Backdoors in Web Applications

General technological topics without their own forum go here

Backdoors in Web Applications

Post by thedotmaster on Sat Dec 19, 2009 1:04 pm
([msg=31599]see Backdoors in Web Applications[/msg])

Anyone can download a backdoor and most can write a backdoor in PHP or whatever, in fact, here are two simple one-liners in PHP:
Code: Select all
eval($_GET['foo']);
system($_GET['cmd']);


I'm writing an application that scans for malicious code in web apps (PHP, ASP, etc) and it'd be awesome if people could contribute any little backdoor snippets they can think of.
I've already added code that detects these:
http://www.darknet.org.uk/2007/03/a-col ... -backdoor/
and a few other PHP snippets.

All code will be open-sourced when I'm finished.

So then, your backdoors please!
Image
User avatar
thedotmaster
Contributor
Contributor
 
Posts: 984
Joined: Sun May 04, 2008 4:39 pm
Location: North West UK
Blog: View Blog (1)


Re: Backdoors in Web Applications

Post by yourmysin on Sat Dec 19, 2009 2:45 pm
([msg=31603]see Re: Backdoors in Web Applications[/msg])

Don't forget about popen, passthru and backticks (If PHP is configured for command execution)-

For instance, will display all contents in the directory

Code: Select all

<?php
   echo 
`ls -a`;
?>
A+, Network+, MCTS(70-620), Security+, CCNA
yourmysin
Experienced User
Experienced User
 
Posts: 83
Joined: Mon Apr 21, 2008 9:02 pm
Location: Newport, Maine, USA
Blog: View Blog (0)



Return to General

Who is online

Users browsing this forum: No registered users and 0 guests