“#!/bin/sh id cat zot echo ok” in a test_me file in a Joomla 1.5 site.

I found a file called “zot”. Inside was text “abcdefghi”. There was also a file called “test_me”. Inside this file was “#!/bin/sh
id
cat zot
echo ok”

This is a linux bash script used to cat or create a file called zot. Must be connected to an attack.

There was another file called “open_test” with another linux bash script.

#!/bin/sh
set -x
DIR=”/home/my_website/public_html”
cd $DIR
SUSTR=”
if [[ “$UID” -eq “0” || `id -un` != ‘audio’ ]];
then
SUSTR=”sudo -u audio ”
fi
$SUSTR $DIR/test_me

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *