Re: [PHP] Re: Hack question

Date: Fri, 18 Apr 2008 15:11:18 -0400
From: "Eric Butera" <eric.butera@xxxxxxxxx>
Subject: Re: [PHP] Re: Hack question

On Fri, Apr 18, 2008 at 2:59 PM, Jim Lucas <lists@xxxxxxxxx> wrote:
>  in the example code above that is injected into the top of the php scripts,
> the eval is evaluating the code that is read from the temp file, the temp
> file is never moved or renamed.  There for it will be removed when the
> script is done.


Looking at the first post:

On Wed, Apr 16, 2008 at 12:13 PM, Al <news@xxxxxxxxxxxxx> wrote:
> The hack places this file in
> numerous dirs on the site, I assume using a php script because the owner is
> "nobody".

>From my understanding this means a stand-alone file is written out by
a compromised means.  If something else has been said I missed it
along the way! :)

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Follow-Ups:
- Re: [PHP] Re: Hack question
  - From: Jim Lucas

References:
- [PHP] Hack question
  - From: Al
- [PHP] Re: Hack question
  - From: Al
- Re: [PHP] Re: Hack question
  - From: Eric Butera
- Re: [PHP] Re: Hack question
  - From: Jim Lucas
- Re: [PHP] Re: Hack question
  - From: Eric Butera
- Re: [PHP] Re: Hack question
  - From: Jim Lucas

Prev by Date: Re: [PHP] PHP5 and the DOM model
Next by Date: Re: [PHP] PHP5 and the DOM model
Previous by thread: Re: [PHP] Re: Hack question
Next by thread: Re: [PHP] Re: Hack question
Index(es):
- Date
- Thread

lists-archives.org

Re: [PHP] Re: Hack question