Unknown script...

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
electronicsuk
Forum Newbie
Posts: 1
Joined: Sat Nov 01, 2003 2:26 am

Unknown script...

Post by electronicsuk »

I've only just recently installed support for php to my webserver, and I'm a total newbie to php, so please forgive me if this question is a bit stupid.

I have an area on my webserver that allows ananymous uploads. Today I found the following script has been uploaded:

Code: Select all

<?PHP

$pass    = md5($st);
echo "$pass";
?>
Does this pose any security risk to my server? I know the script has been run, and I get the feeling it might be be doing something such as giving away my admin password. Can anyone shed any light?

Many thanks,
Matthew
qads
DevNet Resident
Posts: 1199
Joined: Tue Apr 23, 2002 10:02 am
Location: Brisbane

Post by qads »

lol, sorry, this is noting to worry about, md5() is used to encrpyt strings..thats it.
you may wanna read http://uk2.php.net/manual/en/function.md5.php
Bennettman
Forum Contributor
Posts: 130
Joined: Sat Jun 15, 2002 3:58 pm

Post by Bennettman »

Yeah, that'll just take whatever $pass is set to in the URL (i.e. http://site.com/folder/page.php?pass=someword) and encrypt it, then send the result to the browser.
nemode
Forum Newbie
Posts: 12
Joined: Sat Nov 01, 2003 11:20 am

Post by nemode »

so could you use this to encript a password before its being sent???
how would you do that?
Cruzado_Mainfrm
Forum Contributor
Posts: 346
Joined: Sun Jun 15, 2003 11:22 pm
Location: Miami, FL

Post by Cruzado_Mainfrm »

ah, i suggest u disable uploading of .php files BECAUSE someone can make a script that may write in your server,read information or DELETE files... got it? :wink:
Post Reply