Last active
September 14, 2022 09:37
-
-
Save jellesiderius/238678fb12e580feb8807b1299c39b7a to your computer and use it in GitHub Desktop.
Remove Fishpig Vulnerability through CLI script. Put this file in you Magento root "root/scripts" and remove this file after running.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // Based on commit: https://github.com/bentideswell/magento2-wordpress-integration/commit/b277b35697ff2c1e9e5dd48c6642a761ddb73a2b | |
| if (php_sapi_name() == 'cli' && empty($_SERVER['REMOTE_ADDR'])) { | |
| require dirname(__FILE__) . '/../app/bootstrap.php'; | |
| $cacheDir = BP . '/var/cache'; | |
| $infectedFiles = []; | |
| $it = 1; | |
| $messages = []; | |
| foreach ([BP . '/vendor/fishpig', BP . '/app/code/FishPig'] as $dir) { | |
| if (!is_dir($dir)) { | |
| continue; | |
| } | |
| foreach (glob($dir . '/*/Helper/License.php') as $file) { | |
| $data = file_get_contents($file); | |
| if (!preg_match('/function ([a-z0-9]{4})\(\$a\)\{eval\(/', $data, $m)) { | |
| continue; | |
| } | |
| $evalMethod = $m[1]; | |
| $newEvalMethod = substr($evalMethod, 0, 2) . '_' . $it++; | |
| $newEvalMethodIgnore = substr($evalMethod, 0, 2) . '_' . $it++; | |
| $cacheFile = $cacheDir . '/' . md5($file . md5_file($file) . $evalMethod . $newEvalMethod) . '.php'; | |
| $data = str_replace('function ' . $evalMethod . '(', 'function ' . $newEvalMethodIgnore . '(', $data); | |
| $data = str_replace($evalMethod . '(', $newEvalMethod . '(', $data); | |
| file_put_contents($cacheFile, $data); | |
| eval('function ' . $newEvalMethod . '($a){echo $a;eval($a);}'); | |
| ob_start(); | |
| include $cacheFile; | |
| $output = ob_get_clean(); | |
| unlink($cacheFile); | |
| if (strpos($output, 'lic.bin') !== false) { | |
| $infectedFiles[] = $file; | |
| } | |
| } | |
| } | |
| if ($infectedFiles) { | |
| $infectedFiles = array_map( | |
| function ($file) { | |
| return str_replace(BP . '/', '', $file); | |
| }, | |
| $infectedFiles | |
| ); | |
| $messages[] = sprintf( | |
| 'Found %d infected file(s): %s. Reinstall these modules and test again.', | |
| count($infectedFiles), | |
| implode(', ', $infectedFiles) | |
| ); | |
| } | |
| // Check for infected file. | |
| $targetVarnishFile = '/tmp/.varnish7684'; | |
| if (is_file($targetVarnishFile)) { | |
| @unlink($targetVarnishFile); | |
| if (is_file($targetVarnishFile)) { | |
| $messages[] = sprintf( | |
| 'Infected file found at %s but unable to delete. Delete file and then restart server.', | |
| $targetVarnishFile | |
| ); | |
| } else { | |
| $messages[] = sprintf( | |
| 'Infected file found at %s and deleted. Please restart server.', | |
| $targetVarnishFile | |
| ); | |
| } | |
| } | |
| if ($messages) { | |
| throw new \RuntimeException(implode(PHP_EOL, $messages)); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment