Describe What A File Does

$10-30 USD

Cerrado

Publicado

hace casi 10 años

$10-30 USD

Pagado a la entrega

My site was hacked, one of the SQL tables was injected, and several MYSQL dumps were made and downloaded. The hacker appears to have done it with the attached file, which was uploaded to a directory with 777 permissions. I can pay $5 for it to be done. Can anyone tell me what the file allows the hacker to do (i.e. how was he able to inject into the database without credentials), and what I should check for other than looking at all modified files since the site was hacked, cleaning the database, and changing all directory permissions to 755? Also, how sophisticated was this hack? FILE HAS BEEN UPLOADED FOR YOUR REVIEW HERE: [login to view URL] WARNING: The file triggers my antivirus, although it is just a PHP file. View at your own risk, obviously. Besides describing what the file does, I need these questions answered: 1. Does that script allow the hacker to edit existing files 2. How does that script allow the hacker to access the mysql database without password/username 3. How does that script allow the hacker to download/edit the database without password/username 4. Is it a basic script anyone can get or a custom one

ID del proyecto: 6287820

Información sobre el proyecto

4 propuestas

Proyecto remoto

Activo hace 10 años

¿Buscas ganar dinero?

Dirección de email

Beneficios de presentar ofertas en Freelancer

Fija tu plazo y presupuesto

Cobra por tu trabajo

Describe tu propuesta

Es gratis registrarse y presentar ofertas en los trabajos

4 freelancers están ofertando un promedio de $26 USD por este trabajo

@devikagupta

hello sir, i can do your project.... please accept my bid so that i can start it... i m expert in this type of project... u can also see my portfolio... please sir accept my bid.. please hope u will do i m waiting for your response.. thank you.. :)

$24 USD en 0 día

4,9

(110 comentarios)

5,2

@gcStudioOrg

Hi, please don't pay attention to those messages below, they are all incorrect. First of all, it is not a shell script, it is a simply PHP script. You seems to have an in-secure uploader that he used to upload the php script, what it does is extract certain server php info such as disable functions, server paths, root folders etc.. He can basically include any file on your server within that file, so if there is a config file that stores sensitive data, he can simple include it. There are certain queryStrings within that file with different actions such as to list your DB table, scan dirs etc. There is also a form within that file that allows him to run php code by simply submit that form. All that is required is a secure uploader, you can turn off PHP & shell files for that folder. You can achieve that with a simply .htaccess rule or another option would be to move your upload folder below you server public root. That's all there is to your problem, feel free to message me. Best regards

$30 USD en 0 día