Re: [PHP] URL injection
https://www.xxx.co.uk/register.php;| grep 123 I wonder what kind of browser could make this, probably a hacker-made one! This URL will have to be translated into its equivalent URI, if using GET the HTTP message's start line would look like: GET /register.php| grep 123 HTTP/1.1 First of all, the HTTP protocol states that the start line should contain: METHOD one or more spaces URI one or more spaces HTTP/1.1 So, this is clearly violated as there are two spaces surrounding grep, i believe if the server has trouble with this request, it's not yet at the PHP level... it's an HTTP issue, clearly server related. You wont detect this with PHP, and if you do detect anything, it means your server has modified it so you could... for example, in this case it might convert the whole | grep 123 into a single get argument's name, it could be simply removed/ignored, the server could try to see if there is a file named `/register.php| grep 123` and returns a 404... but the only acceptable behavior in this case is for the server to return 400 (read http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1). Good luck! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] URL injection
Hi Can anyone help me handel this URL injection ? https://www.xxx.co.uk/register.php;| grep 123 I want to detect it and header back to my index page. It's quite urgent Thanks for help M.
Re: [PHP] URL injection
2009/6/4 Morris morris...@gmail.com: Hi Can anyone help me handel this URL injection ? https://www.xxx.co.uk/register.php;| grep 123 I want to detect it and header back to my index page. It's quite urgent What the smeg is register.php doing that makes it execute that?? Show us the code. -Stuart -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] URL injection
Hi The register.php has only a form ?php form name=registerUser action=register.php method=post input type=text name=username size=10 / input type=submit value=send / /form ? Does this help ? Thanks for reply 2009/6/4 Stuart stut...@gmail.com 2009/6/4 Morris morris...@gmail.com: Hi Can anyone help me handel this URL injection ? https://www.xxx.co.uk/register.php;| grep 123 I want to detect it and header back to my index page. It's quite urgent What the smeg is register.php doing that makes it execute that?? Show us the code. -Stuart -- http://stut.net/
Re: [PHP] URL injection
2009/6/4 Morris morris...@gmail.com: Hi The register.php has only a form ?php form name=registerUser action=register.php method=post input type=text name=username size=10 / input type=submit value=send / /form ? Does this help ? 1) That is not valid PHP code. 2) Even if it were there's nothing in there that would be exploitable through the URL you sent in your first email. -Stuart -- http://stut.net/ 2009/6/4 Stuart stut...@gmail.com 2009/6/4 Morris morris...@gmail.com: Hi Can anyone help me handel this URL injection ? https://www.xxx.co.uk/register.php;| grep 123 I want to detect it and header back to my index page. It's quite urgent What the smeg is register.php doing that makes it execute that?? Show us the code. -Stuart -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] URL injection
Is there more to the register.php file that we're not seeing? It has to have some sort of action... On Thu, Jun 4, 2009 at 3:28 PM, Stuart stut...@gmail.com wrote: 2009/6/4 Morris morris...@gmail.com: Hi The register.php has only a form ?php form name=registerUser action=register.php method=post input type=text name=username size=10 / input type=submit value=send / /form ? Does this help ? 1) That is not valid PHP code. 2) Even if it were there's nothing in there that would be exploitable through the URL you sent in your first email. -Stuart -- http://stut.net/ 2009/6/4 Stuart stut...@gmail.com 2009/6/4 Morris morris...@gmail.com: Hi Can anyone help me handel this URL injection ? https://www.xxx.co.uk/register.php;| grep 123 I want to detect it and header back to my index page. It's quite urgent What the smeg is register.php doing that makes it execute that?? Show us the code. -Stuart -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php