Thread: PHP extracting rar files.
View Single Post
  #3 (permalink)  
Old 03-02-08, 09:32 AM
End User's Avatar
End User End User is offline
Level II Curmudgeon
  
Join Date: Dec 2004
Posts: 3,027
Thanks: 14
Thanked 35 Times in 33 Posts
Quote:
Originally Posted by scott2500uk View Post
I currently have a file uploader script on my site and I allow rar and zip files to be uploaded but to my amazment i saw a lot of rar files being uploaded and then saw that they were being extracted revieling php files.
Your server is likely compromised now. You should have your ISP run a thorough check of the system for backdoors, rootkits, etc etc.

Quote:
Originally Posted by scott2500uk View Post
What has me stumped is how the user managed to extract these rar files?
As Nico mentioned, your server may already have the RAR extension loaded, or the hackers may have previously uploaded files that allowed them to install the RAR extension without your knowledge.
__________________
I don't live on the edge, but sometimes I go there to visit.
-------------------------------------------------------------------------
Sanitize Your Data | Oracle Date & Substring Functions | Code Snippet Library | [url=http://www.codmb.com/Call Of Duty[/url]
Reply With Quote