Describe What A File Does

$10-30 USD

Đã đóng

Đã đăng vào

gần 10 năm trước

$10-30 USD

Thanh toán khi bàn giao

My site was hacked, one of the SQL tables was injected, and several MYSQL dumps were made and downloaded. The hacker appears to have done it with the attached file, which was uploaded to a directory with 777 permissions. I can pay $5 for it to be done. Can anyone tell me what the file allows the hacker to do (i.e. how was he able to inject into the database without credentials), and what I should check for other than looking at all modified files since the site was hacked, cleaning the database, and changing all directory permissions to 755? Also, how sophisticated was this hack? FILE HAS BEEN UPLOADED FOR YOUR REVIEW HERE: [login to view URL] WARNING: The file triggers my antivirus, although it is just a PHP file. View at your own risk, obviously. Besides describing what the file does, I need these questions answered: 1. Does that script allow the hacker to edit existing files 2. How does that script allow the hacker to access the mysql database without password/username 3. How does that script allow the hacker to download/edit the database without password/username 4. Is it a basic script anyone can get or a custom one

Mã dự án: 6287820

Về dự án

4 đề xuất

Dự án từ xa

Hoạt động 10 năm trước

Bạn muốn kiếm tiền?

Địa chỉ email

Lợi ích khi chào giá trên Freelancer

Thiết lập ngân sách và thời gian

Nhận thanh toán cho công việc

Phác thảo đề xuất của bạn

Miễn phí đăng ký và cháo giá cho công việc

4 freelancer chào giá trung bình $26 USD cho công việc này

@devikagupta

hello sir, i can do your project.... please accept my bid so that i can start it... i m expert in this type of project... u can also see my portfolio... please sir accept my bid.. please hope u will do i m waiting for your response.. thank you.. :)

$24 USD trong 0 ngày

4,9

(110 nhận xét)

5,2

@gcStudioOrg

Hi, please don't pay attention to those messages below, they are all incorrect. First of all, it is not a shell script, it is a simply PHP script. You seems to have an in-secure uploader that he used to upload the php script, what it does is extract certain server php info such as disable functions, server paths, root folders etc.. He can basically include any file on your server within that file, so if there is a config file that stores sensitive data, he can simple include it. There are certain queryStrings within that file with different actions such as to list your DB table, scan dirs etc. There is also a form within that file that allows him to run php code by simply submit that form. All that is required is a secure uploader, you can turn off PHP & shell files for that folder. You can achieve that with a simply .htaccess rule or another option would be to move your upload folder below you server public root. That's all there is to your problem, feel free to message me. Best regards

$30 USD trong 0 ngày