cannot write file

Question

forzadraco 0 Junior Poster in Training

15 Years Ago

target.php:

xas xjahs dajdh ajdhjas da d xxxx na dh ada hd

main.php:

<?php
// removal malicious script by forzadraco

$filename="target.php";

$existfile=@fopen($filename,"w");

if($existfile){
echo "file berhasil dibaca \n\n";
}else{
echo "file gagal dibaca \n\n";
}


if( false == ($str=file_get_contents( $filename )))
echo "Could not read file.";
else
echo "File contents: ".htmlspecialchars($str);

$hsl=preg_replace("/xxxx/i","draco",$str);

echo "<hr />".htmlspecialchars($hsl);

fwrite($existfile,$hsl);
fclose($existfile);

?>

why is not work ? and why target.php become empty file..?

thanks

php

Edited 11 Years Ago by mike_2000_17 because: Fixed formatting

3 Contributors
2 Replies
164 Views
6 Hours Discussion Span
Latest Post 15 Years Ago Latest Post by cwarn23

nav33n 472 Purple hazed!

15 Years Ago

<?php
// removal malicious script by forzadraco

$filename="target.php";

$existfile=fopen($filename,"a+");

if($existfile){
echo "file berhasil dibaca \n\n";
}else{
echo "file gagal dibaca \n\n";
}


if( false == ($str=file_get_contents( $filename )))
echo "Could not read file.";
else
echo "File contents: ".htmlspecialchars($str);

$hsl=preg_replace("/xxxx/i","draco",$str);

echo "<hr />".htmlspecialchars($hsl);

fwrite($existfile,$hsl);
fclose($existfile);

?>

Check "mode" http://in2.php.net/manual/en/function.fopen.php . Mode "w" : Open for writing only; place the file pointer at the beginning of the file and truncate the file to zero length. If the file does not exist, attempt to create it.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

cwarn23 387 Occupation: Genius Team Colleague Featured Poster · Answer 1 · 2009-02-12T12:31:45+00:00

I have read the script and if you are using php5 then the following might be better with the functions file_get_contents and file_put_contents.

<?php
// removal malicious script by forzadraco

$filename="target.php";

$existfile=file_get_contents($filename);

if($existfile){
echo "file berhasil dibaca \n\n";
}else{
echo "file gagal dibaca \n\n";
}


if( false == ($str=file_get_contents( $filename ))) {
echo "Could not read file.";
} else {
echo "File contents: ".htmlspecialchars($str);
}

$hsl=preg_replace("/xxxx/i","draco",$str);

echo "<hr />".htmlspecialchars($hsl);

file_put_contents($hsl,$existfile);

?>

Note: It's good to see you made an attempt at adding the opening code tags but next time try to add the closing code tags too.