It's not a SQL Injection or XSS problem, Michael. It's a PHP Injection problem. I know how fix that but the web site is very very huge, have lots and lots of partners and i'm have a bug difficult do identify the focus of the problem. Got it? Regards, Igor Escobar Systems Analyst & Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter) On Mon, Jun 7, 2010 at 2:38 PM, Michael Shadle <mike503@xxxxxxxxx> wrote: > It's not that bad. > > Use filter functions and sanity checks for input. > > Use htmlspecialchars() basically on output. > > That should take care of basically everything. > > > On Jun 7, 2010, at 6:16 AM, Igor Escobar <titiolinkin@xxxxxxxxx> wrote: > > This was my fear. >> >> Regards, >> Igor Escobar >> Systems Analyst & Interface Designer >> >> + http://blog.igorescobar.com >> + http://www.igorescobar.com >> + @igorescobar (twitter) >> >> >> >> >> >> On Mon, Jun 7, 2010 at 10:05 AM, Peter Lind <peter.e.lind@xxxxxxxxx> >> wrote: >> >> On 7 June 2010 14:54, Igor Escobar <titiolinkin@xxxxxxxxx> wrote: >>> >>>> Hi Folks! >>>> >>>> The portal for which I work is suffering constant attacks that I feel >>>> >>> that >>> >>>> is PHP Injection. Somehow the hacker is getting to change the cache >>>> files >>>> that our system generates. Concatenating the HTML file with another that >>>> have an iframe to a malicious JAR file. Do you have any suggestions to >>>> prevent this action? The hacker has no access to our file system, he is >>>> imputing the code through some security hole. The problem is that the >>>> >>> portal >>> >>>> is very big and has lots and lots partners hosted on our estructure >>>> structure. We are failing to identify the focus of this attacks. >>>> >>>> Any ideas? >>>> >>>> >>> Check all user input + upload: make sure that whatever comes from the >>> user is validated. Then check all output: make sure that everythin >>> output is escaped properly. Yes, it's an enormous task, but there's no >>> way around it. >>> >>> Regards >>> Peter >>> >>> -- >>> <hype> >>> WWW: http://plphp.dk / http://plind.dk >>> LinkedIn: http://www.linkedin.com/in/plind >>> BeWelcome/Couchsurfing: Fake51 >>> Twitter: http://twitter.com/kafe15 >>> </hype> >>> >>> > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
