Known CMS still accept older PHP versions and accordingly vulnerabilities (Drupal, Joomla, Word Press)
Check your code online at the PHPStan Playground...
checked vulnerable code like
<?
session_start();
include (“../config.php”);
echo $loggedin;
if ($loggedin != “1”){
header(“Location: http://www.google.com”); /* Redirect browser */
}
{
echo “Will this code Get executed?”;
}?>
Where we stumble upon
unexpected T_STRING, expecting ';'
in line 12 - While testing a web application today, i noticed an unusual 302 HTTP response. Normally a 302 response just has a header and no html code, becuase its meant to be redirecting you to the page cited in the ‘Location’ field of the http header.� The 302 response had the html code which will be presented to the authenticated admin user, but, we didnt have the admin credentials. So, how are we seeing this code. After analyzing the 302 redircect response, we concluded that this was the result of insecure coding. Info credits go to Tesjawi.
So not escaping quotes in the string, of course it's not going to work.
Just add a \ before the " in the <input> tag and you are good to go.
(pol).
Check with PHP malware finder:
https://github.com/nbs-system/php-malware-finder/Enjoy, my good friends, enjoy, and remember PHP often can be inherently insecure.
Encrypted with Yellowpipe's Code Source Encrypter it looks like
<script>
<!--
document.write(unescape("%3C%3F%0Asession_start%28%29%3B%0Ainclude%20%28%u201C../config.php%u201D%29%3B%0Aecho%20%24loggedin%3B%0A%0Aif%20%28%24loggedin%20%21%3D%20%u201C1%u201D%29%7B%0Aheader%28%u201CLocation%3A%20http%3A//www.google.com%u201D%29%3B%20/*%20Redirect%20browser%20*/%0A%0A%7D%0A%0A%7B%0Aecho%20%u201CWill%20this%20code%20Get%20executed%3F%u201D%3B%0A%7D%3F%3E"));
//-->
</script>
file: 368a84ccc831bea70c7649b7ce50c0abea9c4557: 412 bytes
file: c01a81e4621b7a3059b2257cffb9f2c743efd250: 223 bytes
Decoded Files
368a/84ccc831bea70c7649b7ce50c0abea9c4557 from script (412 bytes, 4 hidden) download
coded source: c01a/81e4621b7a3059b2257cffb9f2c743efd250 from script (223 bytes)
polonus