Site Was Hacked

#10
[eluser]Johan André[/eluser]
Injection can be SQL - or "file" injection.
Image a uploadform that does not block scripts (.php/.php3/.php4/.php5/.exe/.bat etc.)...
A user can easily upload a malicious file and then (when the actual upload-path is figured out) execute it through the browser...

I guess you could even write a script that accesses the webroot and you should be able to download / upload however you want...


Messages In This Thread
Site Was Hacked - by El Forum - 08-20-2009, 08:07 PM
Site Was Hacked - by El Forum - 08-20-2009, 09:24 PM
Site Was Hacked - by El Forum - 08-20-2009, 10:01 PM
Site Was Hacked - by El Forum - 08-20-2009, 10:19 PM
Site Was Hacked - by El Forum - 08-21-2009, 04:41 AM
Site Was Hacked - by El Forum - 08-21-2009, 06:06 AM
Site Was Hacked - by El Forum - 08-21-2009, 06:46 AM
Site Was Hacked - by El Forum - 08-21-2009, 06:53 AM
Site Was Hacked - by El Forum - 08-21-2009, 07:15 AM
Site Was Hacked - by El Forum - 08-21-2009, 08:19 AM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme ¬© 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.