On a server with register_globals turned on, I have a script running that has a block of code like this:
[CODE]$includedir = “../includes”;
include “$includedir/config.php”;
include “$includedir/someotherfile.php”;
I got hacked, and the reports I am finding say it is a remote include due to the $includedir variable. What I don’t understand is how that’s possible since the variable is assigned a value directly in the script. If an attacker put in a url of [url]www.whatever.com/?includedir=evilscript
When I say I got hacked, I mean they used this script to send mass spam from our server. Obviously I need to tie this up in a hurry.
Thank you to anyone who can help.
TecBrat.