as a check function that is >> suppose to check for valid input. All of those fields are empty in the >> query that failed. >> >> The question is, actually multiple related questions: >> >> First how did that bad guy "execute" the query without hitting the >> submit button or entering the captcha code and how did it bypass the >> check function. It seems like the query was sent directly to the >> database though the registration.php program but I have no clue how >> that could have happened. I need to plug this hole but don't have any >> idea where to start looking for it. >> >> I have tried running the query like registration.php?query but that >> didn't work. >> >> Any ideas about how I can reproduce this problem would greatly >> appreciate and any suggestions about how to fix it would be even more >> greatly appreciated. 8-) >> >> Thanks for your attention. >> >> >> -- >> Best regards, >> mikesz mailto:[EMAIL PROTECTED] >> >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > __________ NOD32 2642 (20071106) Information __________ > This message was checked by NOD32 antivirus system. > http://www.eset.com Actually, the script code is not problem but its over 500 lines of code so I am not sure it is appropriate to post it here? -- Best regards, mikesz mailto:[EMAIL PROTECTED] _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
