1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Holy S**T - Have I been Hacked or something

Discussion in 'BlackHat Lounge' started by wazzzup, Sep 18, 2008.

  1. wazzzup

    wazzzup Guest

    Ok I need a PHP expert to tell me WTF if this sile all about and what it does.

    It just appearded on 2 of my site ! I deleted it of corse !

    The file comes under the name of currency.php

    I have attached a txt version of the file.

    If someone is kind enough and give me some input it would be very very very appreciated !
     
  2. BlackBeret

    BlackBeret Regular Member

    Joined:
    Jul 12, 2008
    Messages:
    257
    Likes Received:
    61
    Location:
    Transexual, Transylvania
    There is no attachment in your post
     
  3. wazzzup

    wazzzup Guest

    Now I don't now much about php, but by the look of it, this script is taking over BIG $%?&* TIME !!

    Any expert here car to explain what this shit does !
     
  4. polymorphs

    polymorphs Newbie

    Joined:
    May 1, 2008
    Messages:
    43
    Likes Received:
    32
    The short answer is it would appear so.

    search for yayang.c0.uk and read the threads on the old guy scripts forums.
     
  5. bhnoobz

    bhnoobz BANNED BANNED

    Joined:
    Jul 26, 2008
    Messages:
    395
    Likes Received:
    107
    how about you upgrade all the CMS/blog/whatever shit you use on your sites.. I'm sure you're using some outdated script that has known injection vulnerabilities.
     
  6. BuzzKill

    BuzzKill Executive VIP

    Joined:
    Aug 30, 2007
    Messages:
    508
    Likes Received:
    173
    Occupation:
    Entrepreneur
    Location:
    Milwaukee WI
    Looks like its all over the place hxxp://202.117.3.11/cs.php
     
  7. wazzzup

    wazzzup Guest

    Thanks for the input

    I will definatletly look into some modules used in some of my joomla sites that's probably where the vulnerabilities are !