php Hackers? - PHP Server Side Scripting forum at WebmasterWorld - WebmasterWorld

Forum Moderators: coopster

Message Too Old, No Replies

php Hackers?

Can this script be abused?

RustyCT

6:47 pm on Dec 8, 2003 (gmt 0)

10+ Year Member

I have installed a php script named maianuploader by David Ian Bennett of www.maiandream.co.uk on several of my sites. I contacted him with my question and he referred me here.

This weekend a hacker was trying to use this script on my site for some
purpose which I do not know. Can you tell me if there is anything that
a hacker could do to get information about my server or get into areas
they don't belong by using this script to upload their files to. The
files they uploaded and subsequently deleted were: del.php, del.phtml,
x.php, x2.php, x.phtml, check.php, check2.php, check3.php, check4.php, mick.php, editor.php, hmm.php, blah.php, bah.php, vunerability.php, and vunerable.php.

I realize that anyone would have no way of knowing what code these files
contained, but maybe the names will give an idea of the hackers
intent. Can php files uploaded through a script be executed to do
damage? Are there any safeguards I can take to prevent them from doing
harm. So far I don't see that anything has been tampered with except
possibly my webalizer files which seem to have been altered.

Thanks for any help someone can offer me on this issue.

Russ

jatar_k

7:06 pm on Dec 8, 2003 (gmt 0)

WebmasterWorld Administrator

10+ Year Member

Welcome to WebmasterWorld RustyCT,

Did the script delete and log them on it's own or did it actually upload them and move them into a directory?

Essentially if the script allowed those files to be uploaded and moved them into a directory where they were publically accessible then the person who uploaded them could call them in a browser and have them execute whatever code is in them.

RustyCT

7:57 pm on Dec 8, 2003 (gmt 0)

10+ Year Member

The script allows uploads and shows a path by which files can be accessed through a browser. The uploads folder is chmod 755.

I looked for any new folders/files on the server do do not see anything with modified dates after the uploads were made.

RustyCT

9:40 pm on Dec 8, 2003 (gmt 0)

10+ Year Member

The script allows for uploading and gives a file location that can be accessed by a browser. The upload folder is chmod 755. Can browser executed php files do anything outside of the folder hierarchy that they are loaded into?

NickCoons

12:28 am on Dec 9, 2003 (gmt 0)

10+ Year Member

They can do anything that the user running the webserver process has access to do. For instance, if your webserver is running as user "www", then the scripts that the user uploaded can do anything that the user "www" has access to do.

IanKelley

8:07 am on Dec 9, 2003 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

Lol... from what you've said the script you're running is so vunerable that exploiting it shouldn't even be called hacking. It would more accurately be called using the built in features of the script :-)

On the majority of Apache/PHP installations any uploaded file is going to have access to all of public_html at the least and very likely all of your home directory.