Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Exploit u Joomla dodatku?

[es] :: Security :: Exploit u Joomla dodatku?

[ Pregleda: 2050 | Odgovora: 1 ] > FB > Twit

Postavi temu Odgovori

Autor

Pretraga teme: Traži
Markiranje Štampanje RSS

Sale_123
C++ Developer
Wien

Član broj: 23293
Poruke: 219
*.teol.net.



+120 Profil

icon Exploit u Joomla dodatku?11.08.2011. u 18:06 - pre 153 meseci
Trenutno gledam ekstenziju FoxContact za joomlu i nadjoh na jedan fajl koji mi izgleda jako sumljivo. Da li neko zna o cemu se ovde radi?


...
Prikačeni fajlovi
 
Odgovor na temu

Ivan.Markovic

Član broj: 97763
Poruke: 330

Sajt: security-net.biz


+19 Profil

icon Re: Exploit u Joomla dodatku?13.08.2011. u 11:05 - pre 153 meseci
Koriscen je neki obsfukator koda, kada se prevede izgleda ovako:

Code:


<?php 
${"GLOBALS"}["eyjasourltw"]="o_substr";
$fxpwhk="o_substr";
${"GLOBALS"}["kybhas"]="o_realpath";
${"GLOBALS"}["ekezvtfs"]="g";
$muabdsibh="g";
${"GLOBALS"}["krhypvhon"]="o_strtoupper";
${"GLOBALS"}["ihtuofvcphj"]="g";
$pwutyowed="o_realpath";
${"GLOBALS"}["mkeafjln"]="g";
${"GLOBALS"}["iagdnlun"]="o_strtolower";
${"GLOBALS"}["dsrkprassjhr"]="o_basename";
${"GLOBALS"}["rxdyprkabn"]="o_strtoupper";
${${"GLOBALS"}["eyjasourltw"]}="substr";
${${"GLOBALS"}["krhypvhon"]}="strtoupper";
${"GLOBALS"}["vfaxpvcylx"]="direction";
${"GLOBALS"}["rdyllcf"]="g";
${"GLOBALS"}["jwqfmoyzro"]="o_dirname";
${"GLOBALS"}["japbkv"]="o_strtolower";
${"GLOBALS"}["yvdwxgmzef"]="g";
${${"GLOBALS"}["iagdnlun"]}="strtolower";
${"GLOBALS"}["vydewfskjuzp"]="g";
${${"GLOBALS"}["rdyllcf"]}=&${"GLOBALS"};
${"GLOBALS"}["ovmhbyq"]="form";
${"GLOBALS"}["ilmynee"]="lang";
${"GLOBALS"}["dwqpirtqwf"]="o_get";
${${"GLOBALS"}["dsrkprassjhr"]}="basename";
$zktdzefgg="o_basename";
${${"GLOBALS"}["kybhas"]}="realpath";
${${"GLOBALS"}["jwqfmoyzro"]}="dirname";
${${"GLOBALS"}["ekezvtfs"]}["ext_name"]=${$fxpwhk}(${$zktdzefgg}(${$pwutyowed}(${${"GLOBALS"}["jwqfmoyzro"]}(__FILE__))),4);
${"GLOBALS"}["frdckm"]="g";
${${"GLOBALS"}["vydewfskjuzp"]}["com_name"]="com_".${${"GLOBALS"}["ihtuofvcphj"]}["ext_name"];
${"GLOBALS"}["wvodugkpqi"]="o_intval";
${${"GLOBALS"}["frdckm"]}["mod_name"]="mod_".${${"GLOBALS"}["frdckm"]}["ext_name"];
${${"GLOBALS"}["frdckm"]}["EXT_NAME"]=${${"GLOBALS"}["rxdyprkabn"]}(${${"GLOBALS"}["frdckm"]}["ext_name"]);
${${"GLOBALS"}["frdckm"]}["COM_NAME"]=${${"GLOBALS"}["krhypvhon"]}(${$muabdsibh}["com_name"]);
${${"GLOBALS"}["mkeafjln"]}["MOD_NAME"]=${${"GLOBALS"}["krhypvhon"]}(${${"GLOBALS"}["yvdwxgmzef"]}["mod_name"]);
${"GLOBALS"}["xmqgqjynjbv"]="pow";
if(isset(${${"GLOBALS"}["ilmynee"]})){$wghjhcapce="form";
$kmgstr="pow";
${"GLOBALS"}["eikptmk"]="pow";
${"GLOBALS"}["nguexnhdq"]="pow";
${"GLOBALS"}["oodhuiyqhpo"]="form";
${"GLOBALS"}["xqpkpq"]="pow";
$jgxrwjkgqc="form";
$tvkupifchvhy="pow";
$titxrykdjyi="o_intval";
${"GLOBALS"}["xqoxftv"]="g";
$xijvbbb="form";
$vnopnbtxpoxb="form";
${"GLOBALS"}["neiqxipfhri"]="form";
$pxtqes="pow";
$julvpuyvbt="pow";
${"GLOBALS"}["mkrttohz"]="o_get";
$gqtsmtjdbxw="g";
$grtjlbign="form";
${"GLOBALS"}["ctogvmv"]="form";
${"GLOBALS"}["gqtbxmjf"]="pow";
$hfbeykwzgxwh="pow";
${"GLOBALS"}["lfiyqiidcbf"]="pow";
${"GLOBALS"}["qfmbjrvsc"]="pow";
$hfvnucbpk="form";
${$titxrykdjyi}="intval";
${"GLOBALS"}["tmvehkoq"]="form";
${"GLOBALS"}["tvdsyvdqhm"]="form";
$crixztl="form";
$kwkyswiykuc="form";
$isqkvm="form";
$evdzcu="form";
${"GLOBALS"}["qsawsne"]="pow";
${"GLOBALS"}["goceexcaptjt"]="form";
${${"GLOBALS"}["dwqpirtqwf"]}="get";
$odyylashs="form";
${"GLOBALS"}["pdsnsrqzxji"]="direction";
${"GLOBALS"}["vzymgsf"]="pow";
${"GLOBALS"}["psowgi"]="pow";
${${"GLOBALS"}["vfaxpvcylx"]}=${${"GLOBALS"}["wvodugkpqi"]}($lang->${${"GLOBALS"}["mkrttohz"]}("rtl",0));
${"GLOBALS"}["gkvnwqef"]="pow";
$eioiplkuvoq="pow";
${"GLOBALS"}["qdhxtrfcoi"]="pow";
$mqofpcmfz="pow";
${"GLOBALS"}["hvgcabro"]="form";
$jwousua="form";
${"GLOBALS"}["qbbwkhkmxrw"]="pow";
${"GLOBALS"}["vjrgwnb"]="form";
$uaesjxd="form";
${"GLOBALS"}["mckrshlfxc"]="form";
$pcxhpgxf="form";
${"GLOBALS"}["pdhjgwgpyhsy"]="form";
$oytmqvkejo="pow";
$rnomppxgse="pow";
${"GLOBALS"}["xkituoibetb"]="pow";
${$gqtsmtjdbxw}["left"]=${${"GLOBALS"}["vfaxpvcylx"]}?"right":"left";
${${"GLOBALS"}["xqoxftv"]}["right"]=${${"GLOBALS"}["pdsnsrqzxji"]}?"left":"right";
switch($lang->${${"GLOBALS"}["dwqpirtqwf"]}("tag")){case"af-ZA":${${"GLOBALS"}["ovmhbyq"]}="Kontakvorm";
${${"GLOBALS"}["xmqgqjynjbv"]}="Aangedryf deur";
break;
case"ar-AA":${${"GLOBALS"}["ovmhbyq"]}="نموذج Ø§Ù„اتصال";
${${"GLOBALS"}["xmqgqjynjbv"]}="مدعوم Ù…Ù†:";
break;
case"az-AZ":${$grtjlbign}="Geri É™laqÉ™ forması";
${${"GLOBALS"}["xmqgqjynjbv"]}="Ä°ÅŸÉ™ salan";
break;
case"be-BY":${${"GLOBALS"}["ovmhbyq"]}="Форма Ð·Ð²Ð°Ñ€Ð¾Ñ‚най Ñ�увÑ�зі";
${${"GLOBALS"}["xmqgqjynjbv"]}="Працуе Ð½Ð°";
break;
case"bs-BA":${${"GLOBALS"}["neiqxipfhri"]}="Kontakt forma";
${${"GLOBALS"}["xmqgqjynjbv"]}="Pokreće";
break;
case"ca-ES":${${"GLOBALS"}["ovmhbyq"]}="Formulari de contacte";
${${"GLOBALS"}["psowgi"]}="Funciona amb";
break;
case"ckb-IQ":${${"GLOBALS"}["ovmhbyq"]}="Ù�ۆرمى Ù¾Û•ÛŒÙˆÛ•Ù†Ø¯ÛŒ";
${${"GLOBALS"}["xmqgqjynjbv"]}="Powered by";
break;
case"cs-CZ":${$xijvbbb}="KontaktnÃformulář";
${${"GLOBALS"}["xmqgqjynjbv"]}="Založeno na";
break;
case"da-DK":${${"GLOBALS"}["ctogvmv"]}="Kontaktformular";
${${"GLOBALS"}["xkituoibetb"]}="Leveret af";
break;
case"de-DE":${${"GLOBALS"}["ovmhbyq"]}="Kontaktformular";
${$eioiplkuvoq}="Powered by";
break;
case"el-GR":${$evdzcu}="ΦόÏ�μα ÎµÏ€Î±Ï†Î®Ï‚";
${${"GLOBALS"}["xmqgqjynjbv"]}="Με Ï„ην Ï…ποστήÏ�ιξη Ï„ου";
break;
case"es-ES":${${"GLOBALS"}["ovmhbyq"]}="Formulario de contacto";
${${"GLOBALS"}["xmqgqjynjbv"]}="Potenciado por";
break;
case"et-EE":${$jwousua}="Tagasiside vorm";
${${"GLOBALS"}["xmqgqjynjbv"]}="Kasutatud tarkvara";
break;
case"fa-IR":${$hfvnucbpk}="Ù�رم ØªÙ…اس ";
${${"GLOBALS"}["xmqgqjynjbv"]}="راه Ø§Ù†Ø¯Ø§Ø²ÛŒ Ø´Ø¯Ù‡ ØªÙˆØ³Ø·";
break;
case"fi-FI":${${"GLOBALS"}["ovmhbyq"]}="Yhteydenottolomake";
${${"GLOBALS"}["gkvnwqef"]}="Toteutus:";
break;
case"fr-FR":${${"GLOBALS"}["ovmhbyq"]}="Formulaire de Contact";
${${"GLOBALS"}["xqpkpq"]}="Animé par";
break;
case"gl-ES":${${"GLOBALS"}["ovmhbyq"]}="Formulario de contacto";
${${"GLOBALS"}["xmqgqjynjbv"]}="Feito por";
break;
case"he-IL":${${"GLOBALS"}["pdhjgwgpyhsy"]}="טופס ×™×¦×™×¨×ª ×§×©×¨";
${${"GLOBALS"}["xmqgqjynjbv"]}="מופעל ×¢×œ ×™×“×™";
break;
case"hr-HR":${$crixztl}="Kontakt obrazac";
${$tvkupifchvhy}="Pokreće";
break;
case"hu-HU":${${"GLOBALS"}["ovmhbyq"]}="Kapcsolat Å±rlap";
${${"GLOBALS"}["qdhxtrfcoi"]}="Támogatja a";
break;
case"it-IT":${${"GLOBALS"}["ovmhbyq"]}="Modulo contatti";
${${"GLOBALS"}["xmqgqjynjbv"]}="Creato con";
break;
case"ja-JP":${${"GLOBALS"}["hvgcabro"]}="������フォーム";
${$rnomppxgse}="Powered by";
break;
case"ka-GE":${$kwkyswiykuc}="სáƒ�კáƒ�ნტáƒ�ქტáƒ� áƒ¤áƒ�რმáƒ�";
${${"GLOBALS"}["qsawsne"]}="�ვტ�რი";
break;
case"km-KH":${${"GLOBALS"}["ovmhbyq"]}="បែបបទ​ទំនាក់ទំនង";
${$julvpuyvbt}="ឧប�្�ម្ភ​ដោយ";
break;
case"lv-LV":${${"GLOBALS"}["ovmhbyq"]}="NosÅ«tÄ«t ziņu";
${$mqofpcmfz}="Vietnes dzinÄ“js";
break;
case"lt-LT":${$pcxhpgxf}="RaÅ¡ykite mums";
${${"GLOBALS"}["qbbwkhkmxrw"]}="Powered by";
break;
case"mk-MK":${$jgxrwjkgqc}="Контакт Ñ„орма";
${${"GLOBALS"}["xmqgqjynjbv"]}="Покренато Ð¾Ð´";
break;
case"nb-NO":${$wghjhcapce}="Kontaktskjema";
${${"GLOBALS"}["vzymgsf"]}="Drevet av";
break;
case"nl-BE":${${"GLOBALS"}["tvdsyvdqhm"]}="Contactformulier";
${${"GLOBALS"}["xmqgqjynjbv"]}="Ontwikkeld door";
break;
case"nl-NL":${${"GLOBALS"}["ovmhbyq"]}="Contactformulier";
${${"GLOBALS"}["xmqgqjynjbv"]}="Gemaakt door";
break;
case"pl-PL":${${"GLOBALS"}["ovmhbyq"]}="Formularz kontaktowy";
${${"GLOBALS"}["xmqgqjynjbv"]}="Stworzone dziÄ™ki";
break;
case"pt-BR":${${"GLOBALS"}["ovmhbyq"]}="Formulário de Contato";
${${"GLOBALS"}["xmqgqjynjbv"]}="Desenvolvido por";
break;
case"pt-PT":${${"GLOBALS"}["ovmhbyq"]}="Formulário de contacto";
${${"GLOBALS"}["xmqgqjynjbv"]}="Produzido em";
break;
case"ro-RO":${$isqkvm}="Formular de contact";
${${"GLOBALS"}["xmqgqjynjbv"]}="Realizat de";
break;
case"ru-RU":${$odyylashs}="Форма Ð¾Ð±Ñ€Ð°Ñ‚ной Ñ�вÑ�зи";
${${"GLOBALS"}["lfiyqiidcbf"]}="Работает Ð½Ð°";
break;
case"sr-RS":${${"GLOBALS"}["ovmhbyq"]}="Контакт Ñ„орма";
${${"GLOBALS"}["xmqgqjynjbv"]}="Покреће";
break;
case"sr-YU":${${"GLOBALS"}["ovmhbyq"]}="Kontakt forma";
${${"GLOBALS"}["xmqgqjynjbv"]}="Pokreće";
break;
case"sk-SK":${$uaesjxd}="Kontaktný formulár";
${${"GLOBALS"}["xmqgqjynjbv"]}="Generované redakÄ�ným systémom";
break;
case"sv-SE":${${"GLOBALS"}["tmvehkoq"]}="Kontaktformulär";
${$hfbeykwzgxwh}="Av";
break;
case"sy-IQ":${${"GLOBALS"}["ovmhbyq"]}="Ü�ܣܟÜ�Ü¡Ü� Ü•Ü¡Ü˜Ü›Ü�Ü�";
${$oytmqvkejo}="ܡܣܘܬܪܢÜ� Ü’Ü�Ü•";
break;
case"ta-IN":${${"GLOBALS"}["ovmhbyq"]}="தொடரà¯�பà¯�பà¯� à®ªà®Ÿà®¿à®µà®®à¯�";
${$pxtqes}="வல�வளிப�பத�:";
break;
case"th-TH":${${"GLOBALS"}["oodhuiyqhpo"]}="à¹�บบฟุ£à¹Œà¸¡à¸�ารติดต่à¸${${"GLOBALS"}["gqtbxmjf"]}="ขับเคลืุ่™à¹‚ดย";
break;
case"tr-TR":${$vnopnbtxpoxb}="Ä°letiÅŸim Formu";
${${"GLOBALS"}["qfmbjrvsc"]}="Sunan:";
break;
case"uk-UA":${${"GLOBALS"}["ovmhbyq"]}="Контактна Ñ„орма";
${${"GLOBALS"}["xmqgqjynjbv"]}="Створено";
break;
case"zh-CN":${${"GLOBALS"}["vjrgwnb"]}="å�‘é€�电å邮件";
${${"GLOBALS"}["nguexnhdq"]}="Powered by";
break;
case"zh-TW":${${"GLOBALS"}["ovmhbyq"]}="�絡表單";
${$kmgstr}="核心是";
break;
default:${${"GLOBALS"}["goceexcaptjt"]}="Contact Form";
${${"GLOBALS"}["eikptmk"]}="Powered by";
}${${"GLOBALS"}["frdckm"]}["metadata"]="<div style=\"clear:both;float:".${${"GLOBALS"}["frdckm"]}["right"].";padding:10px 20px 10px 20px !important;\">"."<a style="font-family:arial,verdana,sans-serif !important;
font-size:10px !important;
font-variant:small-caps !important;text-decoration:none !important;display:inline !important;visibility:visible !important;\" "."href=\"http://www.fox.ra.it/" title="Joomla ".${${"GLOBALS"}["mckrshlfxc"]}."" target="_blank">".${${"GLOBALS"}["japbkv"]}(${${"GLOBALS"}["xmqgqjynjbv"]})." fox contact"."</a></div>";
}
?>




A sve to verovatno zbog: http://www.fox.ra.it/forum/14-...nk-powered-by-fox-contact.html
“If you think you are too small to make a difference, try sleeping with a mosquito.” - Dalai Lama
XIV
 
Odgovor na temu

[es] :: Security :: Exploit u Joomla dodatku?

[ Pregleda: 2050 | Odgovora: 1 ] > FB > Twit

Postavi temu Odgovori

Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.