From: Ashley Sheridan

> On Mon, 2010-06-07 at 15:00 -0300, Igor Escobar wrote:
>> PHP Injection is the technical name given to a security hole in PHP
>> applications. When this gap there is a hacker can do with an external
>> code that is interpreted as an inner code as if the code included was
>> more a part of the script.
> That data is still coming from somewhere, so is still badly sanitised
> data either coming from a form or a URL. You really should go over all
> the code to find these and root them out, which is a mammoth task. To
> narrow it down, those access logs I mentioned before will help. I
> there are ways you can automatically detect security holes in your
> software, but if none of your user data is sanitised correctly, then
> virtually everything is a potential security hole.

You need to narrow your search down a bit.

Are there corrupted files on the server?

Who has write privileges for those files and directories?

Are they tracked via a content management system?

Who last wrote to them?

Can you further restrict who is allowed to write into those files and

Bob McConnell

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to