website hacking :-(
-
Hello, i programmed a php based website for our company. Yesterday i was shocked to see that some polish hackers changed my index.php, but nothing else was touched. On their side they posted an article about this hack where they re talking about a php bug?? I took all php files from the server because i don't know wheres the security leak. here is the code of index.php:
 ";?> "; ?> deutsch / [english](\"$PHP_SELF?id=home.php&lang=en\") ";?>  $home";?> | $kontakt";?> | $impressum";?>  "; echo" "; echo" "; echo" "; echo" -
Hello, i programmed a php based website for our company. Yesterday i was shocked to see that some polish hackers changed my index.php, but nothing else was touched. On their side they posted an article about this hack where they re talking about a php bug?? I took all php files from the server because i don't know wheres the security leak. here is the code of index.php:
 ";?> "; ?> deutsch / [english](\"$PHP_SELF?id=home.php&lang=en\") ";?>  $home";?> | $kontakt";?> | $impressum";?>  "; echo" "; echo" "; echo" "; echo"Format your code and use PRE tags. Then i'll take a look :) How do I print my voice mail?
-
Format your code and use PRE tags. Then i'll take a look :) How do I print my voice mail?
-
Under most circumstances I would just ignore any post like that, but i'm curious to see if I can find the hole, so I kind of hope macmac38 updates the message. How do I print my voice mail?
-
Hello, i programmed a php based website for our company. Yesterday i was shocked to see that some polish hackers changed my index.php, but nothing else was touched. On their side they posted an article about this hack where they re talking about a php bug?? I took all php files from the server because i don't know wheres the security leak. here is the code of index.php:
 ";?> "; ?> deutsch / [english](\"$PHP_SELF?id=home.php&lang=en\") ";?>  $home";?> | $kontakt";?> | $impressum";?>  "; echo" "; echo" "; echo" "; echo"This has nothing to do with the security leak, but why don't you use HTML templates? Those make the script more readable, easier to read and look more professional...
A student knows little about a lot. A professor knows a lot about little. I know everything about nothing.
-
This has nothing to do with the security leak, but why don't you use HTML templates? Those make the script more readable, easier to read and look more professional...
A student knows little about a lot. A professor knows a lot about little. I know everything about nothing.
Hello all, in the meantime i know where the leak is.
if($id == FALSE){ include "home.php"; } else { include "$id"; }
this let you include any folder you like... you see i also can format my posting ;-) by the way do you know any good tutorials for php and html template working? I looked a some but this looks all like much script work in the background.. Thanks, Mark -
Hello all, in the meantime i know where the leak is.
if($id == FALSE){ include "home.php"; } else { include "$id"; }
this let you include any folder you like... you see i also can format my posting ;-) by the way do you know any good tutorials for php and html template working? I looked a some but this looks all like much script work in the background.. Thanks, MarkHello, I've read a book on secure PHP development. The title: Secure PHP Development by Mohammed J. Kabir The website: www.wiley.com/compbooks/[^]
A student knows little about a lot. A professor knows a lot about little. I know everything about nothing.