Security vulnerability question

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
In my code, 'to' parameter should be of a value ?to=sales or
?to=engineering generated through a hypertext link.  Although,
entered parameter values such as ?to=getAllCustCreditCardNums or
?to=anyOtherJibberish have been coded to accomplish absolutely
I have been intrigued by an error report received through customized
error reporting code inthe app. It reports an error event in which an
URL was manually entered in as a value of 'to'.   The error report
returns global array
values at time of error. .... and it is all because I "failed" to
initialize a variable... :)

My question(s) is ...
What is being attempted here?
Is this a new exploit attempt?

I know how to stop it by filtering input through regular expressions,
but it has me curious nonetheless...

These are the values returned from the _ENV array on error:

    [_ENV] => Array
            [HTTP_USER_AGENT] => Wget/1.1 (compatible; i486; Linux;
            [SERVER_PORT] => 80
            [HTTP_HOST] =>
            [DOCUMENT_ROOT] => /home/myusrname/public_html
            [SCRIPT_FILENAME] => /home/myusrname/public_html/index.php
            [REQUEST_URI] =>
            [SCRIPT_NAME] => /index.php
            [HTTP_CONNECTION] => keep-alive
            [REMOTE_PORT] => 6519
            [PATH] => /usr/local/bin:/usr/bin:/bin
            [PWD] => /home/myusrname/public_html
            [SERVER_ADMIN] =>
            [REDIRECT_STATUS] => 200
            [REDIRECT_QUERY_STRING] =>
            [HTTP_ACCEPT] => text/html, */*
            [REMOTE_ADDR] =>
            [SHLVL] => 0
            [SERVER_NAME] =>
            [SERVER_SOFTWARE] => ''
            [QUERY_STRING] =>
            [SERVER_ADDR] =>
            [GATEWAY_INTERFACE] => CGI/1.1
            [SERVER_PROTOCOL] => HTTP/1.1
            [REDIRECT_URL] => /index.php
            [CONTENT_TYPE] => text/html
            [REQUEST_METHOD] => GET
            [ORIG_PATH_TRANSLATED] => /home/myusrname/public_html/
            [ORIG_PATH_INFO] => /index.php
            [ORIG_SCRIPT_NAME] =>
            [ORIG_SCRIPT_FILENAME] => /home/myusrname/public_html/

Thanks for any insight....

Re: Security vulnerability question

Quoted text here. Click to load it

It looks like a redHat machine was compromised by a script (kiddie), and  
that machine is trying to find further exploits on other machines (like  

It's not particularly new, it seems lots of people are getting it

As long as your script is correctly coded to ignore anything other than  
what you're expecting it to get (as you have done), there's nothing to  
worry about.

Site Timeline