View Full Version : Hacked PHP Script - Info Only - Not This Program?

01-30-2004, 01:28 PM
if ($page)
include ($page.".php");

The hackers replaced the $page variable with the URL of another website that had some malicious code that was parsed through the server and gave them access. The fix was to run a validation to make sure any variables passed are from our own site.

02-07-2004, 08:46 PM
how do we fix this?