Jump to content

[SOLVED] Help from C99 shell Attack

pdent1

By pdent1
in PHP Coding Help

 Share

Recommended Posts

pdent1 Newbie

pdent1

Posted
Posted

I have user uploaded files on my server. Allowing videos photos and such. Yesterday I was banned from my hosting because of a hacking file. Once I recieved a copy of my files I noticed uploaded was a PHP.Backdoor It was labeled as Defacer.PHP.FLV. I have done alot of research and noticed it is always uploaded as .PHP.*** (jpg,mpg, and such) is there anyway to do a script to check if .PHP. is in the file and then end the upload to keep my site from being...well owned?

Link to comment
Share on other sites
redarrow Advanced Member

redarrow

Posted
Posted

Should never let users upload any think unless there a member of a web site.

 

apart from that, all you need to do  is make sure the correct .ext is uploaded easy as that....

 

what file type there allowed only.........

<?php
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
?>

 

 

link

http://www.w3schools.com/PHP/php_file_upload.asp

 

you should off thort off this before any upload script goes live....

Link to comment
Share on other sites
pdent1 Newbie

pdent1

Posted
  • Author
Posted

they were a member..anyway would 

$file= "index.php.jpg"; 
$file2=".php";
$file3= str_replace("$file2", "", "$file");

work? How do I stop extensions such as .php.gif/jpg? or would that code be easier since it would remove .php altogether.

yes you are right redarrow I could make it where I have to confirm before being uploaded but with over 1000 uploads a day that'd be alot of work

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

The C99 shell script is a php script.

 

It would normally be uploaded as a .php file and then it gets browsed to in order to execute it. It would only be possible to execute it on your server if the file extension that it was uploaded as was one that the server has been configured to parse as php code. Has your server been configured to parse .flv files as php or has any other extension besides .php been configured to be parsed as php?

 

I rather suspect that the .flv file you found was just one of the files containing the script and it may in fact not be the actual one what was used. Have you examined (searched) all the .php files for the c99 shell code?

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Is the following your actual code or code you think would work -

$file= "index.php.jpg"; 
$file2=".php";
$file3= str_replace("$file2", "", "$file");

And, no the above code would not have stopped a file named Defacer.PHP.FLV from being uploaded.

 

It would actually be best if you -

A) Found exactly where and how the script got placed onto the server and how it got executed, and

B) Posted your existing upload code as that would let someone find exactly how it was bypassed.

 

Link to comment
Share on other sites
pdent1 Newbie

pdent1

Posted
  • Author
Posted 
<?

include  'config/connection.php';

  	$user_id		=	$_SESSION['userid']; 
    $sucess			=	$_REQUEST['sucess']; 
   	$linkname		=	$_REQUEST['linkname']; 
   	$desc			=	$_REQUEST['desc'];   
    $category		=	$_REQUEST['category']; 

   if(isset($_REQUEST['Submit']))
   {
   $img1       =   $_FILES['imagefile']['name'];

    if($img1!='')

	{

	$uniq=uniqid($uniq);

	$img1=$uniq.$img1;

	$uploadfiles = $path.$img1;

	move_uploaded_file($_FILES['imagefile']['tmp_name'],$uploadfiles);
			}

	$video1      =   $_FILES['videofile']['name'];

    	if($video1!='')
			{

	$uniq1=uniqid($uniq1);

	$video1=$uniq1.$video1;

	$uploadfiles = $path1.$video1;

	move_uploaded_file($_FILES['videofile']['tmp_name'],$uploadfiles);


}


			$user_link=$Q("INSERT INTO `video_links` (`user`,`name`,`picture`,`video`,`desc`,`date`,`time`,`status`,`category`)

   			VALUES('$user_id','$linkname','$img1','$video1','$desc','$date','$time','1','$category')");

     		$sucess = 1;

		if($_SESSION['mod_rewrite']==1)
		{
			$page_name = $web_path."submit-user-video-1.html";
		}
		else
		{
			$page_name = $web_path."submit_video.php?sucess=1";
		}

		echo "<script>window.location='$page_name';</script>";


   				}


?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

function check()

{

if(document.form1.category.value=="")

{
	alert("Enter category");
	document.form1.category.focus();
	return false;
}

if(document.form1.linkname.value=="")

{
alert("Enter linkname");
document.form1.linkname.focus();
return false;
}

if(document.form1.imagefile.value=="")
{
alert("Enter imagefile");
document.form1.imagefile.focus();
return false;
}

if(document.form1.videofile.value=="")
{
alert("Enter videofile ");
document.form1.videofile.focus();
return false;
}

if(document.form1.desc.value=="")
{
alert("Enter Description ");
document.form1.desc.focus();
return false;
}

}

</script>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title><? echo $generalsettings['site_name'];?>-<? echo $generalsettings['title'];?></title>
<meta name="description" content="<? echo $generalsettings['description'];?>">
<meta name="keywords" content="<? echo $generalsettings['keyword'];?>" />
<link href="<? echo $pro_path; ?><? echo $theme_path; ?>css/style.css" rel="stylesheet" />
<link rel="stylesheet" href="tooltip/style.css" type="text/css">

</head>
<body class="Main" >
<table width="989" border="0" cellspacing="0" cellpadding="0" class="tablecontent" align="center">
  <tr>
    <td><table width="100%" border="0" cellspacing="0" cellpadding="0" class="tablecontent">
        <tr>
          <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/top bar.jpg" width="989" height="42"><table width="100%" border="0" cellspacing="0" cellpadding="0" class="tablecontent">
            <? include_once $pro_path."/header.php";?>
        <tr>
          <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/bg-middle.jpg" width="989" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0" class="tablecontent">
              <tr>
                <td width="20%" align="center" valign="top"><? include_once $pro_path."/left.php";?></td>
                <td valign="top" width="60%"><table width="100%" border="0" cellspacing="0" cellpadding="0" class="tablecontent">
  
  
   
     <tr>
            <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/tab_submit_videos.jpg" width="591" height="40" style="background-repeat:no-repeat"></td>
          </tr>
  <tr>
    <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/center-middle.jpg" width="591"  valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0">
   
    
      <tr>
        <td><form action="" method="post" enctype="multipart/form-data" name="form1" id="form1">
            <table width="100%" border="0" cellspacing="0" cellpadding="0">
             <tr><td height="5" colspan="2"></td></tr>
		 <tr>
                                        <td align="center" colspan="2"><table width="96%" border="0">
                                            <tr>
                                              <td align="center"  class="body_ads"><? $ads=$F($Q("select `index_page` from `ads` ")); ?>
                                                <? echo $ads['index_page']; ?></td>
                                            </tr>
                                          </table></td>
                                      </tr>
		<tr><td height="5" colspan="2"></td></tr>						  
		  <? if($sucess==1) { ?>
              <tr>
                <td align="center"  class="redtext" colspan="2"><? echo "Added Sucessfully...." ?></td>
              </tr>
              <? } ?>
              <tr>
                <td colspan="2"> </td>
              </tr>
              <tr>
                <td align="right" colspan="2"  class="main_title"><?
						    if($_SESSION['mod_rewrite']==1)
								{
									$page_name = $web_path."submit-user-link.html";
								}
								else
								{
									$page_name = $web_path."submit_userlink.php";
								}
						  ?>
                    <a href="<? echo $page_name?>"  class="toplink"> Add Porn Link </a>     </td>
              </tr>
              <tr>
                <td colspan="2"  class="main_title">   <strong>Submit Your Video Link Here</strong></td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td class="main_title" valign="top">   <strong>Select Category: </strong></td>
                <td valign="top" class=""><? 
 						 $qu="SELECT `id`,`name` FROM `video_category` WHERE `status` = '1'";
  						 $rs=$Q($qu);
 						 ?>
                    <select name="category" class="blacktext" >
                      <option>Choose Category</option>
                      <? 
						while($dis=$F($rs))
						{
						?>
                      <option value="<? echo $dis['id']?>"> <? echo $dis['name'];?></option>
                      <? } ?>
                  </select></td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td class="main_title" width="32%" valign="top">   <strong>Title : </strong></td>
                <td width="68%" valign="top" class=""><input name="linkname" type="text" size="40" />
                </td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td class="main_title" valign="top">   <strong>Upload Image: </strong></td>
                <td valign="top" class=""><input type="file" name="imagefile" />
                </td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td class="main_title" valign="top">   <strong>Upload Video: </strong></td>
                <td valign="top" class=""><input type="file" name="videofile" />
                </td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td class="main_title" valign="top">   <strong>Description:</strong></td>
                <td valign="top"><label>
                  <textarea name="desc" cols="40" rows="10"></textarea>
                </label></td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td colspan="2" align="center" valign="top" class=""><input type="submit" name="Submit" value="Submit" class="btns"  onclick="javascript:return check();" /></td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
            </table>
        </form></td>
      </tr>
      <tr>
        <td> </td>
      </tr>
    </table></td>
  </tr>
  <tr>
    <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/center-bottom.jpg" width="592" height="27" style="background-repeat:no-repeat"></td>
  </tr>
</table>
 </td>
                <td width="20%" align="center" valign="top"><? include_once "$pro_path/right.php";?></td>
              </tr>
            </table></td>
        </tr>
        <tr>
          <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/bg-bottom.jpg" width="989" height="14"></td>
        </tr>
      </table></td>
  </tr>
<? include_once "$pro_path/footer.php";?>
</table></td></tr></table>
</body>
</html>

Link to comment
Share on other sites
redarrow Advanced Member

redarrow

Posted
Posted

Where $_FILES['imagefile']['type '];  please?

 

as stated before and link provided

 

<?php

if ((($_FILES["file"]["type"] == "image/gif")

|| ($_FILES["file"]["type"] == "image/jpeg")

|| ($_FILES["file"]["type"] == "image/pjpeg"))

?>

 

you got to tell the code what type is allowed to be posted only......

Link to comment
Share on other sites
pdent1 Newbie

pdent1

Posted
  • Author
Posted

do what? SO i guess

before

  $img1      =  $_FILES['imagefile']['name'];

I would put

 

if ((($_FILES["file"]["type"] == "video/mpeg")

|| ($_FILES["file"]["type"] == "video/quicktime")

|| ($_FILES["file"]["type"] == "video/x-msvideo")){

 

  $img1      =  $_FILES['imagefile']['name'];

}else{

echo "Please submit a valid video format";

}

 

 

and so on...?

 

Couldn't this still accept a .php.flv file since it would read it as a .flv?

 

also PFMaBiSmAd The file could still be uploaded but if it was not .php.flv and it was just .flv it would have not been ran as a .php page it would have opened a video box and just errored. I have a copy of the backdoor that was ran and have been testing by uploading it to the server to see if I could run it before someone else does.

Link to comment
Share on other sites
redarrow Advanced Member

redarrow

Posted
Posted

What i can see from what i have read, is that .flv is a flash file for flash video's, but the mime type is not the same as a normal .swf file, so i guess php does not see it as a .ext when added to a .php file example redarrow.php.flv, the ,flv not seen, unless of course set in the php.ini.

 

don't no if i am wright according to that and a guess your be ok now.

 

Your example is correct,just add it to your current script, and try and upload a file you suspect to be specious with the .php.flv ext.....

 

see what happens?

 

 

Link to comment
Share on other sites
pdent1 Newbie

pdent1

Posted
  • Author
Posted

so use

f ((($_FILES["file"]["type"] == "video/mpeg")
|| ($_FILES["file"]["type"] == "video/quicktime")
|| ($_FILES["file"]["type"] == "video/x-msvideo")){

   $img1       =   $_FILES['imagefile']['name'];
}else{
echo "Please submit a valid video format";
}

but do every video/ type correct? just making sure I get it right this time  :shrug:

Link to comment
Share on other sites
redarrow Advanced Member

redarrow

Posted
Posted

just use the link i provided and add the mime types that you need and no others will enter to the folder ok.

 

 

you need also to investigate your own faults, that how you learn, once you create the new feature to protect your uploads, keep testing it, till your happy then go live.....

Link to comment
Share on other sites
pdent1 Newbie

pdent1

Posted
  • Author
Posted 
<?

include  'config/connection.php';

  	$user_id		=	$_SESSION['userid']; 
    $sucess			=	$_REQUEST['sucess']; 
   	$linkname		=	$_REQUEST['linkname']; 
   	$desc			=	$_REQUEST['desc'];   
    $category		=	$_REQUEST['category']; 

   if(isset($_REQUEST['Submit']))
   {

if ($_FILES['imagefile']['type'] == "image/bmp"
|| $_FILES['imagefile']['type'] == "image/gif"
|| $_FILES['imagefile']['type'] == "image/jpeg"
|| $_FILES['imagefile']['type'] == "image/pjpeg"
|| $_FILES['imagefile']['type'] == "image/png"
|| $_FILES['imagefile']['type'] == "image/tiff"
|| $_FILES['imagefile']['type'] == "image/x-tiff"
|| $_FILES['imagefile']['type'] == "image/x-windows-bmp"){

   $img1       =   $_FILES['imagefile']['name'];
$ok = '0';
}else{
$ok = '1';
$img1 = '';
}

   $img1       =   $_FILES['imagefile']['name'];

    if($img1!='')

	{

	$uniq=uniqid($uniq);

	$img1=$uniq.$img1;

	$uploadfiles = $path.$img1;

	move_uploaded_file($_FILES['imagefile']['tmp_name'],$uploadfiles);
			}

if ($_FILES['videofile']['type'] == "video/mpeg"
|| $_FILES['videofile']['type'] == "video/quicktime"
|| $_FILES['videofile']['type'] == "video/x-msvideo"
|| $_FILES['videofile']['type'] == "video/avi"
|| $_FILES['videofile']['type'] == "video/mpeg"
|| $_FILES['videofile']['type'] == "video/msvideo"
|| $_FILES['videofile']['type'] == "video/quicktime"
|| $_FILES['videofile']['type'] == "video/quicktime"
|| $_FILES['videofile']['type'] == "video/x-mpeg"
|| $_FILES['videofile']['type'] == "video/x-ms-asf"
|| $_FILES['videofile']['type'] == "video/x-ms-asf-plugin"
|| $_FILES['videofile']['type'] == "video/x-msvideo"){


   $video1       =   $_FILES['videofile']['name'];
$ok1 = '0';

}else{
$video1 = '';
$ok1 = '1';
echo "You may only upload files in video format.";
}


    	if($video1!='')
			{

	$uniq1=uniqid($uniq1);

	$video1=$uniq1.$video1;

	$uploadfiles = $path1.$video1;

	move_uploaded_file($_FILES['videofile']['tmp_name'],$uploadfiles);


}




IF ($ok == '1' || $ok1 == '1'){
$sucess = 2;
		if($_SESSION['mod_rewrite']==1)
		{
			$page_name = $web_path."submit-user-video-1.html";
		}
		else
		{
			$page_name = $web_path."submit_video.php?sucess=2";
		}
}else{

			$user_link=$Q("INSERT INTO `video_links` (`user`,`name`,`picture`,`video`,`desc`,`date`,`time`,`status`,`category`)

   			VALUES('$user_id','$linkname','$img1','$video1','$desc','$date','$time','1','$category')");


     		$sucess = 1;

		if($_SESSION['mod_rewrite']==1)
		{
			$page_name = $web_path."submit-user-video-1.html";
		}
		else
		{
			$page_name = $web_path."submit_video.php?sucess=1";
		}

}
		echo "<script>window.location='$page_name';</script>";


   				}


?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

function check()

{

if(document.form1.category.value=="")

{
	alert("Enter category");
	document.form1.category.focus();
	return false;
}

if(document.form1.linkname.value=="")

{
alert("Enter linkname");
document.form1.linkname.focus();
return false;
}

if(document.form1.imagefile.value=="")
{
alert("Enter imagefile");
document.form1.imagefile.focus();
return false;
}

if(document.form1.videofile.value=="")
{
alert("Enter videofile ");
document.form1.videofile.focus();
return false;
}

if(document.form1.desc.value=="")
{
alert("Enter Description ");
document.form1.desc.focus();
return false;
}

}

</script>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title><? echo $generalsettings['site_name'];?>-<? echo $generalsettings['title'];?></title>
<meta name="description" content="<? echo $generalsettings['description'];?>">
<meta name="keywords" content="<? echo $generalsettings['keyword'];?>" />
<link href="<? echo $pro_path; ?><? echo $theme_path; ?>css/style.css" rel="stylesheet" />
<link rel="stylesheet" href="tooltip/style.css" type="text/css">

</head>
<body class="Main" >
<table width="989" border="0" cellspacing="0" cellpadding="0" class="tablecontent" align="center">
  <tr>
    <td><table width="100%" border="0" cellspacing="0" cellpadding="0" class="tablecontent">
        <tr>
          <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/top bar.jpg" width="989" height="42"><table width="100%" border="0" cellspacing="0" cellpadding="0" class="tablecontent">
            <? include_once $pro_path."/header.php";?>
        <tr>
          <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/bg-middle.jpg" width="989" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0" class="tablecontent">
              <tr>
                <td width="20%" align="center" valign="top"><? include_once $pro_path."/left.php";?></td>
                <td valign="top" width="60%"><table width="100%" border="0" cellspacing="0" cellpadding="0" class="tablecontent">
  
  
   
     <tr>
            <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/tab_submit_videos.jpg" width="591" height="40" style="background-repeat:no-repeat"></td>
          </tr>
  <tr>
    <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/center-middle.jpg" width="591"  valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0">
   
    
      <tr>
        <td><form action="" method="post" enctype="multipart/form-data" name="form1" id="form1">
            <table width="100%" border="0" cellspacing="0" cellpadding="0">
             <tr><td height="5" colspan="2"></td></tr>
		 <tr>
                                        <td align="center" colspan="2"><table width="96%" border="0">
                                            <tr>
                                              <td align="center"  class="body_ads"><? $ads=$F($Q("select `index_page` from `ads` ")); ?>
                                                <? echo $ads['index_page']; ?></td>
                                            </tr>
                                          </table></td>
                                      </tr>
		<tr><td height="5" colspan="2"></td></tr>

  <? if($sucess==2) { ?>
              <tr>
                <td align="center"  class="redtext" colspan="2"><? echo "Incorrect Video or Image Format...." ?></td>
              </tr>

              <? } ?>
		  <? if($sucess==1) { ?>
              <tr>
                <td align="center"  class="redtext" colspan="2"><? echo "Added Sucessfully...." ?></td>
              </tr>
              <? } ?>
              <tr>
                <td colspan="2"> </td>
              </tr>
              <tr>
                <td align="right" colspan="2"  class="main_title"><?
						    if($_SESSION['mod_rewrite']==1)
								{
									$page_name = $web_path."submit-user-link.html";
								}
								else
								{
									$page_name = $web_path."submit_userlink.php";
								}
						  ?>
                    <a href="<? echo $page_name?>"  class="toplink"> Add Porn Link </a>     </td>
              </tr>
              <tr>
                <td colspan="2"  class="main_title">   <strong>Submit Your Video Link Here</strong></td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td class="main_title" valign="top">   <strong>Select Category: </strong></td>
                <td valign="top" class=""><? 
 						 $qu="SELECT `id`,`name` FROM `video_category` WHERE `status` = '1'";
  						 $rs=$Q($qu);
 						 ?>
                    <select name="category" class="blacktext" >
                      <option>Choose Category</option>
                      <? 
						while($dis=$F($rs))
						{
						?>
                      <option value="<? echo $dis['id']?>"> <? echo $dis['name'];?></option>
                      <? } ?>
                  </select></td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td class="main_title" width="32%" valign="top">   <strong>Title : </strong></td>
                <td width="68%" valign="top" class=""><input name="linkname" type="text" size="40" />
                </td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td class="main_title" valign="top">   <strong>Upload Image: </strong></td>
                <td valign="top" class=""><input type="file" name="imagefile" />
                </td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td class="main_title" valign="top">   <strong>Upload Video: </strong></td>
                <td valign="top" class=""><input type="file" name="videofile" />
                </td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td class="main_title" valign="top">   <strong>Description:</strong></td>
                <td valign="top"><label>
                  <textarea name="desc" cols="40" rows="10"></textarea>
                </label></td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td colspan="2" align="center" valign="top" class=""><input type="submit" name="Submit" value="Submit" class="btns"  onclick="javascript:return check();" /></td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
            </table>
        </form></td>
      </tr>
      <tr>
        <td> </td>
      </tr>
    </table></td>
  </tr>
  <tr>
    <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/center-bottom.jpg" width="592" height="27" style="background-repeat:no-repeat"></td>
  </tr>
</table>
</td>
                <td width="20%" align="center" valign="top"><? include_once "$pro_path/right.php";?></td>
              </tr>
            </table></td>
        </tr>
        <tr>
          <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/bg-bottom.jpg" width="989" height="14"></td>
        </tr>
      </table></td>
  </tr>
<? include_once "$pro_path/footer.php";?>
</table></td></tr></table>
</body>
</html>

wow i see tons of errors now let me update and i will edit again

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

I just tested this using Apache 2.2.x under Windows. When Apache is configured to parse .php files, a file such as Defacer.PHP.FLV will be parsed as php. Apparently the web server only looks at the file name up to the first extension it finds.

 

This certainly does explain the great number of web sites that are being easily taken over. Another reason to only store uploaded files in a folder that is not accessible through a http request.

Link to comment
Share on other sites
pdent1 Newbie

pdent1

Posted
  • Author
Posted

i said to use that copy  mad techie at page one  :P anyways the mime code does seem to work it checks the file type...but to be one the safe side I am thinking doing the str_replace on .php just so I KNOW it won't happen, and ya PFMaB I googled the header to the 'backdoor hack' that was on my site and came up with hundreds of finds of hacked sites. Most were using JOOMLA(I believe that's what it is called)  or that's what they were blaming it on. I hosted adult movies he just uploaded it as a movie can also be uploaded as a picture, mp3, flash or anything else that shows directly to your website as a php script you host.  http://www.google.com/search?q=Rajoul_mok+was+here&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Link to comment
Share on other sites
MadTechie Regular Member

MadTechie

Posted
Posted

Personally I believe anything that gets uploaded be handled with care!, so outside the public is the best option but if that's not possible then just turn the PHP Engine off if your upload folder.

IE

<Directory "/var/www/html/uploads">
php_admin_flag engine off
</Directory>

 

always rename the file when possible and re-create the image if possible,

(this in-fact reduces it's size thus for a small amount of one off resource, you save bandwidth and space)

 

The fact is this exploit has been out for years, but people still don't take care,

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.