Remove the code injection from a file
—
If the code injection is on first line:
==============
grep -nre “?php” * | cut -d ‘:’ -f1 | sort | uniq -c
grep -nre “?php” * | cut -d ‘:’ -f1 | sort
grep -nre “?php” * | cut -d ‘:’ -f1 | sort | uniq
grep -nre “?php” * | cut -d ‘:’ -f1 | sort | uniq > test.txt
==============
or
grep -nr -e ‘<?php /*versio:3.02*/ ‘ -e ‘(aabeaayx(597,3304));};?><?php’ * | cut -d’:’ -f1,2
or
grep -nr -e ‘<?php /*versio:3.02*/ ‘ -e ‘(aabeaayx(597,3304));};?><?php’ * | cut -d’:’ -f1,2 > test.txt
eg :
—
[root@ranjith new]# grep -nre “<?php” * | cut -d : -f1,2
file.php:1
file.php:14
—-
Here the injected code is on first line, so just remove after insert the <?php on the first line using sed command.
cat test1.txt | xargs sed -i ‘1d’ delete first line
cat test1.txt | xargs sed -i ‘1i<?php’ add to first line
========================================