phpshooter Posted May 12, 2012 Share Posted May 12, 2012 Hello All, I'm just learning php, new to this site and need some help. The following code appeared in the url bar from one of the site visitors: //?-d+allow_url_include%3don+-d+auto_prepend_file%3dphp://input+-d+safe_mode%3d1+-d+suhosin.simulation%3d1+-d+ I'm wondering what this person was trying to get access to? Any help would be appreciated. Thanks Link to comment https://forums.phpfreaks.com/topic/262463-url-code/ Share on other sites More sharing options...
sKunKbad Posted May 12, 2012 Share Posted May 12, 2012 Looks like they were trying to hack your site. Link to comment https://forums.phpfreaks.com/topic/262463-url-code/#findComment-1345058 Share on other sites More sharing options...
smoseley Posted May 13, 2012 Share Posted May 13, 2012 Specifically, looks like they're trying to write a file via stream-input. Link to comment https://forums.phpfreaks.com/topic/262463-url-code/#findComment-1345065 Share on other sites More sharing options...
phpshooter Posted May 13, 2012 Author Share Posted May 13, 2012 I figured it wasn't something nice..I blocked their IP just in case. Thanks, for the help. Link to comment https://forums.phpfreaks.com/topic/262463-url-code/#findComment-1345066 Share on other sites More sharing options...
trq Posted May 13, 2012 Share Posted May 13, 2012 There is a know bug in php's cgi implementation that allows a client to view the source of a page by supplying a query string without any = sign in it. eg; /?-s is enough to trigger it. At least the first part of looks like this issue. Link to comment https://forums.phpfreaks.com/topic/262463-url-code/#findComment-1345082 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.