Injection Attempt... What Are They Looking For Here?

[madmoose]

Woke this morning to find someone testing one of my forms, I suppose for injection weaknesses, but not using any characters I'm blocking. What do you suppose they are looking for when they send a form with this content...

 

Name: ª?¥<=

E-mail: bom@hotmail.com

IP Address: 61.152.169.27

Comments: Œ“?«Ã·<pi>©<a href=http://www.xxxxxxx.com>?˜¿‡“«±Ìª?¥<=</a>°£

 

Note: I altered the URL as it pointed to a zip file.

 

I have done a decent job of blocking line returns and other false header info. What purpose may it serve spammers to send these characters through a form?

[TCH-Don]

I have not seen that in a comment field as that field is not such a problem,

but I do strip html codes form my form

 

 

$notes = $_POST["notes"];

$notes = (strip_tags($notes));

$notes = (stripslashes($notes));

 

so

Œ“?«Ã·<pi>©<a href=http://www.xxxxxxx.com>?˜¿‡“«±Ìª?¥<=</a>°£

becomes

Œ“?«Ã·©?˜¿‡“«±Ìª?¥

[BluegrassGardener]

Don,

 

Trying to understand - what exactly does Œ“?«Ã·©?˜¿‡“«±Ìª?¥ do through the form? Are there instructions somewhere to test a form for vulnerability?

[TCH-Don]

I can't say, as I don't see the point of the character string.

[Deverill]

I'd guess that a poorly written form processor would throw out the weird characters and using what's left over accidentally execute the URL to the zip file, thus running it as a privileged user.