Script used to find vulnerable php files
Code:#!/bin/bash shellpattern=’r0nin|m0rtix|upl0ad|r57|c99|shellbot|phpshell|void\.ru|phpremoteview|directmail|bash_history|vulnscan|spymeta|raslan58′ for user in `/bin/ls /var/cpanel/users` do find /home/$user/public_html \( -name ‘*.php’ -o -name ‘*.cgi’ -o -name ‘*.inc’ \) -exec \ egrep -il “$shellpattern” {} \; done
Results 1 to 4 of 4
-
04-02-2016, 09:12 PM #1Registered User
- Join Date
- Oct 2015
- Location
- US
- Posts
- 176
Simple scrip to Find Vulnerable PHP files.
█ ServerPoint.com, hosting thousands of customers since 1998
█ Dedicated Server Hosting - Cloud VPS Hosting - Web Hosting
█ Las Vegas / Silicon Valley / Dallas / Ashburn / Amsterdam / Singapore
-
04-17-2016, 05:12 AM #2Member
- Join Date
- Apr 2016
- Posts
- 29
What does .inc stand for?
-
04-23-2016, 06:24 AM #3Registered User
- Join Date
- Oct 2015
- Location
- US
- Posts
- 176
.inc file can be seen in Drupal installations. Other extensions also can be added to the script.
Originally Posted by ServerHat
█ ServerPoint.com, hosting thousands of customers since 1998
█ Dedicated Server Hosting - Cloud VPS Hosting - Web Hosting
█ Las Vegas / Silicon Valley / Dallas / Ashburn / Amsterdam / Singapore
-
04-25-2016, 01:41 AM #4Registered User
- Join Date
- Dec 2014
- Posts
- 191
You may also add / run following piece of code, which will show potential backdoors:
grep -ir 'eval(' /home/username/public_html/*
as eval() is commonly used function by attackers, but sometimes it can also be "splitted" like this: <? eval/*somestring*/(... ?> so keep in mind this too.cPanel WordPress Hosting from €2.99 | Reseller Hosting from €9.99 | VPS Hosting from €7.99
Our customer reviews at Trustpilot
EURO-SPACE - Reliable Hosting Solutions Since 2007
Reply With Quote
Posting Permissions
|
Bookmarks