Describe What A File Does

$10-30 USD

Ditutup

Disiarkan

hampir 10 tahun yang lalu

$10-30 USD

Dibayar semasa penghantaran

My site was hacked, one of the SQL tables was injected, and several MYSQL dumps were made and downloaded. The hacker appears to have done it with the attached file, which was uploaded to a directory with 777 permissions. I can pay $5 for it to be done. Can anyone tell me what the file allows the hacker to do (i.e. how was he able to inject into the database without credentials), and what I should check for other than looking at all modified files since the site was hacked, cleaning the database, and changing all directory permissions to 755? Also, how sophisticated was this hack? FILE HAS BEEN UPLOADED FOR YOUR REVIEW HERE: [login to view URL] WARNING: The file triggers my antivirus, although it is just a PHP file. View at your own risk, obviously. Besides describing what the file does, I need these questions answered: 1. Does that script allow the hacker to edit existing files 2. How does that script allow the hacker to access the mysql database without password/username 3. How does that script allow the hacker to download/edit the database without password/username 4. Is it a basic script anyone can get or a custom one

ID Projek: 6287820

Tentang projek

4 cadangan

Projek jarak jauh

Aktif 10 tahun yang lalu

Ingin menjana wang?

Alamat e-mel

Faedah membida di Freelancer

Tetapkan bajet dan garis masa anda

Dapatkan bayaran untuk kerja anda

Tuliskan cadangan anda

Ianya percuma untuk mendaftar dan membida pekerjaan

4 pekerja bebas membida secara purata $26 USD untuk pekerjaan ini

@devikagupta

hello sir, i can do your project.... please accept my bid so that i can start it... i m expert in this type of project... u can also see my portfolio... please sir accept my bid.. please hope u will do i m waiting for your response.. thank you.. :)

$24 USD dalam 0 hari

4.9

(110 ulasan)

5.2

@gcStudioOrg

Hi, please don't pay attention to those messages below, they are all incorrect. First of all, it is not a shell script, it is a simply PHP script. You seems to have an in-secure uploader that he used to upload the php script, what it does is extract certain server php info such as disable functions, server paths, root folders etc.. He can basically include any file on your server within that file, so if there is a config file that stores sensitive data, he can simple include it. There are certain queryStrings within that file with different actions such as to list your DB table, scan dirs etc. There is also a form within that file that allows him to run php code by simply submit that form. All that is required is a secure uploader, you can turn off PHP & shell files for that folder. You can achieve that with a simply .htaccess rule or another option would be to move your upload folder below you server public root. That's all there is to your problem, feel free to message me. Best regards

$30 USD dalam 0 hari