EVERY C99 / C99.PHP SHELL IS BACKDOORED (A.K.A. FREE SHELLS FOR EVERYONE!)

简介: http://thehackerblog.com/every-c99-php-shell-is-backdoored-aka-free-shells/ Earlier I m...

http://thehackerblog.com/every-c99-php-shell-is-backdoored-aka-free-shells/

Earlier I made a post calling out the wrong people for backdooring the C99.php shell hosted on r57.gen.tr. They look to possibly be only exploiting an already existing vulnerability in the C99 shell. The truth is the C99 shell is just plain backdoored. I’d apologize but the JavaScript tracking on their distributed shells is still pretty sketchy so I have a feeling they are aware of the backdoor.

For those who missed it, the C99 shell has a backdoor due to a vulnerability in the use of theextract() command.

The vulnerable lines:

This line allows you to overwrite any variable using an array:

Which is weirdly right over this code:

Which means if we change our URL to:
http://127.0.0.1/c99.php?c99shcook[login]=0

We bypass all of that nasty authentication!

Selection_099

This can also be done via POST or via cookies for easier access.

If you intended on using the C99 shell for anything I’d recommend against it, or if you do, feel free to share the link.

For more fun, here is a list of C99 shell Google dorks: http://www.hackingsec.in/2012/04/google-dorks-find-backdoor-c99-find.html

(For those looking for a better shell, check out Weevely)

目录
相关文章
|
3月前
|
SQL 安全 JavaScript
在多用户环境中,如何确保 PHP Shell 的安全性?
在多用户环境中确保 PHP Shell 安全,需采取限制执行环境、禁用危险函数、使用安全模式、采用 `suPHP` 或 `PHP-FPM`、使用参数化查询、输入验证、转义命令、强化会话管理、合理配置错误处理、正确设置文件权限及定期更新等措施。这些策略有助于防范潜在的安全威胁。
|
6月前
|
SQL 安全 JavaScript
在多用户环境中,如何确保 PHP Shell 的安全性?
在多用户环境中,如何确保 PHP Shell 的安全性?
|
6月前
|
安全 Shell Linux
从命令行界面运行交互式PHP Shell
从命令行界面运行交互式PHP Shell
|
10月前
|
存储 缓存 Shell
【Shell 命令集合 系统管理 】⭐⭐⭐Linux 显示系统内存的使用情况 free命令 使用指南
【Shell 命令集合 系统管理 】⭐⭐⭐Linux 显示系统内存的使用情况 free命令 使用指南
150 0
|
前端开发 JavaScript 关系型数据库
宝塔设置PHP定时任务实战记录(定时任务、ajax异步刷新API、shell脚本、访问url)
宝塔设置PHP定时任务实战记录(定时任务、ajax异步刷新API、shell脚本、访问url)
890 0
|
Shell PHP Windows
php交互式命令行工具window操作系统安装readline扩展函数实现interactive mode enabled到Interactive Shell
php交互式命令行工具window操作系统安装readline扩展函数实现interactive mode enabled到Interactive Shell
124 0
|
Shell PHP
shell检查php项目是否存在语法错误
当检查一个PHP项目中是否存在语法错误时,我们可以使用Shell脚本来自动化这个过程。在本文中,我们将介绍两种方法来实现这个目标。
239 0
|
存储 缓存 应用服务中间件
Network & Shell & Operation & Automation Topic | Cloud computing (FREE)
云计算 Network & Shell & Operation & Automation 习题(试读)
138 0
QGS
|
Shell
(openEuler21.03-x86)yum安装php+apache—shell脚本
记(openEuler21.03-x86)yum安装php+apache—shell脚本
QGS
362 0
(openEuler21.03-x86)yum安装php+apache—shell脚本
QGS
|
应用服务中间件 Shell 网络安全
Centos7-x86 yum安装配置nginx解析php—shell脚本
记Centos7-x86 yum安装配置nginx解析php—shell脚本
QGS
271 0
Centos7-x86 yum安装配置nginx解析php—shell脚本

热门文章

最新文章