PHP Malware Analysis

Back to list

Tags

Execution
exec
Input
_POST

Deobfuscated code

<html>
<body>

<form method="post" action="<?php 
echo $_SERVER['PHP_SELF'];
?>">
  Name: <input type="text" name="fname">
  <input type="submit">
</form>

<?php 
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    // collect value of input field
    $command = $_POST['fname'];
    echo $command;
    // if (empty($command)) {
    //   echo "Name is empty";
    // } else {
    //   $output=null;
    //   $retval=null;
    //   exec($command, $output, $retval);
    //   print_r($output);
    // }
}
?>

</body>
</html>


Original code

<html>
<body>

<form method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
  Name: <input type="text" name="fname">
  <input type="submit">
</form>

<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
  // collect value of input field
  $command = $_POST['fname'];
  echo $command;
  // if (empty($command)) {
  //   echo "Name is empty";
  // } else {
  //   $output=null;
  //   $retval=null;
  //   exec($command, $output, $retval);
  //   print_r($output);
  // }
}
?>

</body>
</html>