NYCPHP Meetup

[mikesz at qualityadvantages.com]

Hello All,

I have a client site that has a registration form with a captcha image
that is suppose to prevent spammers from dumping their junk. The form
has two text input windows and a fair amount of personal information
is collected as well.

I just noticed that this client has been getting regular injection
attacks that have been failing because it is a comment spammer and the
INSERT query is failing on a duplicate key error. For privacy and
security reasons I can not post the error message but it cites the php
file name and the injection looks like it is being added to one of the
text boxes.

The form has "Required" fields as well as a check function that is
suppose to check for valid input. All of those fields are empty in the
query that failed.

The question is, actually multiple related questions:

First how did that bad guy "execute" the query without hitting the
submit button or entering the captcha code and how did it bypass the
check function. It seems like the query was sent directly to the
database though the registration.php program but I have no clue how
that could have happened. I need to plug this hole but don't have any
idea where to start looking for it.

I have tried running the query like registration.php?query but that
didn't work.

Any ideas about how I can reproduce this problem would greatly
appreciate and any suggestions about how to fix it would be even more
greatly appreciated.            8-)

Thanks for your attention.
  

-- 
Best regards,
 mikesz                          mailto:mikesz at qualityadvantages.com