Jump to content

Injection Attempt... What Are They Looking For Here?


madmoose
 Share

Recommended Posts

Woke this morning to find someone testing one of my forms, I suppose for injection weaknesses, but not using any characters I'm blocking. What do you suppose they are looking for when they send a form with this content...

 

Name: ª?¥<=

E-mail: bom@hotmail.com

IP Address: 61.152.169.27

Comments: Œ“?«Ã·<pi>©<a href=http://www.xxxxxxx.com>?˜¿‡“«±Ìª?¥<=</a>°£

 

Note: I altered the URL as it pointed to a zip file.

 

I have done a decent job of blocking line returns and other false header info. What purpose may it serve spammers to send these characters through a form?

Link to comment
Share on other sites

I have not seen that in a comment field as that field is not such a problem,

but I do strip html codes form my form

 

 

$notes = $_POST["notes"];

$notes = (strip_tags($notes));

$notes = (stripslashes($notes));

 

so

Œ“?«Ã·<pi>©<a href=http://www.xxxxxxx.com>?˜¿‡“«±Ìª?¥<=</a>°£

becomes

Œ“?«Ã·©?˜¿‡“«±Ìª?¥

Link to comment
Share on other sites

  • 10 months later...

I'd guess that a poorly written form processor would throw out the weird characters and using what's left over accidentally execute the URL to the zip file, thus running it as a privileged user.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...