A new site of mine has been hit repeatedly with the request:
My file "email.php" was designed to read a URL from my website (defined in var 'page') and send it to a requested email address. This hack attempts to fool my site into reading remotely the following code:
<modnote - code removed>
It's too early for me to understand exactly what this code does. Perhaps someone can shed some light on the topic?
While I'm a paranoid coder and this exploit does not work on my site (I check all 'page' variables to ensure they actually exist as a page on my site), a little research shows that other webmasters have been hit with similar hacks that have brought networks to a halt. Again, it has targeted php pages that read local files via the query string (think about all those index.php?include=mypage.php content system designs...)
Just a warning to those using QS file references. Escape variables, check that files exist on your servers, etc.
You can never be too paranoid!
[edited by: jatar_k at 2:24 am (utc) on May 24, 2004]