I have a website that is fairly static. It has some forms on it to send in contact information, mailing list submissions, etc. Perhaps hours/days after an upload to the site I found that the main index page had new code in it that I had not placed there that contained a hidden bunch of links in a invisible div.
I have the following code the handles the variables sent in from the form.
<?php
// PHP Mail Order to [email protected] w/ some error detection.
$jamemail = "[email protected]";
function check_input($data, $problem='')
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
if ($problem && strlen($data) == 0)
{
die($problem);
}
return $data;
}
$email = check_input($_POST['email'], "Please input email address.");
$name = check_input($_POST['name'], "Please input name.");
mail($jamemail, "Mailing List Submission", "Name: " . $name . " Email: " .$email);
header('Location: index.php');
?>
I have the following code within the index page to present the form with some Javascript to do error detection on the content of the submission prior to submission.
<form action="sendlist.php" method="post" onSubmit="return checkmaill(this);">
<label for="name"><strong>Name: </strong></label>
<input type="text" name="name"/><br />
<label for="email"><strong>Email: </strong></label>
<input type="text" name="email"/><br />
<input type="submit" value="Subscribe" style="width: 100px;"/>
</form>
At the end of the day, the source code where the injected hyperlinks is as follows:
</body>
</html><!-- google --><font style="position: absolute;overflow: hidden;height: 0;width: 0">
xeex172901
<a href=http://menorca.caeb.com/od9c2/xjdmy/onondaga.php>onondaga</a>
<a href=http://menorca.caeb.com/od9c2/xjdmy/tami.php>tami</a>
<a href=http://menorca.caeb.com/od9c2/xjdmy/shotguns.php>shotguns</a>
<a href=http://menorca.caeb.com/od9c2/xjdmy/weir.php>weir</a>
<a href=http://menorca.caeb.com/od9c2/xjdmy/copperhead.php>copperhead</a>
<a href=http://menorca.caeb.com/od9c2/xjdmy/mpv.php>mpv</a>
<a href=http://menorca.caeb.com/od9c2/xjdmy/brunei.php>brunei</a>
<a href=http://menorca.caeb.com/od9c2/xjdmy/doreen.php>doreen</a>