Not signed in (Sign In)

Vanilla 1.1.10 is a product of Lussumo. More Information: Documentation, Community Support.

    • CommentAuthormtg169
    • CommentTimeMar 13th 2009
     
    I've been getting numerous warnings like the following. Appears some script keeps trying to inject URLs through the level var in Plogger. All of the sites that are trying to inject these URLs are on free Web hosting sites, many of them at hostinginfive.com. Just wondering if it's something I should be worrying about. Doesn't seem to be exploitable, but I wanted to make sure. The hosts seem to delete the sites after a few days.

    [13-Mar-2009 11:02:40] PHP Warning: parse_url(/photogallery/index.php?level=http://mikesplace.hostinginfive.com/frame.htm?) [<a href='function.parse-url'>function.parse-url</a>]: Unable to parse URL in photogallery\plog-load_config.php on line 28
    •  
      CommentAuthorsidtheduck
    • CommentTimeMar 13th 2009
     
    yeah, it looks like someone is hoping to get an exploit in there, but it's not working (thus the errors are thrown, otherwise you would have an injected iframe on your site). The code should make sure that this exploit is not ... well, exploitable :P