Jump to content


Photo

Injection Attempt... What Are They Looking For Here?


  • Please log in to reply
4 replies to this topic

#1 madmoose

madmoose

    New To The Neighborhood

  • Members
  • Pip
  • 20 posts

Posted 05 December 2005 - 02:45 AM

Woke this morning to find someone testing one of my forms, I suppose for injection weaknesses, but not using any characters I'm blocking. What do you suppose they are looking for when they send a form with this content...

Name: ?<=
E-mail: bom@hotmail.com
IP Address: 61.152.169.27
Comments: ?÷<pi><a href=http://www.xxxxxxx.com>?̪?<=</a>

Note: I altered the URL as it pointed to a zip file.

I have done a decent job of blocking line returns and other false header info. What purpose may it serve spammers to send these characters through a form?

#2 TCH-Don

TCH-Don

    Immediate Family

  • Members
  • PipPipPipPip
  • 11,642 posts

Posted 05 December 2005 - 04:42 AM

I have not seen that in a comment field as that field is not such a problem,
but I do strip html codes form my form


$notes = $_POST["notes"];
$notes = (strip_tags($notes));
$notes = (stripslashes($notes));

so
?÷<pi><a href=http://www.xxxxxxx.com>?̪?<=</a>
becomes
?÷?̪?

#3 BluegrassGardener

BluegrassGardener

    Family Friend

  • Members
  • PipPip
  • 91 posts

Posted 29 October 2006 - 03:45 AM

Don,

Trying to understand - what exactly does ?÷?̪? do through the form? Are there instructions somewhere to test a form for vulnerability?

#4 TCH-Don

TCH-Don

    Immediate Family

  • Members
  • PipPipPipPip
  • 11,642 posts

Posted 29 October 2006 - 08:19 AM

I can't say, as I don't see the point of the character string.

#5 Deverill

Deverill

    Immediate Family

  • Members
  • PipPipPipPip
  • 3,307 posts

Posted 29 October 2006 - 05:03 PM

I'd guess that a poorly written form processor would throw out the weird characters and using what's left over accidentally execute the URL to the zip file, thus running it as a privileged user.
"A winner is simply willing to do what a loser won't."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users