PDA

View Full Version : Hacked PHP Script - Info Only - Not This Program?



Anonymous
01-30-2004, 01:28 PM
<?
if ($page)
{
include ($page.".php");
}


The hackers replaced the $page variable with the URL of another website that had some malicious code that was parsed through the server and gave them access. The fix was to run a validation to make sure any variables passed are from our own site.

Anonymous
02-07-2004, 08:46 PM
how do we fix this?