Hello,
On 13 May 2015 at 16:22, Ish Sookun <ish_at_hacklog.in> wrote:
> Looking at the homepage source, one could find the following code at the
> bottom :
>
> PHP Warning: session_start() [<a
> href='function.session-start'>function.session-start</a>]:
> open(C:\tmp\sess_o6gn2give5ct65j9ek1pjcb2r3, O_RDWR) failed: Permission
> denied (13) in
> \\boswinfs01\home\users\web\b171\ywh.hcimauritius\config\connect.php on
> line 1
>
> Yes, that's a Windows server with a folder having permission issues
> assigned to the webserver. An error text inserted after the </html> tag
> could lead Google to believe the page has been compromised and the text
> inserted maliciously. It's just my observation, I could be wrong too.
>
+1 Can't be sure whether it was really compromised or not. But there is a
possibility of SQL injections (I'm not saying it was compromised thr' this).
Example:
http://indiahighcom-mauritius.org/pages.php?id=15%27%20OR%20%271%27%20=%20%271%27%20--
Regards,
Nadim Attari
Received on Wed May 13 2015 - 13:38:16 PST