Try: http://cl1p.net/
I'd be willing to take a look after you post it. - jake On Nov 7, 2007 12:12 AM, <[EMAIL PROTECTED]> wrote: > Hello Jake, > > > Wednesday, November 7, 2007, 12:52:11 PM, you wrote: > > > Without divulging who your client is, would it be possible to remove > > any references to their site/company from the offending code and post > > it here? Without access to your registration.php script I think we'll > > all just be wasting our time with wild guesses. > > > - jake > > > On Nov 6, 2007 11:31 PM, <[EMAIL PROTECTED]> wrote: > >> Hello All, > >> > >> I have a client site that has a registration form with a captcha image > >> that is suppose to prevent spammers from dumping their junk. The form > >> has two text input windows and a fair amount of personal information > >> is collected as well. > >> > >> I just noticed that this client has been getting regular injection > >> attacks that have been failing because it is a comment spammer and the > >> INSERT query is failing on a duplicate key error. For privacy and > >> security reasons I can not post the error message but it cites the php > >> file name and the injection looks like it is being added to one of the > >> text boxes. > >> > >> The form has "Required" fields as well as a check function that is > >> suppose to check for valid input. All of those fields are empty in the > >> query that failed. > >> > >> The question is, actually multiple related questions: > >> > >> First how did that bad guy "execute" the query without hitting the > >> submit button or entering the captcha code and how did it bypass the > >> check function. It seems like the query was sent directly to the > >> database though the registration.php program but I have no clue how > >> that could have happened. I need to plug this hole but don't have any > >> idea where to start looking for it. > >> > >> I have tried running the query like registration.php?query but that > >> didn't work. > >> > >> Any ideas about how I can reproduce this problem would greatly > >> appreciate and any suggestions about how to fix it would be even more > >> greatly appreciated. 8-) > >> > >> Thanks for your attention. > >> > >> > >> -- > >> Best regards, > >> mikesz mailto:[EMAIL PROTECTED] > >> > >> _______________________________________________ > >> New York PHP Community Talk Mailing List > >> http://lists.nyphp.org/mailman/listinfo/talk > >> > >> NYPHPCon 2006 Presentations Online > >> http://www.nyphpcon.com > >> > >> Show Your Participation in New York PHP > >> http://www.nyphp.org/show_participation.php > >> > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > NYPHPCon 2006 Presentations Online > > http://www.nyphpcon.com > > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > __________ NOD32 2642 (20071106) Information __________ > > > This message was checked by NOD32 antivirus system. > > http://www.eset.com > > Actually, the script code is not problem but its over 500 lines of > code so I am not sure it is appropriate to post it here? > > > -- > > Best regards, > mikesz mailto:[EMAIL PROTECTED] > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
