Page 1 of 1
Javascript hack
Posted: Thu Oct 15, 2009 12:20 pm
by sbcs
Hi
I have a site here
I am getting injected by some javascript code in my pages
The site is static and has only a contact form
Also when its affected - in the images folder I can see one php file uploaded.
Could you get me an idea how this happens and what can be the solution?
This is the url - http://successunlimited.in/
Kindly check and let me know
thanks in advance!
Re: Javascript hack
Posted: Thu Oct 15, 2009 9:54 pm
by Eric!
You would have to post the php code for us to point out the holes. Most likely you are echoing a data field and/or not filtering the user data from your contact form. You could also be hacked through a wide variety of other ways. Start changing passwords and notify your host provider of your problem too.
Also post the php file that appears on your site and we can try to help you see what they are doing. Please use [syntax=php]PASTEDCODE[/syntax] tags when posting code.
Re: Javascript hack
Posted: Thu Oct 15, 2009 10:02 pm
by sbcs
Dear Eric
Thank You for the reply
I hav cleaned the files for the time being, and waiting for further attacks
I have used a strip_tags() for all form variables and also a session token id is used.
I will let You know if i get any further attackes and will paste the code
Once again thank You very much!
Sathish
Re: Javascript hack
Posted: Thu Oct 15, 2009 10:08 pm
by Eric!
If you want more help, you can post your php code here for people to help. There are some surprisingly simple ways to compromise a contact form depending on how it was written. Here is an example of how to plug up some of the basics including filters for the user's input.
viewtopic.php?f=50&t=104240
Re: Javascript hack
Posted: Thu Oct 15, 2009 10:18 pm
by sbcs
That looks great Eric!
Seems like I hav to go miles to do a contact form

I will implement it and let You know
The sanitize function looks awesome!
thanks!!!