Page 1 of 1

Unknown script...

Posted: Sat Nov 01, 2003 2:26 am
by electronicsuk
I've only just recently installed support for php to my webserver, and I'm a total newbie to php, so please forgive me if this question is a bit stupid.

I have an area on my webserver that allows ananymous uploads. Today I found the following script has been uploaded:

Code: Select all

<?PHP

$pass    = md5($st);
echo "$pass";
?>
Does this pose any security risk to my server? I know the script has been run, and I get the feeling it might be be doing something such as giving away my admin password. Can anyone shed any light?

Many thanks,
Matthew

Posted: Sat Nov 01, 2003 5:39 am
by qads
lol, sorry, this is noting to worry about, md5() is used to encrpyt strings..thats it.
you may wanna read http://uk2.php.net/manual/en/function.md5.php

Posted: Sat Nov 01, 2003 9:43 am
by Bennettman
Yeah, that'll just take whatever $pass is set to in the URL (i.e. http://site.com/folder/page.php?pass=someword) and encrypt it, then send the result to the browser.

Posted: Sat Nov 01, 2003 12:03 pm
by nemode
so could you use this to encript a password before its being sent???
how would you do that?

Posted: Sat Nov 01, 2003 12:47 pm
by Cruzado_Mainfrm
ah, i suggest u disable uploading of .php files BECAUSE someone can make a script that may write in your server,read information or DELETE files... got it? :wink: