from Hacker News

You thought that “This should never happen was bad”? search – eval($_GET)

by callaars on 3/31/16, 5:39 PM with 15 comments

  • by Bognar on 3/31/16, 5:58 PM

    Actually I thought "This should never happen" was good. This is pretty bad, though.

  • by kbenson on 3/31/16, 6:06 PM

    Thankfully, most of these I've seen in the first four pages are for things marked as a web shell, or a security scanner, etc, so it's purposeful and not meant for serious webapp use.

    Still, kind of scary to see. It's like a listening netcat piping to bash in a loop. Sure there should be a firewall in front...

  • by chc on 3/31/16, 6:13 PM

    It looks like the vast majority are from forks of PHP Vulnerability Hunter, and a few more are from other vulnerability tests. So I guess this isn't actually that common?

  • by throwaway2016a on 3/31/16, 6:04 PM

    Also bad

    https://github.com/search?utf8=%E2%9C%93&q=include%28%24_GET...

    There is a simple Google search that allows you to find thousands of websites that do this. Which I won't put since it essential gives you a list of websites ripe for take over.

  • by blakesterz on 3/31/16, 6:14 PM

    Aren't those almost all "php-vulnerability-hunter – ArbitraryPhpGet.php" ? That seems like, well, not so bad.

  • by goshx on 3/31/16, 6:02 PM

    Try looking for database connections too.

  • by ams6110 on 3/31/16, 6:13 PM

    Years ago I worked on a web app that had a "hidden" page that would do something like:

      SQL.exec($_GET['sql'])
    Was used for support to be able to access customer data to be able to reproduce bugs, etc.

  • by asfakeaccount on 3/31/16, 6:08 PM

    I'm not familiar with PHP. Can someone explain this to a newbie?