Shafiq Rehman wrote:
Thanx to all of you. My server is running on Linux and there is not any phpbb running on it. If vulnerability is in my code.. Is there any way that I can find the buggy code on my server which allowed that trojan to write into all the index files.
To start with, take a look at any filesystem or shell calls you make and ensure that all parameters that are sourced from user input are properly checked to ensure that the user hasn't entered something they shouldn't've. For example "../../../etc/passwd" to a file_get_contents() call.
Jasper -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
