Website Link Injection

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by Ryan B on Stack Overflow See other posts from Stack Overflow or by Ryan B
Published on 2010-01-30T00:56:00Z Indexed on 2010/05/11 11:04 UTC
Read the original article Hit count: 348

Filed under:
|
|
|
|

I have a website that is fairly static. It has some forms on it to send in contact information, mailing list submissions, etc. Perhaps hours/days after an upload to the site I found that the main index page had new code in it that I had not placed there that contained a hidden bunch of links in a invisible div.

I have the following code the handles the variables sent in from the form.

<?php
// PHP Mail Order to [email protected] w/ some error detection.

    $jamemail = "[email protected]";
    function check_input($data, $problem='')
        {
        $data = trim($data);
        $data = stripslashes($data);
        $data = htmlspecialchars($data);
        if ($problem && strlen($data) == 0)
            {
            die($problem);
            }
        return $data;
        }
    $email    = check_input($_POST['email'], "Please input email address.");
    $name    = check_input($_POST['name'], "Please input name.");

    mail($jamemail, "Mailing List Submission", "Name: " . $name . " Email: " .$email);
    header('Location: index.php');
?>

I have the following code within the index page to present the form with some Javascript to do error detection on the content of the submission prior to submission.

    <form action="sendlist.php" method="post" onSubmit="return checkmaill(this);">
        <label for="name"><strong>Name: </strong></label>
        <input type="text" name="name"/><br />
        <label for="email"><strong>Email: </strong></label>
        <input type="text" name="email"/><br />
                    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="submit" value="Subscribe" style="width: 100px;"/>
    </form>

At the end of the day, the source code where the injected hyperlinks is as follows:

</body>

</html><!-- google --><font style="position: absolute;overflow: hidden;height: 0;width: 0">    
xeex172901
<a href=http://menorca.caeb.com/od9c2/xjdmy/onondaga.php>onondaga</a>
<a href=http://menorca.caeb.com/od9c2/xjdmy/tami.php>tami</a>
<a href=http://menorca.caeb.com/od9c2/xjdmy/shotguns.php>shotguns</a>
<a href=http://menorca.caeb.com/od9c2/xjdmy/weir.php>weir</a>
<a href=http://menorca.caeb.com/od9c2/xjdmy/copperhead.php>copperhead</a>
<a href=http://menorca.caeb.com/od9c2/xjdmy/mpv.php>mpv</a>
<a href=http://menorca.caeb.com/od9c2/xjdmy/brunei.php>brunei</a>
<a href=http://menorca.caeb.com/od9c2/xjdmy/doreen.php>doreen</a>

© Stack Overflow or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about php

Related posts about link

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle