A few days I was working on a new feature on a form. The photo uploader on the form only accepts jpegs, jpgs, and png files. I went to upload a photo on my desktop and accidently selected a PHP file with a ~ at the end of the file. THe ~ in the file name tricked the form into thinking its a legit file.
After I found this vulnerability I wanted to show my boss. However I wanted to show him a more realistic scenario of the dangers of this issue. So I went to Github and found a repository for a php backdoor.
I saw it had 20 stars so I quickly skimmed the code and cloned it without double thinking. I then uploaded it to the server to show my boss. I then visited the file in the browser example.com/backdoor.php . I then deleted it after my boss freaked out.
The next day I checked the issues on the GitHub and someone says the backdoor file I uploaded on the server has a backdoor. However I am not sure if the person who posted the issue is just trying to trick people into going to a link.
I have been panicking for the past few days on what to do and going through the code looking for what the guy is claming in the issue.
I am very concered with the code from lines 3764-4002. It looks encrypted and I can’t figure out what it is.
Am I comprimised? I also downloaded this on localhost.
Please help I don’t know what to do.
AND YES I KNOW IT WAS STUPID FOR ME TO DOWNLOAD THAT AND UPLOAD IT. I was not thinking it through.
Simply having a copy of the file on a server would not be sufficient to compromise you. It would have to actually be executed, e.g. by someone loading it up in a browser. If you did that, though, then you are almost certainly compromised, and should proceed from there.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.