sharing small pieces of rocks or jewels I find on the way

Archive for September, 2011

PHP Vulnerability

One of my sites were being hacked. I wanted to check why this was happening and how. So, I added a logger to see who is posting what to hack the site. There I came across a interesting thing, somebody is posting

 [php]eval(base64_decode(\'ZWNobyAidj...==\'));die();[/php]

If I use some $_POST to create a string or anything, this will be executed. Here is a interesting article to solve this problem

http://php-security.org/2010/05/19/mops-2010-035-e107-bbcode-remote-php-code-execution-vulnerability/index.html

Now, problem is, I’m not going to check it in every $_POST by that, it’s a old project and I don’t have a budget to do something like that. So, I’m planning to do a check in the common include file for all the $_POST for existence of ‘base64_decode(‘ and ‘eval(‘ – if found, stop it there, notify me about the attack. If for that I lose some authentic post, I guess that would be fine.