homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

warning: poorly written php exploit
reminder to always protect your code

10+ Year Member

Msg#: 3888 posted 11:18 pm on May 23, 2004 (gmt 0)

A new site of mine has been hit repeatedly with the request:


My file "email.php" was designed to read a URL from my website (defined in var 'page') and send it to a requested email address. This hack attempts to fool my site into reading remotely the following code:

<modnote - code removed>

It's too early for me to understand exactly what this code does. Perhaps someone can shed some light on the topic?

While I'm a paranoid coder and this exploit does not work on my site (I check all 'page' variables to ensure they actually exist as a page on my site), a little research shows that other webmasters have been hit with similar hacks that have brought networks to a halt. Again, it has targeted php pages that read local files via the query string (think about all those index.php?include=mypage.php content system designs...)

Just a warning to those using QS file references. Escape variables, check that files exist on your servers, etc.

You can never be too paranoid!

[edited by: jatar_k at 2:24 am (utc) on May 24, 2004]



10+ Year Member

Msg#: 3888 posted 12:44 am on May 24, 2004 (gmt 0)

this is a script to allow command execusion on the server. my suggestion, if you have not already done so, is to modify the code slightly so others wont use it.


WebmasterWorld Administrator jatar_k us a WebmasterWorld Top Contributor of All Time 10+ Year Member

Msg#: 3888 posted 2:27 am on May 24, 2004 (gmt 0)

that code, which we will not post again ;), is specific to My_eGallery for PHPNuke.

the information about it can be found here
Security issues in My_eGallery for PHPNuke [lottasophie.sourceforge.net]

phpnuke has had numerous problems and as mentioned in that article

I do not intend to maintain My_eGallery for PHPNuke

but it would seem that My_eGallery has been fixed.

there is also a mention here

Let this serve as a reminder to always patch code, be careful of what packages you install on your server/site and always take all necessary precautions when coding.


10+ Year Member

Msg#: 3888 posted 2:55 am on May 24, 2004 (gmt 0)

You're right, I later saw the code reproduced in reference to the 'My_eGallery' problem. Apologies for reproducing it here!

While it affects My_eGallery, I believe it has the potential to exploit any site that reads URL's via the QS. I suspect this is why my site was targeted (I do not run My_eGallery, nor use any unofficial php applications / packages).

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved