How can I find the $string that was used in a PHP function exec($string) on Linux?
Say someone has managed to get into my server and have found the (web based) app code:
$encrypt ? $password = generatePassword($passwordstrength): $password="";
$estring = "7z a -p$password -mx0 packFoo.aes.7z mydir/foo";
if($encrypt) {
exec($estring);
mailuser($password);//uses standard PHP mail function
The password is dynamically generated, a-zA-Z0-9 etc from a function with using PHP rand. Is there any trace of the exec() string on the server?
It's not in /var/logs and not in .bash_history.
Say someone has managed to get into my server and have found the (web based) app code:
$encrypt ? $password = generatePassword($passwordstrength): $password="";
$estring = "7z a -p$password -mx0 packFoo.aes.7z mydir/foo";
if($encrypt) {
exec($estring);
mailuser($password);//uses standard PHP mail function
The password is dynamically generated, a-zA-Z0-9 etc from a function with using PHP rand. Is there any trace of the exec() string on the server?
It's not in /var/logs and not in .bash_history.
No comments:
Post a Comment