NYCPHP Meetup

NYPHP.org

[nycphp-talk] Injection Attack, any ideas?

David Krings ramons at gmx.net
Wed Nov 7 07:08:27 EST 2007


mikesz at qualityadvantages.com wrote:

> 
> Here is the URL : http://cl1p.net/myexploitedcode/
> 
> thanks, mikesz

I am definitely not the code fashion police here, but I have quite some 
problems to figure out what the code does and from where it gets stuff. Some 
more comments other than a sequence of dashes makes ones life much easier, 
especially when coming back later to figure out why stuff went wrong. You 
didn't specify if it was your code, so blame the appropriate party. I make 
sure that I put some comment for at least every two lines. Even when I can't 
figure out what the code does I still know what it is supposed to do.
I also wonder what the requires at the top do. Do they contain only static 
output or only functions? Or is there code executed before any of this script 
even comes into play. You may want to look in there as well.

In regards to you problem....uhmmmm, I pass. You need to wait for some smarter 
people to respond.

David



More information about the talk mailing list