Thread: PHP Injection?!?! http://valueaffiliate.net/abp
View Single Post
Old 10-05-2011, 06:51 AM  
vdbucks
Monger Cash
 
Industry Role:
Join Date: Jul 2010
Posts: 2,773
Quote:
Originally Posted by deadmoon View Post
do a search for things like 'exec' or 'base64_decode'

ie
grep -r 'exec' ./
in ur root dir.

anything that has that and things like base64_decode() is often a hacked script. sometimes searching for file_get_contents or curl() will find stuff too. if it is all grouped together and not clear/tidy code make sure to give it a good look and work out what its doing.
xargs is faster ^^

for example... cd to blog root directory then

find . | xargs grep 'exec'
Last edited by vdbucks; 10-05-2011 at 06:52 AM..
vdbucks is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote