some **** hacking a clients site

2013-04-16  Source: Original Site  Category:PHP  Views:0 

Advertisement

someone keeps hacking the website of a client of mine which i made a while ago.

the hacking is completely changing the index.php page and adding malicious scripts to it.

below is the index page:
<?php
//include "include/functions.inc";
ob_start();
//website header
require_once "includes/header.php";

//website content
require_once "includes/content.php";

//website footer
require_once "includes/footer.php";
ob_end_flush();
?>

the left navigation php
<?
if ($_GET['id'] == 2)
{
?>
the html
<?
}
?>

content.php
<?
//home page
if ($_GET['id'] === 1)
{
require_once "includes/home.php";
}
//facilities pages
else if ($_GET['id'] === 2)
{
include "includes/facilities.php";
}
//kev and linda
else if ($_GET['id'] === 3)
{
require_once "includes/kevandlinda.php";
}
//location
else if ($_GET['id'] === 4)
{
require_once "includes/location.php";
}
//site map
else if ($_GET['id'] === 5)
{
require_once "includes/sitemap.php";
}
//contact
else if ($_GET['id'] === 6)
{
require_once "includes/contact.php";
}
else if ($_GET['id'] === "voucher")
{
header("Location: voucher.php");
exit;
}
// home
else
{
require_once "includes/home.php";
}
?>

please don't slate me using else ifs i built this a LONG time ago and i know its quite badly wrote. but i cant see where there getting the code into it.

do i need to check all the get variables before they are used? addslashes or something or is there an external source there using?

Related articles
  • some **** hacking a clients site 2013-04-16

    someone keeps hacking the website of a client of mine which i made a while ago. the hacking is completely changing the index.php page and adding malicious scripts to it. below is the index page: <?php //include "include/functions.inc"; ob_start();

  • distributing data to client sites... 2012-05-23

    We have a large SQL database, and we need to send out updated records to many clients' sites which are not connected. We currently have a tool which looks at the audit log of changes we made, creates a file based on this, which is then emailed to our

  • Hacking Your Own Site 2012-12-01

    The purpose of this article is not to teach you how to hack sites, but to show you some scenarios that may reveal to you how vulnerable your existing site may be, or will hopefully help you prevent any future sites from having these vulnerabilities.

  • URGENT || Somebody hacked into my site and changed index.php || Plz Help || 2013-12-06

    click here (http://www.212articles.com) <<< this is the site I am not that much into programming , but somebody is hacking to my site and injecting some kind of iframes ... it happened to another site , but that wasn't that important for me,

  • Fail to access Activex property from Client site 2012-01-21

    i have made an activex control which getdefaultprinter name from client machine and its done by the property of my control. Property name = RetPrinterName as string Control name = ActivePrinter i have made the CAB file of that activex so that it can

  • Would you recommand some famous Network Programming sites for Windwos? 2012-02-19

    Would you recommend some famous Network Programming sites for Windows?

  • client site cannot open OMS but server local do? 2013-03-07

    When I connet OMS from client site, no errror appear just like I did not click the 'connect' icon. but on the server site I open OMS normally. How can I make my client to connect to OMS. server OS is: redhat9.0 client OS is win2000sev I'm looking for

  • [Q] How to make UDP and TCP hack? Client to Client connection through firewall 2013-07-04

    [Q] How to make UDP and TCP hack? Client to Client connection through firewall? Hi, I checked out a Voice Chat program called Skype (www.skype.com) which allows two host clients to communicate bypassing a firewall. I am very intersted in how they did

  • Kindly suggest some Ubuntu related blogs/sites 2013-09-03

    I want to link some Ubuntu related blogs/sites from my own blog. Not to get anything in return, but to make sure people visiting my blog, get an opportunity to visit some of the more popular blogs/sites. As of now I have added Psychocats and OMG! Ubu

  • Client site not available--user control: 2013-12-28

    The same project get this error after I re-install win2k but before I install win2k everything is ok. Run-time error '398': Client site not available

  • Please post some good programming tutorial sites? 2014-01-10

    I found many tutorial sites are bookmark like. Anybody knows some good programming tutorials site with rich content?

  • Article Discussion: Regaining Control of a Hacked PHP-Nuke Site 2014-02-17

    PHP-Nuke is spreading over the Internet as a popular CMS system. If you have a PHP-Nuke installation which has been hacked into, read on to find out how regain control of your site. If your site hasn't been hacked it, read on to learn how to secure y

  • Ubuntu How to DCC Send/Receive while shh into box using Irssi or some other IRC client? 2014-03-06

    I am trying to figure out a way to dcc send and receive while sshed into my ubuntu box using Irssi or some other IRC client. I only just found Irssi as the only terminal based IRC client and it works just fine but I tried connecting to a f-serv and n

  • Would really appreciate some feedback on my site 2014-04-27

    I would really appreciate some feedback on my site as I'm not sure if the overall layout is acceptable especially for a text only site. I'd like your view on the Maroon border which is visible only on the home page. How better do you think I could di

  • Is someone trying to hack into my site? 2014-06-17

    I think someone is trying to hack into my site, but don't know how to investigate it. What tools are there and actions if any can I take? Here is an abreviated example: Host: 81.161.208.241 Url: /frames/demo/anchorpage.html Http Code : 200 Date: Apr

  • QUERY: Stop a website from linking to a clients site 2014-09-30

    A certain web site has linked to a clients site. The client does not want this link between the two sites to occur, as the link may mislead the user. Is there a bit of code that will redirect any pages that come from the offending URL to my clients U

  • Client site visit and mileage tracking software? 2015-01-02

    About a year ago, I started my own IT consulting business. I was tracking my client site visits, time spent on site, and mileage the hard way....with Openoffice.org Spreadsheet. Not that it was all that hard, really, but I would like to use a small d

  • TNET Client/Site licensing setup failed 2015-03-22

    We use Unidata 5.2 - SB 5.2.4 with Avante 9.3.5e package. This morning all of a sudden, people were booted out of Avante. They could not log back in. This package resides in a Microsoft Windows 2000 server. When we checked the server, everything was

  • jQuery Using some sort of client identification in javascript 2012-11-13

    all, I have a problem which is moderate in difficulty. It doesn't apply directly to jQuery -- but given the general aptitude of the users on this list, I figured I'd be able to pick some brilliant minds. I'm writing an API in jQuery which I'd like to

  • What do you think of some of my client projects? 2013-02-03

    Here are some clients im developing. Lemme know what you think of each if you can? http://www.carbonweb.net/uth http://www.angry-lizard.com/clients/phi http://www.enlightenedspirits.com and here's my company's site I've already posted this but in cas