-
You MUST read the Babiato Rules before making your first post otherwise you may get permanent warning points or a permanent Ban.
Our resources on Babiato Forum are CLEAN and SAFE. So you can use them for development and testing purposes. If your are on Windows and have an antivirus that alerts you about a possible infection: Know it's a false positive because all scripts are double checked by our experts. We advise you to add Babiato to trusted sites/sources or disable your antivirus momentarily while downloading a resource. "Enjoy your presence on Babiato"
what do you think about this code?
- Thread starter blackhole
- Start date
Yes, it can. It can also change your server login. You need to delete that code from your hosting.
I'm confused about how he entered the file to my server, because it didn't exist before, is there any code that can enter the file
Code:
<table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
<tr><td>Current Path :
<form enctype="multipart/form-data" method="POST">
Upload File : <input type="file" name="file" />
<input type="submit" value="upload" />
</form>
</td></tr>these are some parts. so it lets you select the directories. then lets you upload the files too
it can also read the files too.
Code:
htmlspecialchars(file_get_contents($_GET[base64_decode('ZmlsZXNyYw==')
Indeed is a backdoor shell. One of the most uninspired I have seen but it does pass most of detection.
If you had that file on the server then you surely have something vulnerable on your server that allows upload/file create
See what scripts/plugins/theme you are using and check against vulnerability database.
Update what is needed to be update
Edit: when I say most uninspired I refer at the coding style. It does get detected by basic file shell scanners
If you had that file on the server then you surely have something vulnerable on your server that allows upload/file create
See what scripts/plugins/theme you are using and check against vulnerability database.
Update what is needed to be update
Edit: when I say most uninspired I refer at the coding style. It does get detected by basic file shell scanners
Last edited:
One of your themes/plugins was probably exploited to allow remote code execution or used SQL injection. They used that exploit to upload the shell to your server. Once you get a shell hosted on your server, you're already done. Change all passwords, remove all files you cannot recognize.
This happened to me because I didn't update the theme soon enough because the old theme version had a RCE vulnerability. Luckily my hoster blocked the shell from being uploaded.
Maybe you can give a Babiato member you trust, with your login credentials and they could help clean your server of the files.
This happened to me because I didn't update the theme soon enough because the old theme version had a RCE vulnerability. Luckily my hoster blocked the shell from being uploaded.
Maybe you can give a Babiato member you trust, with your login credentials and they could help clean your server of the files.
I tried uploading a file, and it didn't happen, this means is the root server safe?
Just remove it and search for similar files
Also you might want to dig into your access log and see when and how this file was added to your server
Starting from there you might see what else was added
That's why I said to dig into your access log and see what was executed at the moment of file creation. That file have a timestamp received at the moment of upload. Compare that to your access log
Sometimes They Write the script for clearing the logs too. Do they have writter such thing? If not then it can be traced what actually files were changes and modified or executed.
Similar threads
