Comments on: Anatomy of a blog hack

By: Mark

Mark — Tue, 24 Nov 2009 17:56:21 +0000

This allows the person who has the password embedded in this file to upload any file they want.

By: garethdp

garethdp — Tue, 24 Nov 2009 16:05:18 +0000

The PHP code shown is used to handle a file upload to the server through an html form.

The attacking server mimics a form submission to the PHP code shown, and it tests to see if the file is successfully uploaded. If the test is successful the attacking server can then send down more files

By: Errant

Errant — Tue, 24 Nov 2009 15:04:55 +0000

The code does 2 things (just do you know).

It requires the password the hacker set up to be posted; along with a file - one assumes PHP or Html script.

Then it will either (depending on the options chosen) save the file to the server. Or execute code in the file (using eval()).

The it prints a success / fail.

From the looks of things it looks tailored for use of some sort of bot - because the save_ok/fail/ok text that gets printed is MD5 hashed.

By: Mark

Mark — Tue, 24 Nov 2009 10:56:21 +0000

This allows the person who has the password embedded in this file to upload any file they want.

By: garethdp

garethdp — Tue, 24 Nov 2009 09:05:18 +0000

The PHP code shown is used to handle a file upload to the server through an html form.

By: Errant

Errant — Tue, 24 Nov 2009 08:04:55 +0000