Thread: Backdoor in 'Free PHP Directory Script' ?
View Single Post
Old 09-05-2004, 09:28 AM   #4 (permalink)
awall19
v7n Mentor
 
awall19's Avatar
 
Join Date: 02-18-04
Location: We Are Penn State!
Posts: 3,554
iTrader: 0 / 0%
Latest Blog:
None

awall19 is a splendid one to beholdawall19 is a splendid one to beholdawall19 is a splendid one to beholdawall19 is a splendid one to beholdawall19 is a splendid one to beholdawall19 is a splendid one to beholdawall19 is a splendid one to beholdawall19 is a splendid one to beholdawall19 is a splendid one to beholdawall19 is a splendid one to beholdawall19 is a splendid one to behold
Quote:
Originally Posted by MarketingLady
There are 2 dirty tricks inside the original free script:

1. File: include.php >> line 60, scroll to the right >> there is a query sending your password to biz-d.
2. File: install4.php >> line 62: <IMG SRC="http://www.directory-search.org/img/invis.gif" WIDTH=1 HEIGHT=1> >> with this hidden Gif he gets the referrer

Greets
how do you remove the part in #1 while still leaving the script operable?

if you remove that code of line from #2 does that link go away?
awall19 is offline   Reply With Quote