So, what is this? I haven't really experienced too much as far as "hacking" goes. I've dealt and solved most problems with PHP applications and I understand about 70% of this开发者_如何学编程 code.
But here is what I found, a Web Shell by Boff?
My code.
It is hard to say, but generally to exploit something like this there is a loop hole in an include / require which is including a $_GET or $_POST variable that is not being filtered / checked.
IE:
include($_GET['page'] . '.php');
Which some people did / do to lessen the code, however, anyone could inject a URL here and it could write a new file etc.
To fix:
$page = !empty($_GET['page'])?$_GET['page']:index;
$whiteList = array('index', 'home');
if (!in_array($page, $whiteList)) {
$page = 'index';
}
include($page . '.php');
But yea, this is just one way. I am sure there are many other methods as well.
It looks like a remote administration tool, which could potentially be used as a back door.
Yes, you found a backdoor that the attacker is using to access your site. But this is only a symptom of a much larger problem. Is is likely that a web application or library that you have installed is vulnerable to attack. Someone used Exploit Code to drop this backdoor and unless you patch the site, the attacker will just drop another backdoor.
Make sure everything is up to date. Try and install a Web Application Firewall like Mod_Security.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论