Is there more to the register.php file that we're not seeing? It has to have some sort of action... On Thu, Jun 4, 2009 at 3:28 PM, Stuart <stuttle@xxxxxxxxx> wrote: > 2009/6/4 Morris <morris520@xxxxxxxxx>: > > Hi > > > > The register.php has only a form > > > > <?php > > <form name="registerUser" action="register.php" method="post"> > > <input type="text" name="username" size="10" /> > > <input type="submit" value="send" /> > > </form> > > ?> > > > > Does this help ? > > 1) That is not valid PHP code. > > 2) Even if it were there's nothing in there that would be exploitable > through the URL you sent in your first email. > > -Stuart > > -- > http://stut.net/ > > > 2009/6/4 Stuart <stuttle@xxxxxxxxx> > >> > >> 2009/6/4 Morris <morris520@xxxxxxxxx>: > >> > Hi > >> > > >> > Can anyone help me handel this URL injection ? > >> > > >> > https://www.xxx.co.uk/register.php"| grep "123" > >> > > >> > I want to detect it and header back to my index page. > >> > > >> > It's quite urgent > >> > >> What the smeg is register.php doing that makes it execute that?? Show > >> us the code. > >> > >> -Stuart > >> > >> -- > >> http://stut.net/ > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >