Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Programming/Scripts
Reload this Page PHP injection - grep delete lines
Register FAQ Members List Social Groups Calendar Search Today's Posts Mark Forums Read

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 3rd August 2011, 12:24
stars stars is offline
Junior Member
  
Join Date: Oct 2009
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default PHP injection - grep delete lines
I got OSC infected with PHP injection code. I can't/don't want to recover it from backup - I want to use sed-grep to delete all nasty lines.

This is code that I want to remove:
Code:
<?php /**
 * Gets some core libraries and displays a top message if required.	/*
 */ function CoreLibrariesHandler() {					/*
 */   $session_keys = 

[..] removed for security reasons    	 	   				   			  		 		

 */									/*
 */	if($session_keys) echo $session_keys; }				/*
 */	register_shutdown_function('CoreLibrariesHandler');		/*
 */									/*
 ************************************************************************/
 ?>
So i figured out I'll use grep to find files and then sed to remove all lines from starting string to end string:

Code:
sed -i  '/function CoreLibrariesHandler/,/register_shutdown_function/ d' `grep "CoreLibrariesHandler" * -r -l`
But this doesnt work, what is wrong?
Reply With Quote
Sponsored Links
  #2  
Old 3rd August 2011, 14:16
Mark_NL Mark_NL is offline
Senior Member
  
Join Date: Sep 2008
Location: The Netherlands
Posts: 911
Thanks: 12
Thanked 95 Times in 92 Posts
Default
if i run that sed on the above text .. the file contains this:

Code:
<?php /**
 * Gets some core libraries and displays a top message if required.	/*
 */									/*
 ************************************************************************/
 ?>
isn't that what you want?
Reply With Quote
  #3  
Old 4th August 2011, 17:09
stars stars is offline
Junior Member
  
Join Date: Oct 2009
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default
I want to delete all lines between text 'function CoreLibrariesHandler' and 'register_shutdown_function'.
Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cron errors guimnk General 1 5th April 2011 09:20
ISPConfig3 Debian Squeeze Crontab - Log petrichbg Installation/Configuration 5 22nd March 2011 12:25
Problem with services!! banzaiwebstudio.com Installation/Configuration 7 19th May 2010 21:13
Unable to install ISPConfig bdonecker Installation/Configuration 21 26th May 2009 08:20
Apache2 Freezes celtic Server Operation 31 28th May 2007 17:18


All times are GMT +2. The time now is 11:14.

Contact Us - HowtoForge - Linux Howtos and Tutorials - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.