Code Injection

[DAVID87]

Hi All,

I am having a bit of trouble at the moment with some code injection. I had some trouble before with a code that was being injected into my pages on my website and it was adding a line to the bottom of any page with name of index or home.

I cured this by adding "mysql_real_escape_string" on all of my input fields and also as a precaution changed my homepage from the default name to something else so I am not using index or home.

Now I am getting someone, somehow modifying all of my ".js" files in different directories and adding a lie of code at the end of them which redirects my site else where.

can anyone give me any pointers on how I can stop this and cure it??

Thanks in advance

David

[pbu]

it could be xss injection. make sure you filter all GET and POST variables using filter() function.

PHP Code:

function filter($data) {
    $data = trim(htmlentities(strip_tags($data)));
    
    if (get_magic_quotes_gpc())
        $data = stripslashes($data);
    
    $data = mysql_real_escape_string($data);
    
    return $data;
} 


[DAVID87]

Thanks pbu.

I have just tested on one page of my site and I can get this working. I will work on getting it on all my script pages now. Hopefully if I monitor this over the next few days it should be the fix I am looking for.

Thanks again.

[pbu]

dont forget - to filter all GET/POST at once, use this loop

PHP Code:


foreach($_POST as $key => $value) {
    $data[$key] = filter($value);
} 


[DAVID87]

Im guessing that the below id just for the post values.

PHP Code:

foreach($_POST as $key => $value) {
    $data[$key] = filter($value);
} 


is it just a case of changeing POST for GET for the get values?