[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060907181102.20047.qmail@web58406.mail.re3.yahoo.com>
Date: Thu, 7 Sep 2006 11:11:02 -0700 (PDT)
From: full_disclosure full_disclosure <fulll_disclosure@...oo.com>
To: full-disclosure@...ts.grok.org.uk
Subject: r57shell "hidden" feature
Hello
Doing some forensics I found that R57shell(version 1.31) a widely used php shell by RST/GHC, has some "hidden features", it will log any usage to some russian stats counters. If those counters log the ip, and the script is not protected by a password, they cand 0wn everything you 0wned.
Starting from line 1469 we have 2 base64 encoded variables $c1 and $c2, at line 1592 the script will check if the variables are empty and die() if true, then they are decoded and appended to $f, which is echo-ed at line 2204. $f contains only the counters scripts.
Trust no one(especialy commies), write your own tools.
---------------------------------
Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2ยข/min or less.
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists