madmoose Posted December 5, 2005 Share Posted December 5, 2005 Woke this morning to find someone testing one of my forms, I suppose for injection weaknesses, but not using any characters I'm blocking. What do you suppose they are looking for when they send a form with this content... Name: ª?¥<= E-mail: bom@hotmail.com IP Address: 61.152.169.27 Comments: Œ“?«Ã·<pi>©<a href=http://www.xxxxxxx.com>?˜¿‡“«±Ìª?¥<=</a>°£ Note: I altered the URL as it pointed to a zip file. I have done a decent job of blocking line returns and other false header info. What purpose may it serve spammers to send these characters through a form? Quote Link to comment Share on other sites More sharing options...
TCH-Don Posted December 5, 2005 Share Posted December 5, 2005 I have not seen that in a comment field as that field is not such a problem, but I do strip html codes form my form $notes = $_POST["notes"]; $notes = (strip_tags($notes)); $notes = (stripslashes($notes)); so Œ“?«Ã·<pi>©<a href=http://www.xxxxxxx.com>?˜¿‡“«±Ìª?¥<=</a>°£ becomes Œ“?«Ã·©?˜¿‡“«±Ìª?¥ Quote Link to comment Share on other sites More sharing options...
BluegrassGardener Posted October 29, 2006 Share Posted October 29, 2006 Don, Trying to understand - what exactly does Œ“?«Ã·©?˜¿‡“«±Ìª?¥ do through the form? Are there instructions somewhere to test a form for vulnerability? Quote Link to comment Share on other sites More sharing options...
TCH-Don Posted October 29, 2006 Share Posted October 29, 2006 I can't say, as I don't see the point of the character string. Quote Link to comment Share on other sites More sharing options...
Deverill Posted October 29, 2006 Share Posted October 29, 2006 I'd guess that a poorly written form processor would throw out the weird characters and using what's left over accidentally execute the URL to the zip file, thus running it as a privileged user. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.