Correction, I think the desired output may actually be: c6db3524fe71d6c576098805a07e79e4. md5()Within a few days, it's possible that you will be able to do a web search for that and get a list of sites that would be vulnerable to executing arbitrary PHP code from a third-party site.
http://ravenphpscripts.com/postt14728.html http://www.pure-chaos.org/2007/11/25/remote-file-inclusion-galore-2/#high_1 Jonathan Dill wrote:
Interesting, if you decode that URL and (carefully!) plug it in to a web browser, the target brings up a page that says:<?php echo md5("just_a_test");?>Several articles talking about it, but nobody seems to know what it really is yet except it looks like they are just testing to see if they can inject PHP code into your site and have it execute rather than just display the code as text--in other words, if you see the PHP code the attack was partially successful, but if the test was completely successful, you would get back e3c7bd85137405f123258cc1a4b42c4f which is the md5 hash of "just_a_test" rather than the raw PHP code in text format. Presumably, this is a "holding space" for bad code to be uploaded and executed later, at the moment they are just checking to see if they can upload code and have it execute.http://web.dtbaker.com.au/post/catching_echo_md5_just_a_test_exploit_attemptshttp://groups.google.com/group/alt.comp.lang.php/browse_thread/thread/378872f04bf1c156http://www.cubecart.com/site/forums/index.php?showtopic=32171http://www.megginson.com/blogs/quoderat/2008/02/04/strange-web-exploit-attempt/Jonathan
-- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist