Did I comprimise this server?

badsysadmin99 asked:

A few days I was working on a new feature on a form. The photo uploader on the form only accepts jpegs, jpgs, and png files. I went to upload a photo on my desktop and accidently selected a PHP file with a ~ at the end of the file. THe ~ in the file name tricked the form into thinking its a legit file.

After I found this vulnerability I wanted to show my boss. However I wanted to show him a more realistic scenario of the dangers of this issue. So I went to Github and found a repository for a php backdoor.

https://github.com/amitnaik/php-backdoor

I saw it had 20 stars so I quickly skimmed the code and cloned it without double thinking. I then uploaded it to the server to show my boss. I then visited the file in the browser example.com/backdoor.php . I then deleted it after my boss freaked out.

The next day I checked the issues on the GitHub and someone says the backdoor file I uploaded on the server has a backdoor. However I am not sure if the person who posted the issue is just trying to trick people into going to a link.

https://github.com/amitnaik/php-backdoor/issues/2

I have been panicking for the past few days on what to do and going through the code looking for what the guy is claming in the issue.

I am very concered with the code from lines 3764-4002. It looks encrypted and I can’t figure out what it is.

Am I comprimised? I also downloaded this on localhost.

Please help I don’t know what to do.

AND YES I KNOW IT WAS STUPID FOR ME TO DOWNLOAD THAT AND UPLOAD IT. I was not thinking it through.

My answer:


Simply having a copy of the file on a server would not be sufficient to compromise you. It would have to actually be executed, e.g. by someone loading it up in a browser. If you did that, though, then you are almost certainly compromised, and should proceed from there.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.