Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Php Script Injection By Site


  • Please log in to reply
8 replies to this topic

#1 Darklight

Darklight

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 17 February 2007 - 09:36 AM

i want to know how they do php script injection by site?what tool can use to do this?and how to avoid from this?i hope some of you guys can help me with this..you can email me too


//Mod edit to remove email address to protect from spamming.

Edited by KoanYorel, 17 February 2007 - 10:18 AM.

Posted Image

BC AdBot (Login to Remove)

 


#2 Wendy K. Walker

Wendy K. Walker

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:03:18 AM

Posted 17 February 2007 - 02:25 PM

Hi Darklight,

Are you saying that you have gone to a web site that injected a PHP script into your PC that did some damage to your machine and that you want to know what tool those crooks used to do that to you so that you can do it back to them and keep them from doing it to you again?

If you want people to Email you about this you should ask them to use the 'reply by PM' feature instead of posting your actual email address because as you see a Moderator will come along and take your email address off of the post for security reasons.


Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#3 Darklight

Darklight
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 18 February 2007 - 09:02 AM

yah its like that..but its not in my PC its in our site..i suspect they inject php script to have access to a part of the site to edit their character in a game..can someone help me with this?how they do that and how can we avoid this?PM me..thanks..
Posted Image

#4 Wendy K. Walker

Wendy K. Walker

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:03:18 AM

Posted 18 February 2007 - 08:29 PM

Hi Darklight,

OK so do you own the site that you're talking about? Or is it like on a server that you operate? I'm not a techie or anything like that but the reason that I'm asking is because I've been racking my brain for the past couple of weeks trying to get a server setup and I've ran into several things that are security related.

I know that there are settings in MySQL and phpMyAdmin that have to be set so that unauthorized knuckle heads can't get in and change anything without you knowing about it.

It kind of sounds to me like you already have a suspission as to 'Who' did the PHP script injection that you're talking about so why don't you just bann them from the site?

If its your server can't you check into your log and find out what they did and maybe undo it? And close whatever security hole allowed them to get in?

Sorry I couldn't be of more help Boo.

Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#5 Darklight

Darklight
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 19 February 2007 - 07:21 AM

im just a moderator there..its a site of online game..they access that site to edit their character that is not allowed..we've already block their IP..but i want to know except blocking their IP how can we protect our site from that?even we block them they can find and use other PC to do what they want i dont want to wait the time they gonna make big problem on our site..pls help me..can you teach me how to do php script injection and block this kind of thing?
Posted Image

#6 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:10:18 PM

Posted 20 February 2007 - 01:10 PM

Rewrite the php code to make it more secure. I know this is not
the answer you are looking for, but as long as crappy PHP code
exists PHP injection will exist.
A quick search for "php injection" at securiteam turns up 18 exploits.
If it's a Nuke site (postnuke, phpnuke) you can use Nuke Sentinal or
Admin Secure. Hope that helps.

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.


#7 Wendy K. Walker

Wendy K. Walker

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:03:18 AM

Posted 21 February 2007 - 06:10 PM

Hi Darklight,

Yep that could cause you lots of troubles. Here's a page with lots of stuff about how to keep it from happening again.

Hope some of that helps.

Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#8 lucent

lucent

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 PM

Posted 21 February 2007 - 11:10 PM

Hi darklight, Here is a link to an SPI Dynamics whitepaper (.pdf direct link):

http://www.google.com.au/url?sa=t&ct=r...3s6qO8Be2TYBGCA

I devour any whitepaper or webcast these guys release so i am a bit biased towards them, sorry. It might be more than you wanted to know but it's worth the read if you are interested in security, and the more people that know how to build secure web apps the better. Raw has stated the best option, rewrite and test, rewrite and test........... oh and research.......
Also, while i agree that IP blocking is usefull, it doesn't cover users with dynamic IP addresses, reset your internet session and you have another address :thumbsup: leaving someone else blocked, security versus functionality strikes again. I don't this problem can ever be truly solved. I may be wrong though, i have been many, many times before.
Cheers, Lucent.

Edited by lucent, 21 February 2007 - 11:24 PM.

Posted Image
Special thanks to efizzer for the signature

#9 Darklight

Darklight
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 22 February 2007 - 07:17 AM

thank you all guys..ill try what you gave to me..
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users