网站链接注入
我有一个相当静态的网站。它上面有一些表格,用于发送联系信息、邮件列表提交等。也许在上传到网站几小时/几天后,我发现主索引页中有新代码,我没有放置在那里,其中包含隐藏的代码一堆链接在一个不可见的 div 中。
我有以下代码处理从表单发送的变量。
<?php
// PHP Mail Order to [email protected] w/ some error detection.
$jamemail = "[email protected]";
function check_input($data, $problem='')
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
if ($problem && strlen($data) == 0)
{
die($problem);
}
return $data;
}
$email = check_input($_POST['email'], "Please input email address.");
$name = check_input($_POST['name'], "Please input name.");
mail($jamemail, "Mailing List Submission", "Name: " . $name . " Email: " .$email);
header('Location: index.php');
?>
我在索引页面中有以下代码,用于显示带有一些 Javascript 的表单,以便在提交之前对提交的内容进行错误检测。
<form action="sendlist.php" method="post" onSubmit="return checkmaill(this);">
<label for="name"><strong>Name: </strong></label>
<input type="text" name="name"/><br />
<label for="email"><strong>Email: </strong></label>
<input type="text" name="email"/><br />
<input type="submit" value="Subscribe" style="width: 100px;"/>
</form>
最终,注入超链接的源代码如下:
</body>
</html><!-- google --><font style="position: absolute;overflow: hidden;height: 0;width: 0">
xeex172901
<a href=http://menorca.caeb.com/od9c2/xjdmy/onondaga.php>onondaga</a>
<a href=http://menorca.caeb.com/od9c2/xjdmy/tami.php>tami</a>
<a href=http://menorca.caeb.com/od9c2/xjdmy/shotguns.php>shotguns</a>
<a href=http://menorca.caeb.com/od9c2/xjdmy/weir.php>weir</a>
<a href=http://menorca.caeb.com/od9c2/xjdmy/copperhead.php>copperhead</a>
<a href=http://menorca.caeb.com/od9c2/xjdmy/mpv.php>mpv</a>
<a href=http://menorca.caeb.com/od9c2/xjdmy/brunei.php>brunei</a>
<a href=http://menorca.caeb.com/od9c2/xjdmy/doreen.php>doreen</a>
I have a website that is fairly static. It has some forms on it to send in contact information, mailing list submissions, etc. Perhaps hours/days after an upload to the site I found that the main index page had new code in it that I had not placed there that contained a hidden bunch of links in a invisible div.
I have the following code the handles the variables sent in from the form.
<?php
// PHP Mail Order to [email protected] w/ some error detection.
$jamemail = "[email protected]";
function check_input($data, $problem='')
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
if ($problem && strlen($data) == 0)
{
die($problem);
}
return $data;
}
$email = check_input($_POST['email'], "Please input email address.");
$name = check_input($_POST['name'], "Please input name.");
mail($jamemail, "Mailing List Submission", "Name: " . $name . " Email: " .$email);
header('Location: index.php');
?>
I have the following code within the index page to present the form with some Javascript to do error detection on the content of the submission prior to submission.
<form action="sendlist.php" method="post" onSubmit="return checkmaill(this);">
<label for="name"><strong>Name: </strong></label>
<input type="text" name="name"/><br />
<label for="email"><strong>Email: </strong></label>
<input type="text" name="email"/><br />
<input type="submit" value="Subscribe" style="width: 100px;"/>
</form>
At the end of the day, the source code where the injected hyperlinks is as follows:
</body>
</html><!-- google --><font style="position: absolute;overflow: hidden;height: 0;width: 0">
xeex172901
<a href=http://menorca.caeb.com/od9c2/xjdmy/onondaga.php>onondaga</a>
<a href=http://menorca.caeb.com/od9c2/xjdmy/tami.php>tami</a>
<a href=http://menorca.caeb.com/od9c2/xjdmy/shotguns.php>shotguns</a>
<a href=http://menorca.caeb.com/od9c2/xjdmy/weir.php>weir</a>
<a href=http://menorca.caeb.com/od9c2/xjdmy/copperhead.php>copperhead</a>
<a href=http://menorca.caeb.com/od9c2/xjdmy/mpv.php>mpv</a>
<a href=http://menorca.caeb.com/od9c2/xjdmy/brunei.php>brunei</a>
<a href=http://menorca.caeb.com/od9c2/xjdmy/doreen.php>doreen</a>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
您的表单与您的问题似乎不太可能有任何关系,更可能的是您的 ftp 信息已被泄露。假设您使用 ftp 将更改上传到您的网站...
It seems highly unlikely that your form has anything to do with your problem, more likely your ftp information has been compromised. Assuming that you use ftp to upload changes to your web-site...
除非有人可以物理访问您的服务器,否则这里就缺少了一个部分。您确定这是唯一运行的服务器端代码吗?
您不需要发布请求就容易受到攻击。 XSS 有各种形状和大小。
Unless someone has physical access to your server, there is a missing piece here. Are you sure this is the only server side code that runs?
You don't need a post request to be vulnerable. XSS comes in all shapes and sizes.
我建议您升级您的 wordpress
我发现另一个网站仍然受到相同注入代码的影响 这里,他们使用 wordpress 并有那里也有联系表格。
顺便说一句,您向我们展示的页面是重定向后的页面,漏洞可能位于 contact.php 或在 WordPress 中。
I suggest you to upgrade your wordpress
I found another site still effected with same inject code here, they using wordpress and have contact form there too.
By the way, the page you show us is after redirected page, vulnerabilty could be in contact.php or in wordpress.
网络托管服务器被黑客攻击,而不是大规模破坏=用“IPWND!U”替换索引,他们只是选择传播病毒并对他们控制的其他域使用blackhad seo,我建议您更改托管。
The webhosting server is hacked, instead of a mass-deface = Replacing indexes with "IPWND!U" they just choose to spread viruses and use blackhad seo for other domains they have in control, I recomend you change your hosting.