/    Sign up×
Community /Pin to ProfileBookmark

Question about cleaning up input

Copy linkTweet thisAlerts:
Oct 26.2007

On a server with register_globals turned on, I have a script running that has a block of code like this:

[CODE]$includedir = “../includes”;
include “$includedir/config.php”;
include “$includedir/someotherfile.php”;[/CODE]

I got hacked, and the reports I am finding say it is a remote include due to the $includedir variable. What I don’t understand is how that’s possible since the variable is assigned a value directly in the script. If an attacker put in a url of [url]www.whatever.com/?includedir=evilscript[/url], wouldn’t the value “evilscript” be overwritten with “../includes”?

When I say I got hacked, I mean they used this script to send mass spam from our server. Obviously I need to tie this up in a hurry.

Thank you to anyone who can help.
TecBrat.

to post a comment
PHP

2 Comments(s)

Copy linkTweet thisAlerts:
@NogDogOct 26.2007 — I do not see how a URL parameter could change the include directory based upon that code fragment.
Copy linkTweet thisAlerts:
@TecBratauthorOct 27.2007 — That's what I thought, and there were no conditionals around the snippet, so whatever the vulnerabilty was, I couldn't see it. I have an aversion to script updates because either my (non-programmer) boss or I usually tear them up so bad customizing them that upgrades tend to break stuff. Fortunatly, this script updated fairly easily, and the vulnerability sites say it shoud be safe now. (I hope so!)
×

Success!

Help @TecBrat spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.5,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,

tipper: @Samric24,
tipped: article
amount: 1000 SATS,
)...