hoopplaya4 Posted July 6, 2009 Share Posted July 6, 2009 Hi all, I have just a basic question: Can a MySQL Injection (of any sort) be used to modify/append code to an existing PHP file on one's server? For example, I found an extra line of code on a few php files on my test server which created an iframe (1x1 in size) pointing to a fake mirosoft site. Not sure if this is a co-worker pranking or result of MySQL injection. Thanks. Link to comment https://forums.phpfreaks.com/topic/164991-solved-phpmysql-injection-question/ Share on other sites More sharing options...
p2grace Posted July 6, 2009 Share Posted July 6, 2009 Only if the contents of the page are dynamically generated from the database... otherwise the server was hacked and the lines were added to the script in the actual file. Link to comment https://forums.phpfreaks.com/topic/164991-solved-phpmysql-injection-question/#findComment-869984 Share on other sites More sharing options...
hoopplaya4 Posted July 6, 2009 Author Share Posted July 6, 2009 Okay, thanks. No, the "extra" code was hard-coded into the file. I've gone ahead and alerted my host provider's security team. Hopefully they will provide some further insight on the matter. Link to comment https://forums.phpfreaks.com/topic/164991-solved-phpmysql-injection-question/#findComment-869987 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.