sharing small pieces of rocks or jewels I find on the way

PHP Vulnerability

One of my sites were being hacked. I wanted to check why this was happening and how. So, I added a logger to see who is posting what to hack the site. There I came across a interesting thing, somebody is posting


If I use some $_POST to create a string or anything, this will be executed. Here is a interesting article to solve this problem

Now, problem is, I’m not going to check it in every $_POST by that, it’s a old project and I don’t have a budget to do something like that. So, I’m planning to do a check in the common include file for all the $_POST for existence of ‘base64_decode(‘ and ‘eval(‘ – if found, stop it there, notify me about the attack. If for that I lose some authentic post, I guess that would be fine.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: