Member Avatar for forzadraco

target.php:

xas xjahs dajdh ajdhjas da d xxxx na dh ada hd

main.php:

<?php
// removal malicious script by forzadraco

$filename="target.php";

$existfile=@fopen($filename,"w");

if($existfile){
echo "file berhasil dibaca \n\n";
}else{
echo "file gagal dibaca \n\n";
}


if( false == ($str=file_get_contents( $filename )))
echo "Could not read file.";
else
echo "File contents: ".htmlspecialchars($str);

$hsl=preg_replace("/xxxx/i","draco",$str);

echo "<hr />".htmlspecialchars($hsl);

fwrite($existfile,$hsl);
fclose($existfile);

?>

why is not work ? and why target.php become empty file..?

thanks

Edited by mike_2000_17 because: Fixed formatting
  • 3 Contributors
  • 2 Replies
  • 163 Views
  • 6 Hours Discussion Span
  • Latest Post Latest Post by cwarn23

Recommended Answers

All 2 Replies

Member Avatar for nav33n 
<?php
// removal malicious script by forzadraco

$filename="target.php";

$existfile=fopen($filename,"a+");

if($existfile){
echo "file berhasil dibaca \n\n";
}else{
echo "file gagal dibaca \n\n";
}


if( false == ($str=file_get_contents( $filename )))
echo "Could not read file.";
else
echo "File contents: ".htmlspecialchars($str);

$hsl=preg_replace("/xxxx/i","draco",$str);

echo "<hr />".htmlspecialchars($hsl);

fwrite($existfile,$hsl);
fclose($existfile);

?>

Check "mode" http://in2.php.net/manual/en/function.fopen.php . Mode "w" : Open for writing only; place the file pointer at the beginning of the file and truncate the file to zero length. If the file does not exist, attempt to create it.

Member Avatar for cwarn23

I have read the script and if you are using php5 then the following might be better with the functions file_get_contents and file_put_contents.

<?php
// removal malicious script by forzadraco

$filename="target.php";

$existfile=file_get_contents($filename);

if($existfile){
echo "file berhasil dibaca \n\n";
}else{
echo "file gagal dibaca \n\n";
}


if( false == ($str=file_get_contents( $filename ))) {
echo "Could not read file.";
} else {
echo "File contents: ".htmlspecialchars($str);
}

$hsl=preg_replace("/xxxx/i","draco",$str);

echo "<hr />".htmlspecialchars($hsl);

file_put_contents($hsl,$existfile);

?>

Note: It's good to see you made an attempt at adding the opening code tags but next time try to add the closing code tags too.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.