Thread: Administrative and Maintenance Tools - Check 4 Hack - Finds infected Datastore Entries
View Single Post
  #116  
Old 03-24-2014, 09:10 PM
whodah whodah is offline
 
Join Date: Feb 2004
Posts: 77
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
ForceHSS:

Are you sure you are 4.2.2 PL1 ? If so, do your install files fresh from vB not have this?
Code:
includes/xml/product-panjo.xml:         if ((!$message = base64_decode($vbulletin->GPC['pm_message']))) {
includes/xml/product-panjo.xml:                 !($pagetext = base64_decode($vbulletin->GPC['html']))
BTW: I thought it might be interesting to note the other base64_(encode|decode) stuff off a fresh 4.2.2PL1 download:

Code:
[root@hurley upload]# grep -RIi base64_decode *
asset.php:      $filedata = vb_base64_decode('STRING_REPLACED_BY_WHODAH==');
attachment.php:         $filedata = vb_base64_decode('STRING_REPLACED_BY_WHODAH==');
blog_attachment.php:    $filedata = vb_base64_decode('STRING_REPLACED_BY_WHODAH==');
cron.php:$filedata = vb_base64_decode('STRING_REPLACED_BY_WHODAH==');
includes/adminfunctions_template.php:                           $vbulletin->db->escape_string(vb_base64_decode($stylevardfn['validation'])) . "', '" .
includes/adminfunctions_template.php:                           $vbulletin->db->escape_string(vb_base64_decode($stylevardfn['failsafe'])) . "', 0, 0
includes/adminfunctions_template.php:           $value = vb_base64_decode($stylevar['value'][0]);
includes/adminfunctions_template.php:           $decode[$stylevars['name']] = vb_base64_decode($stylevars['value'][0]);
includes/facebook/base_facebook.php:    return base64_decode(strtr($input, '-_', '+/'));
includes/functions.php:function vb_base64_decode($string)
includes/functions.php: if (function_exists('base64_decode'))
includes/functions.php:         return base64_decode($string);
includes/functions.php:         return ($decode ? vb_base64_decode($return) : $return);
includes/xml/product-panjo.xml:         if ((!$message = base64_decode($vbulletin->GPC['pm_message']))) {
includes/xml/product-panjo.xml:                 !($pagetext = base64_decode($vbulletin->GPC['html']))
picture.php:    $filedata = vb_base64_decode('STRING_REPLACED_BY_WHODAH==');
[root@hurley upload]# grep -RIi base64_encode *
admincp/navigation.php: $name .= '_' . strtolower(substr(vb_base64_encode(TIMENOW),4,4));
forumrunner/push.php:    $msgargs = array(base64_encode(prepare_utf8_string($vbulletin->options['bbtitle'])));
forumrunner/push.php:       $msgargs[] = base64_encode(count($pms));
forumrunner/push.php:       $msgargs[] = base64_encode(prepare_utf8_string($first_pm['fromusername']));
forumrunner/push.php:       $msgargs[] = base64_encode(count($subs));
forumrunner/push.php:       $msgargs[] = base64_encode(prepare_utf8_string($first_sub['title']));
forumrunner/support/Snoopy.class.php:                   $headers .= "Authorization: Basic ".base64_encode($this->user.":".$this->pass)."\r\n";
forumrunner/support/Snoopy.class.php:                   $headers .= 'Proxy-Authorization: ' . 'Basic ' . base64_encode($this->proxy_user . ':' . $this->proxy_pass)."\r\n";
forumrunner/support/Snoopy.class.php:                   $headers[] = "Authorization: BASIC ".base64_encode($this->user.":".$this->pass);
includes/adminfunctions_plugin.php:                                     'validation' => vb_base64_encode($stylevar['validation']),
includes/adminfunctions_plugin.php:                                     'failsafe'   => vb_base64_encode($stylevar['failsafe'])
includes/adminfunctions_plugin.php:                             'value' => vb_base64_encode($stylevar['value'])
includes/adminfunctions_plugin.php:                                             'validation' => vb_base64_encode($stylevar['validation']),
includes/adminfunctions_plugin.php:                                             'failsafe'   => vb_base64_encode($stylevar['failsafe'])
includes/adminfunctions_plugin.php:                                     'value' => vb_base64_encode($stylevar['value'])
includes/adminfunctions_template.php:                                   'validation' => vb_base64_encode($stylevar['validation']),
includes/adminfunctions_template.php:                                   'failsafe'   => vb_base64_encode($stylevar['failsafe'])
includes/adminfunctions_template.php:                           'value' => vb_base64_encode($stylevar['value'])
includes/adminfunctions_template.php:                                   'value' => vb_base64_encode($stylevar)
includes/class_mail.php:                                        if (!$this->sendMessage(vb_base64_encode($this->smtpUser), 334) OR !$this->sendMessage(vb_base64_encode($this->smtpPass), 235))
includes/facebook/base_facebook.php:   * Exactly the same as base64_encode except it uses
includes/facebook/base_facebook.php:   * Exactly the same as base64_encode except it uses
includes/facebook/base_facebook.php:    $str = strtr(base64_encode($input), '+/', '-_');
includes/functions.php:function vb_base64_encode($string)
includes/functions.php: if (function_exists('base64_encode'))
includes/functions.php:         return base64_encode($string);
includes/functions.php:         $string = vb_base64_encode($string);
vb/verticalresponse.php:                    'contents'  => vb_base64_encode($members),
[root@hurley upload]#
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01177 seconds
  • Memory Usage 1,799KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete