Portfolio
My Blog
Scroll down to discover
Search
Categories

Quét script iframe

June 7, 2011Category : Bug & Security

Lưu đoạn code thành file php: ví dụ clean.php

$filename = $_GET["s"];
$content_pattern = $_GET["c"];
echo "Searching for $content_pattern in ".$filename."
";

//define the path as relative
$path = "/home/sitecuaban/domains/sitecuaban/public_html/";
$webpath ="http://www.sitcuaban/";

//using the opendir function
$dir_handle = @opendir($path) or die("Unable to open $path");

echo "Directory Listing of $path
";

list_dir($dir_handle,$path,$filename,$content_pattern);

function list_dir($dir_handle,$path,$filename_pattern,$content_pattern)
{
    // print_r ($dir_handle);
    echo "
";
    //running the while loop
    while (false !== ($file = readdir($dir_handle))) {
        $dir =$path.'/'.$file;
        if(is_dir($dir) && $file != '.' && $file !='..' )
        {
            $handle = @opendir($dir) or die("undable to open file $file");
            list_dir($handle, $dir, $filename_pattern, $content_pattern);
        }elseif($file != '.' && $file !='..')
        {
            if(strcmp("$file", "$filename_pattern")==0){
                echo "
1.$webpath.$dir
";
                
                $handle = @fopen($dir, "r");
                if ($handle) {
                   while (!feof($handle)) {
                        $content = fgets($handle);
                        $test = stristr($content, $content_pattern);
                        echo $test;

                   }
                   fclose($handle);
                }
            }
        }
    }
    
    echo "
";

    closedir($dir_handle);
}
?>

 

Bạn lưu file trên thành file clean.php
Tìm đến dòng và điền đủ thông tin của bạn : //define the path as relative
$path = "/home/sitecuaban/domains/sitecuaban/public_html/";
$webpath ="http://www.sitcuaban/";
Để mở file bạn làm như dòng link sau, thay = đường dẫn của bạn
http://yourdomain.com/clean.php?s=index.html&c=iframe
Sau khi thành công nó sẽ ra những đoạn chứa mã độc

01.
© Oliver / All rights reserved.
To top