[SOLVED] Help from C99 shell Attack

pdent1 · September 25, 2009

I have user uploaded files on my server. Allowing videos photos and such. Yesterday I was banned from my hosting because of a hacking file. Once I recieved a copy of my files I noticed uploaded was a PHP.Backdoor It was labeled as Defacer.PHP.FLV. I have done alot of research and noticed it is always uploaded as .PHP.*** (jpg,mpg, and such) is there anyway to do a script to check if .PHP. is in the file and then end the upload to keep my site from being...well owned?

xcoderx · September 26, 2009

Block unwanted extensions being uploaded say like image.php.jpg or php.gif etc etc.

redarrow · September 26, 2009

Should never let users upload any think unless there a member of a web site.

apart from that, all you need to do is make sure the correct .ext is uploaded easy as that....

what file type there allowed only.........

<?php
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
?>

link

http://www.w3schools.com/PHP/php_file_upload.asp

you should off thort off this before any upload script goes live....

pdent1 · September 26, 2009

they were a member..anyway would

$file= "index.php.jpg"; 
$file2=".php";
$file3= str_replace("$file2", "", "$file");

work? How do I stop extensions such as .php.gif/jpg? or would that code be easier since it would remove .php altogether.

yes you are right redarrow I could make it where I have to confirm before being uploaded but with over 1000 uploads a day that'd be alot of work

redarrow · September 26, 2009

stupid code you just posted there.

you set the mime type don't you?

$_FILES["file"]["type"] == "image/jpeg"

You also use preg_match, not that stupid ness you have just posted bro.

there hack you again lol

PFMaBiSmAd · September 26, 2009

The C99 shell script is a php script.

It would normally be uploaded as a .php file and then it gets browsed to in order to execute it. It would only be possible to execute it on your server if the file extension that it was uploaded as was one that the server has been configured to parse as php code. Has your server been configured to parse .flv files as php or has any other extension besides .php been configured to be parsed as php?

I rather suspect that the .flv file you found was just one of the files containing the script and it may in fact not be the actual one what was used. Have you examined (searched) all the .php files for the c99 shell code?

PFMaBiSmAd · September 26, 2009

Is the following your actual code or code you think would work -

$file= "index.php.jpg"; 
$file2=".php";
$file3= str_replace("$file2", "", "$file");

And, no the above code would not have stopped a file named Defacer.PHP.FLV from being uploaded.

It would actually be best if you -

A) Found exactly where and how the script got placed onto the server and how it got executed, and

B) Posted your existing upload code as that would let someone find exactly how it was bypassed.

redarrow · September 26, 2009

Guessing no mime validation..

post you upload form please?

pdent1 · September 26, 2009

<?

include  'config/connection.php';

  	$user_id		=	$_SESSION['userid']; 
    $sucess			=	$_REQUEST['sucess']; 
   	$linkname		=	$_REQUEST['linkname']; 
   	$desc			=	$_REQUEST['desc'];   
    $category		=	$_REQUEST['category']; 

   if(isset($_REQUEST['Submit']))
   {
   $img1       =   $_FILES['imagefile']['name'];

    if($img1!='')

	{

	$uniq=uniqid($uniq);

	$img1=$uniq.$img1;

	$uploadfiles = $path.$img1;

	move_uploaded_file($_FILES['imagefile']['tmp_name'],$uploadfiles);
			}

	$video1      =   $_FILES['videofile']['name'];

    	if($video1!='')
			{

	$uniq1=uniqid($uniq1);

	$video1=$uniq1.$video1;

	$uploadfiles = $path1.$video1;

	move_uploaded_file($_FILES['videofile']['tmp_name'],$uploadfiles);


}


			$user_link=$Q("INSERT INTO `video_links` (`user`,`name`,`picture`,`video`,`desc`,`date`,`time`,`status`,`category`)

   			VALUES('$user_id','$linkname','$img1','$video1','$desc','$date','$time','1','$category')");

     		$sucess = 1;

		if($_SESSION['mod_rewrite']==1)
		{
			$page_name = $web_path."submit-user-video-1.html";
		}
		else
		{
			$page_name = $web_path."submit_video.php?sucess=1";
		}

		echo "<script>window.location='$page_name';</script>";


   				}


?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

function check()

{

if(document.form1.category.value=="")

{
	alert("Enter category");
	document.form1.category.focus();
	return false;
}

if(document.form1.linkname.value=="")

{
alert("Enter linkname");
document.form1.linkname.focus();
return false;
}

if(document.form1.imagefile.value=="")
{
alert("Enter imagefile");
document.form1.imagefile.focus();
return false;
}

if(document.form1.videofile.value=="")
{
alert("Enter videofile ");
document.form1.videofile.focus();
return false;
}

if(document.form1.desc.value=="")
{
alert("Enter Description ");
document.form1.desc.focus();
return false;
}

}

</script>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title><? echo $generalsettings['site_name'];?>-<? echo $generalsettings['title'];?></title>
<meta name="description" content="<? echo $generalsettings['description'];?>">
<meta name="keywords" content="<? echo $generalsettings['keyword'];?>" />
<link href="<? echo $pro_path; ?><? echo $theme_path; ?>css/style.css" rel="stylesheet" />
<link rel="stylesheet" href="tooltip/style.css" type="text/css">

</head>
<body class="Main" >
<table width="989" border="0" cellspacing="0" cellpadding="0" class="tablecontent" align="center">
  <tr>
    <td><table width="100%" border="0" cellspacing="0" cellpadding="0" class="tablecontent">
        <tr>
          <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/top bar.jpg" width="989" height="42"><table width="100%" border="0" cellspacing="0" cellpadding="0" class="tablecontent">
            <? include_once $pro_path."/header.php";?>
        <tr>
          <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/bg-middle.jpg" width="989" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0" class="tablecontent">
              <tr>
                <td width="20%" align="center" valign="top"><? include_once $pro_path."/left.php";?></td>
                <td valign="top" width="60%"><table width="100%" border="0" cellspacing="0" cellpadding="0" class="tablecontent">
  
  
   
     <tr>
            <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/tab_submit_videos.jpg" width="591" height="40" style="background-repeat:no-repeat"></td>
          </tr>
  <tr>
    <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/center-middle.jpg" width="591"  valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0">
   
    
      <tr>
        <td><form action="" method="post" enctype="multipart/form-data" name="form1" id="form1">
            <table width="100%" border="0" cellspacing="0" cellpadding="0">
             <tr><td height="5" colspan="2"></td></tr>
		 <tr>
                                        <td align="center" colspan="2"><table width="96%" border="0">
                                            <tr>
                                              <td align="center"  class="body_ads"><? $ads=$F($Q("select `index_page` from `ads` ")); ?>
                                                <? echo $ads['index_page']; ?></td>
                                            </tr>
                                          </table></td>
                                      </tr>
		<tr><td height="5" colspan="2"></td></tr>						  
		  <? if($sucess==1) { ?>
              <tr>
                <td align="center"  class="redtext" colspan="2"><? echo "Added Sucessfully...." ?></td>
              </tr>
              <? } ?>
              <tr>
                <td colspan="2"> </td>
              </tr>
              <tr>
                <td align="right" colspan="2"  class="main_title"><?
						    if($_SESSION['mod_rewrite']==1)
								{
									$page_name = $web_path."submit-user-link.html";
								}
								else
								{
									$page_name = $web_path."submit_userlink.php";
								}
						  ?>
                    <a href="<? echo $page_name?>"  class="toplink"> Add Porn Link </a>     </td>
              </tr>
              <tr>
                <td colspan="2"  class="main_title">   <strong>Submit Your Video Link Here</strong></td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td class="main_title" valign="top">   <strong>Select Category: </strong></td>
                <td valign="top" class=""><? 
 						 $qu="SELECT `id`,`name` FROM `video_category` WHERE `status` = '1'";
  						 $rs=$Q($qu);
 						 ?>
                    <select name="category" class="blacktext" >
                      <option>Choose Category</option>
                      <? 
						while($dis=$F($rs))
						{
						?>
                      <option value="<? echo $dis['id']?>"> <? echo $dis['name'];?></option>
                      <? } ?>
                  </select></td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td class="main_title" width="32%" valign="top">   <strong>Title : </strong></td>
                <td width="68%" valign="top" class=""><input name="linkname" type="text" size="40" />
                </td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td class="main_title" valign="top">   <strong>Upload Image: </strong></td>
                <td valign="top" class=""><input type="file" name="imagefile" />
                </td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td class="main_title" valign="top">   <strong>Upload Video: </strong></td>
                <td valign="top" class=""><input type="file" name="videofile" />
                </td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td class="main_title" valign="top">   <strong>Description:</strong></td>
                <td valign="top"><label>
                  <textarea name="desc" cols="40" rows="10"></textarea>
                </label></td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td colspan="2" align="center" valign="top" class=""><input type="submit" name="Submit" value="Submit" class="btns"  onclick="javascript:return check();" /></td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
            </table>
        </form></td>
      </tr>
      <tr>
        <td> </td>
      </tr>
    </table></td>
  </tr>
  <tr>
    <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/center-bottom.jpg" width="592" height="27" style="background-repeat:no-repeat"></td>
  </tr>
</table>
 </td>
                <td width="20%" align="center" valign="top"><? include_once "$pro_path/right.php";?></td>
              </tr>
            </table></td>
        </tr>
        <tr>
          <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/bg-bottom.jpg" width="989" height="14"></td>
        </tr>
      </table></td>
  </tr>
<? include_once "$pro_path/footer.php";?>
</table></td></tr></table>
</body>
</html>

redarrow · September 26, 2009

Where $_FILES['imagefile']['type ']; please?

as stated before and link provided

<?php

if ((($_FILES["file"]["type"] == "image/gif")

|| ($_FILES["file"]["type"] == "image/jpeg")

|| ($_FILES["file"]["type"] == "image/pjpeg"))

?>

you got to tell the code what type is allowed to be posted only......

pdent1 · September 26, 2009

do what? SO i guess

before

$img1 = $_FILES['imagefile']['name'];

I would put

if ((($_FILES["file"]["type"] == "video/mpeg")

|| ($_FILES["file"]["type"] == "video/quicktime")

|| ($_FILES["file"]["type"] == "video/x-msvideo")){

$img1 = $_FILES['imagefile']['name'];

}else{

echo "Please submit a valid video format";

}

and so on...?

Couldn't this still accept a .php.flv file since it would read it as a .flv?

also PFMaBiSmAd The file could still be uploaded but if it was not .php.flv and it was just .flv it would have not been ran as a .php page it would have opened a video box and just errored. I have a copy of the backdoor that was ran and have been testing by uploading it to the server to see if I could run it before someone else does.

redarrow · September 26, 2009

What i can see from what i have read, is that .flv is a flash file for flash video's, but the mime type is not the same as a normal .swf file, so i guess php does not see it as a .ext when added to a .php file example redarrow.php.flv, the ,flv not seen, unless of course set in the php.ini.

don't no if i am wright according to that and a guess your be ok now.

Your example is correct,just add it to your current script, and try and upload a file you suspect to be specious with the .php.flv ext.....

see what happens?

pdent1 · September 26, 2009

$file= "index.php.jpg";

$file2=".php";

$file3= str_replace("$file2", "", "$file");

is correct?

redarrow · September 26, 2009

No you need to add the mime types, that are allowed to be inserted to a folder that it.

here a list of mime types you can add or not add pick the ones that you need, that users can only upload ok.

http://www.webmaster-toolkit.com/mime-types.shtml

pdent1 · September 26, 2009

so use

f ((($_FILES["file"]["type"] == "video/mpeg")
|| ($_FILES["file"]["type"] == "video/quicktime")
|| ($_FILES["file"]["type"] == "video/x-msvideo")){

   $img1       =   $_FILES['imagefile']['name'];
}else{
echo "Please submit a valid video format";
}

but do every video/ type correct? just making sure I get it right this time :shrug:

redarrow · September 26, 2009

just use the link i provided and add the mime types that you need and no others will enter to the folder ok.

you need also to investigate your own faults, that how you learn, once you create the new feature to protect your uploads, keep testing it, till your happy then go live.....

pdent1 · September 26, 2009

<?

include  'config/connection.php';

  	$user_id		=	$_SESSION['userid']; 
    $sucess			=	$_REQUEST['sucess']; 
   	$linkname		=	$_REQUEST['linkname']; 
   	$desc			=	$_REQUEST['desc'];   
    $category		=	$_REQUEST['category']; 

   if(isset($_REQUEST['Submit']))
   {

if ($_FILES['imagefile']['type'] == "image/bmp"
|| $_FILES['imagefile']['type'] == "image/gif"
|| $_FILES['imagefile']['type'] == "image/jpeg"
|| $_FILES['imagefile']['type'] == "image/pjpeg"
|| $_FILES['imagefile']['type'] == "image/png"
|| $_FILES['imagefile']['type'] == "image/tiff"
|| $_FILES['imagefile']['type'] == "image/x-tiff"
|| $_FILES['imagefile']['type'] == "image/x-windows-bmp"){

   $img1       =   $_FILES['imagefile']['name'];
$ok = '0';
}else{
$ok = '1';
$img1 = '';
}

   $img1       =   $_FILES['imagefile']['name'];

    if($img1!='')

	{

	$uniq=uniqid($uniq);

	$img1=$uniq.$img1;

	$uploadfiles = $path.$img1;

	move_uploaded_file($_FILES['imagefile']['tmp_name'],$uploadfiles);
			}

if ($_FILES['videofile']['type'] == "video/mpeg"
|| $_FILES['videofile']['type'] == "video/quicktime"
|| $_FILES['videofile']['type'] == "video/x-msvideo"
|| $_FILES['videofile']['type'] == "video/avi"
|| $_FILES['videofile']['type'] == "video/mpeg"
|| $_FILES['videofile']['type'] == "video/msvideo"
|| $_FILES['videofile']['type'] == "video/quicktime"
|| $_FILES['videofile']['type'] == "video/quicktime"
|| $_FILES['videofile']['type'] == "video/x-mpeg"
|| $_FILES['videofile']['type'] == "video/x-ms-asf"
|| $_FILES['videofile']['type'] == "video/x-ms-asf-plugin"
|| $_FILES['videofile']['type'] == "video/x-msvideo"){


   $video1       =   $_FILES['videofile']['name'];
$ok1 = '0';

}else{
$video1 = '';
$ok1 = '1';
echo "You may only upload files in video format.";
}


    	if($video1!='')
			{

	$uniq1=uniqid($uniq1);

	$video1=$uniq1.$video1;

	$uploadfiles = $path1.$video1;

	move_uploaded_file($_FILES['videofile']['tmp_name'],$uploadfiles);


}




IF ($ok == '1' || $ok1 == '1'){
$sucess = 2;
		if($_SESSION['mod_rewrite']==1)
		{
			$page_name = $web_path."submit-user-video-1.html";
		}
		else
		{
			$page_name = $web_path."submit_video.php?sucess=2";
		}
}else{

			$user_link=$Q("INSERT INTO `video_links` (`user`,`name`,`picture`,`video`,`desc`,`date`,`time`,`status`,`category`)

   			VALUES('$user_id','$linkname','$img1','$video1','$desc','$date','$time','1','$category')");


     		$sucess = 1;

		if($_SESSION['mod_rewrite']==1)
		{
			$page_name = $web_path."submit-user-video-1.html";
		}
		else
		{
			$page_name = $web_path."submit_video.php?sucess=1";
		}

}
		echo "<script>window.location='$page_name';</script>";


   				}


?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

function check()

{

if(document.form1.category.value=="")

{
	alert("Enter category");
	document.form1.category.focus();
	return false;
}

if(document.form1.linkname.value=="")

{
alert("Enter linkname");
document.form1.linkname.focus();
return false;
}

if(document.form1.imagefile.value=="")
{
alert("Enter imagefile");
document.form1.imagefile.focus();
return false;
}

if(document.form1.videofile.value=="")
{
alert("Enter videofile ");
document.form1.videofile.focus();
return false;
}

if(document.form1.desc.value=="")
{
alert("Enter Description ");
document.form1.desc.focus();
return false;
}

}

</script>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title><? echo $generalsettings['site_name'];?>-<? echo $generalsettings['title'];?></title>
<meta name="description" content="<? echo $generalsettings['description'];?>">
<meta name="keywords" content="<? echo $generalsettings['keyword'];?>" />
<link href="<? echo $pro_path; ?><? echo $theme_path; ?>css/style.css" rel="stylesheet" />
<link rel="stylesheet" href="tooltip/style.css" type="text/css">

</head>
<body class="Main" >
<table width="989" border="0" cellspacing="0" cellpadding="0" class="tablecontent" align="center">
  <tr>
    <td><table width="100%" border="0" cellspacing="0" cellpadding="0" class="tablecontent">
        <tr>
          <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/top bar.jpg" width="989" height="42"><table width="100%" border="0" cellspacing="0" cellpadding="0" class="tablecontent">
            <? include_once $pro_path."/header.php";?>
        <tr>
          <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/bg-middle.jpg" width="989" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0" class="tablecontent">
              <tr>
                <td width="20%" align="center" valign="top"><? include_once $pro_path."/left.php";?></td>
                <td valign="top" width="60%"><table width="100%" border="0" cellspacing="0" cellpadding="0" class="tablecontent">
  
  
   
     <tr>
            <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/tab_submit_videos.jpg" width="591" height="40" style="background-repeat:no-repeat"></td>
          </tr>
  <tr>
    <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/center-middle.jpg" width="591"  valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0">
   
    
      <tr>
        <td><form action="" method="post" enctype="multipart/form-data" name="form1" id="form1">
            <table width="100%" border="0" cellspacing="0" cellpadding="0">
             <tr><td height="5" colspan="2"></td></tr>
		 <tr>
                                        <td align="center" colspan="2"><table width="96%" border="0">
                                            <tr>
                                              <td align="center"  class="body_ads"><? $ads=$F($Q("select `index_page` from `ads` ")); ?>
                                                <? echo $ads['index_page']; ?></td>
                                            </tr>
                                          </table></td>
                                      </tr>
		<tr><td height="5" colspan="2"></td></tr>

  <? if($sucess==2) { ?>
              <tr>
                <td align="center"  class="redtext" colspan="2"><? echo "Incorrect Video or Image Format...." ?></td>
              </tr>

              <? } ?>
		  <? if($sucess==1) { ?>
              <tr>
                <td align="center"  class="redtext" colspan="2"><? echo "Added Sucessfully...." ?></td>
              </tr>
              <? } ?>
              <tr>
                <td colspan="2"> </td>
              </tr>
              <tr>
                <td align="right" colspan="2"  class="main_title"><?
						    if($_SESSION['mod_rewrite']==1)
								{
									$page_name = $web_path."submit-user-link.html";
								}
								else
								{
									$page_name = $web_path."submit_userlink.php";
								}
						  ?>
                    <a href="<? echo $page_name?>"  class="toplink"> Add Porn Link </a>     </td>
              </tr>
              <tr>
                <td colspan="2"  class="main_title">   <strong>Submit Your Video Link Here</strong></td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td class="main_title" valign="top">   <strong>Select Category: </strong></td>
                <td valign="top" class=""><? 
 						 $qu="SELECT `id`,`name` FROM `video_category` WHERE `status` = '1'";
  						 $rs=$Q($qu);
 						 ?>
                    <select name="category" class="blacktext" >
                      <option>Choose Category</option>
                      <? 
						while($dis=$F($rs))
						{
						?>
                      <option value="<? echo $dis['id']?>"> <? echo $dis['name'];?></option>
                      <? } ?>
                  </select></td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td class="main_title" width="32%" valign="top">   <strong>Title : </strong></td>
                <td width="68%" valign="top" class=""><input name="linkname" type="text" size="40" />
                </td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td class="main_title" valign="top">   <strong>Upload Image: </strong></td>
                <td valign="top" class=""><input type="file" name="imagefile" />
                </td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td class="main_title" valign="top">   <strong>Upload Video: </strong></td>
                <td valign="top" class=""><input type="file" name="videofile" />
                </td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td class="main_title" valign="top">   <strong>Description:</strong></td>
                <td valign="top"><label>
                  <textarea name="desc" cols="40" rows="10"></textarea>
                </label></td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
              <tr>
                <td colspan="2" align="center" valign="top" class=""><input type="submit" name="Submit" value="Submit" class="btns"  onclick="javascript:return check();" /></td>
              </tr>
              <tr>
                <td colspan="2" valign="top" class=""> </td>
              </tr>
            </table>
        </form></td>
      </tr>
      <tr>
        <td> </td>
      </tr>
    </table></td>
  </tr>
  <tr>
    <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/center-bottom.jpg" width="592" height="27" style="background-repeat:no-repeat"></td>
  </tr>
</table>
</td>
                <td width="20%" align="center" valign="top"><? include_once "$pro_path/right.php";?></td>
              </tr>
            </table></td>
        </tr>
        <tr>
          <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/bg-bottom.jpg" width="989" height="14"></td>
        </tr>
      </table></td>
  </tr>
<? include_once "$pro_path/footer.php";?>
</table></td></tr></table>
</body>
</html>

wow i see tons of errors now let me update and i will edit again

pdent1 · September 26, 2009

got it just had to add more mimes Thank you all! .php.wmv .php.flv everything is redirected and not uploaded. Everything else is uploaded. redarrow thanks for all your help and stickin with me.

PFMaBiSmAd · September 26, 2009

I just tested this using Apache 2.2.x under Windows. When Apache is configured to parse .php files, a file such as Defacer.PHP.FLV will be parsed as php. Apparently the web server only looks at the file name up to the first extension it finds.

This certainly does explain the great number of web sites that are being easily taken over. Another reason to only store uploaded files in a folder that is not accessible through a http request.

MadTechie · September 26, 2009

Echo

Another reason to only store uploaded files in a folder that is not accessible through a http request.

or use *nix

Just a quick question, what if you added

$img1 = str_ireplace('.php', '', $img1);

PFMaBiSmAd · September 26, 2009

I'll bet that the OP is using *nix and that is it is an Apache issue.

pdent1 · September 26, 2009

i said to use that copy mad techie at page one anyways the mime code does seem to work it checks the file type...but to be one the safe side I am thinking doing the str_replace on .php just so I KNOW it won't happen, and ya PFMaB I googled the header to the 'backdoor hack' that was on my site and came up with hundreds of finds of hacked sites. Most were using JOOMLA(I believe that's what it is called) or that's what they were blaming it on. I hosted adult movies he just uploaded it as a movie can also be uploaded as a picture, mp3, flash or anything else that shows directly to your website as a php script you host. http://www.google.com/search?q=Rajoul_mok+was+here&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Daniel0 · September 26, 2009

I'll bet that the OP is using *nix and that is it is an Apache issue.

It doesn't happen on Apache 2.2.9 on Debian.

root@daniel0:/var/www/daniel0.net/htdocs# cat test.php.flv
<?php
echo 'hello world . ' . $_SERVER['REMOTE_ADDR'];

http://daniel0.net/test.php.flv doesn't execute anything.

MadTechie · September 26, 2009

Personally I believe anything that gets uploaded be handled with care!, so outside the public is the best option but if that's not possible then just turn the PHP Engine off if your upload folder.

IE

<Directory "/var/www/html/uploads">
php_admin_flag engine off
</Directory>

always rename the file when possible and re-create the image if possible,

(this in-fact reduces it's size thus for a small amount of one off resource, you save bandwidth and space)

The fact is this exploit has been out for years, but people still don't take care,

pdent1 · September 26, 2009

i would put

php_admin_flag engine off

</Directory>

in my .htaccess in lets say public_html/site.com/.htaccess corrrect?

Sign In

[SOLVED] Help from C99 shell Attack

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information