[nycphp-talk] Injection Attack, any ideas?
David Krings
ramons at gmx.net
Wed Nov 7 07:08:27 EST 2007
mikesz at qualityadvantages.com wrote:
>
> Here is the URL : http://cl1p.net/myexploitedcode/
>
> thanks, mikesz
I am definitely not the code fashion police here, but I have quite some
problems to figure out what the code does and from where it gets stuff. Some
more comments other than a sequence of dashes makes ones life much easier,
especially when coming back later to figure out why stuff went wrong. You
didn't specify if it was your code, so blame the appropriate party. I make
sure that I put some comment for at least every two lines. Even when I can't
figure out what the code does I still know what it is supposed to do.
I also wonder what the requires at the top do. Do they contain only static
output or only functions? Or is there code executed before any of this script
even comes into play. You may want to look in there as well.
In regards to you problem....uhmmmm, I pass. You need to wait for some smarter
people to respond.
David
More information about the talk
mailing list