Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #21  
Old 07-23-2016, 06:34 AM
RichieBoy67's Avatar
RichieBoy67 RichieBoy67 is offline
 
Join Date: Apr 2004
Location: CT - Down in a hole..
Posts: 3,057
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Exactly.
Reply With Quote
  #22  
Old 07-30-2016, 04:47 PM
kerrghann's Avatar
kerrghann kerrghann is offline
 
Join Date: Jul 2012
Location: Hawaii
Posts: 45
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I use this piece of PHP code to find base64 and other uglies that might have been injected or placed on my server.

Note: This will not look through your hooks, this looks through all the PHP files on your server.

It'll most likely bring up a large list, so I recommend skimming through the list and finding anything that mentions base64_decode()

Then open up that file and find the base64 string in it and decode it yourself with an online decoder or using the php base64_decode($string)

Place this in your forum root and then navigate to it ( http://www.yourforumhere.com/base64-check.php
best of luck:

base64-check.php
PHP Code:
<html><head><title>Find String</title></head><body>
<?php
find_files
('.');
function 
find_files($seed)
{
if(! 
is_dir($seed)) return false;
$files = array();
$dirs = array($seed);
while(
NULL !== ($dir array_pop($dirs)))
{
if(
$dh opendir($dir))
{
while( 
false !== ($file readdir($dh)))
{
if(
$file == '.' || $file == '..') continue;
$path $dir '/' $file;
if(
is_dir($path)) { $dirs[] = $path; }
else { if(
preg_match('/^.*\.(php[\d]?|js|txt)$/i'$path)) { check_files($path); }}
}
closedir($dh);
}}} function 
check_files($this_file)
{
$str_to_find[]='base64_decode';
$str_to_find[]='edoced_46esab';
$str_to_find[]='preg_replace';
$str_to_find[]='HTTP_REFERER';
$str_to_find[]='HTTP_USER_AGENT';
$str_to_find[]='assert('$str_to_find[]='create_function('$str_to_find[]='$_REQUEST['; if(!($content file_get_contents($this_file)))
{ echo(
"<p>Could not check $this_file You should check the contents manually!</p>\n"); }
else
{
while(list(,
$value)=each($str_to_find))
{
if (
stripos($content$value) !== false)
{
echo(
"<p>$this_file -> contains $value</p>\n");
}
}
}
unset(
$content);
}
?>
</body></html>
Reply With Quote
Благодарность от:
MarkFL
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:57 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03753 seconds
  • Memory Usage 2,190KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (2)post_thanks_box
  • (1)post_thanks_box_bit
  • (2)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (2)post_thanks_postbit_info
  • (2)postbit
  • (2)postbit_onlinestatus
  • (2)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete