Warning: include(.../cache/template/template63867.php): failed to open stream: No such file or directory in /home/codingta/public_html/includes/vb5/template.php on line 328 Warning: include(): Failed opening '.../cache/template/template63867.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/codingta/public_html/includes/vb5/template.php on line 328 My site was attacked by injection - Coding-Talk

My site was attacked by injection

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • My site was attacked by injection

    Hello guys, my site was attacked and the hacker claims it was done by a simple injection in ip, we all know hackers don't reveal the true ways of executing their attacks, however, would just like to verify if my ip code seems vulnerable or not?

    function getip()

    {

    if($_SERVER["REMOTE_ADDR"])

    { $ip=$_SERVER["REMOTE_ADDR"];

    } else { $ip=$_SERVER["HTTP_X_FORWARDED_FOR"];}

    if(strpos($ip,",")){

    $exp_ip=explode(",",$ip);

    $ip=$exp_ip[0];

    }

    return $ip;

    }

  • #2
    Yes its vulnerable.
    HTTP_X_FORWARDED_FOR can be easily spoofed
    use mysql_escape_string() to make it safe.

    Comment

    Working...
    X