Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Security vulnerability question
October 10, 2007, 7:10 pm
rate this thread
?to=engineering generated through a hypertext link. Although,
entered parameter values such as ?to=getAllCustCreditCardNums or
?to=anyOtherJibberish have been coded to accomplish absolutely
I have been intrigued by an error report received through customized
error reporting code inthe app. It reports an error event in which an
URL was manually entered in as a value of 'to'. The error report
returns global array
values at time of error. .... and it is all because I "failed" to
initialize a variable... :)
My question(s) is ...
What is being attempted here?
Is this a new exploit attempt?
I know how to stop it by filtering input through regular expressions,
but it has me curious nonetheless...
These are the values returned from the _ENV array on error:
[_ENV] => Array
[HTTP_USER_AGENT] => Wget/1.1 (compatible; i486; Linux;
[SERVER_PORT] => 80
[HTTP_HOST] => www.mydomain.com
[DOCUMENT_ROOT] => /home/myusrname/public_html
[SCRIPT_FILENAME] => /home/myusrname/public_html/index.php
[SCRIPT_NAME] => /index.php
[HTTP_CONNECTION] => keep-alive
[REMOTE_PORT] => 6519
[PATH] => /usr/local/bin:/usr/bin:/bin
[PWD] => /home/myusrname/public_html
[SERVER_ADMIN] => firstname.lastname@example.org
[REDIRECT_STATUS] => 200
[HTTP_ACCEPT] => text/html, */*
[REMOTE_ADDR] => 18.104.22.168
[SHLVL] => 0
[SERVER_NAME] => www.bizflowdesigns.com
[SERVER_SOFTWARE] => ''
[SERVER_ADDR] => 22.214.171.124
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.1
[REDIRECT_URL] => /index.php
[CONTENT_TYPE] => text/html
[REQUEST_METHOD] => GET
[ORIG_PATH_TRANSLATED] => /home/myusrname/public_html/
[ORIG_PATH_INFO] => /index.php
[ORIG_SCRIPT_FILENAME] => /home/myusrname/public_html/
Thanks for any insight....
Re: Security vulnerability question
It looks like a redHat machine was compromised by a script (kiddie), and
that machine is trying to find further exploits on other machines (like
It's not particularly new, it seems lots of people are getting it
As long as your script is correctly coded to ignore anything other than
what you're expecting it to get (as you have done), there's nothing to
- » Simple beginners question about inserting data via an URL
- — Previous thread in » PHP Scripting Forum