c99 php script

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
gth759k
Forum Commoner
Posts: 76
Joined: Mon Jun 15, 2009 3:04 am

c99 php script

Post by gth759k »

I logged into my clients server the other day and to my surprise there were several suspicious files there I'd never seen before! The scariest of which was a file called testc99.php. Looking at in a browser was even scarier than looking at it in code. It gave anyone access to my work. After reading up on "Remote File Inclusion" which is often associated with this file, I'm completely confused. First of all, nowhere in my 60k+ lines of code, do I use a $_GET variable to include files in the way that remote file inclusion describes. Second of all, I want to know how it was uploaded to the root directory of the web page. In my site, everything uploaded from within the site goes to one or another sub folders but this script was uploaded directly to the same folder as the index of the whole site. Any clues as to how that was accomplished?
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Re: c99 php script

Post by Jonah Bron »

Can the user pick the filename he wants? Someone might have set it to something malicious like "../testc99.php".

It could also be possible that someone got into your FTP account.
gth759k
Forum Commoner
Posts: 76
Joined: Mon Jun 15, 2009 3:04 am

Re: c99 php script

Post by gth759k »

no, the file name is created by uniqid($username), but I've been going back through all my code and rejecting any file uploads that don't have a jpg, jpeg, gif, or png extention. Hopefully that will help prevent this from happening again.
Post Reply