So, what is this? I haven’t really experienced too much as far as “hacking” goes. I’ve dealt and solved most problems with PHP applications and I understand about 70% of this code.
But here is what I found, a Web Shell by Boff?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
So, what is this? I haven’t really experienced too much as far as “hacking” goes. I’ve dealt and solved most problems with PHP applications and I understand about 70% of this code.
But here is what I found, a Web Shell by Boff?
It is hard to say, but generally to exploit something like this there is a loop hole in an
include/requirewhich is including a$_GETor$_POSTvariable that is not being filtered / checked.IE:
Which some people did / do to lessen the code, however, anyone could inject a URL here and it could write a new file etc.
To fix:
But yea, this is just one way. I am sure there are many other methods as well.