重新发!用开心版的IM 同学注意一下
今早起来 发现自己的一个IM ··所有 LP 形式 都失效·打开campagin 连接 都不是跳LP而都是跳到OFFER 连接· · 是所有LP 都这样··LP 都是跑了很久的 也没做任何改动··!而另外一个 VPS 的 IM 是正常的··唯一可能就是 IM 破解版存在什么漏洞··· 被竞争对手破坏了什么文件 导致的!大家注意一下哈!有高手的话非常感谢提出解决方法! 因为之前 论坛也有人爆出 能看到 别人IM 跑的所有OFFER !
mark 一下 你是醉眼看花那个版本吗 破解版嘛有问题是正常的 官方的那个版本我基本都能解出来了,貌似好多函数过滤不好,我仔细看下,能不能sql注入.. wintop 发表于 2016-6-4 21:19
官方的那个版本我基本都能解出来了,貌似好多函数过滤不好,我仔细看下,能不能sql注入.. ...
刚查过, php 的pdo prepare 是可以防止sql注入的,所以 基本上可以说 我用的这个版本基本安全...
所有文件都看了一遍,未看到异常。 楼主可以把你的 im 打包下来 我检查下 . kl116201547 发表于 2016-6-3 15:45
你是醉眼看花那个版本吗
这个是我下载醉眼的,decoder 的
<?php
while (true) {
while (true) {
while (true) {
while (true) {
include( '../app/config/base.php' );
include( 'mt/mt_pwd.php' );
include( 'license/request.inc.php' );
$mysql = array();
$mysql['domain'] = '';
$mysql['click_ip'] = '';
$mysql['click_time'] = '';
$error = '';
$html['userName'] = '';
$isValid = 5;
$statusError = 5;
$coreError = '';
$verified = false;
$msgHeader = '';
$msg = '';
$tokenId = 5;
$loginFailed = false;
$responseDataEncryptCipher_W8u2p3urm5 = '+K9)wNU7@{KD8,,}';
$responseApiKey_JqeXTfS3du = 'a)3n_U5NXL,,OfU]';
if ($['REQUEST_METHOD']= 'POST') {
$verified = true;
$['tokenId'];
$tokenId = ;
if (!) {
$[$tokenId .. '_tokenName'];
$tokenName_str = (true ?: );
if (!) {
$[$tokenName_str];
$tokenValue_str = (true ?: );
new ( $tokenId );
$postAuthorization = ;
$postAuthorization->validated( $tokenName_str, $tokenValue_str );
$validPost = ;
if ($validPost) {
array_map( array( 'HtmlHelper' => , 'decodeHtml' =>), $ );
$ = ;
$['userName'];
$userName = ;
$['userPassword'];
$userPassword = ;
$db->prepare( 'SELECT *
FROM mt_account
WHERE user_name = :user_name' );
$loginSql = ;
$loginSql->bindParam( ':user_name', $userName, PARAM_STR );
$loginSql->execute();
$result = ;
if ($result) {
$loginSql->fetch;
}
}
}
}
}
( FETCH_ASSOC );
if ($data = ) {
new ();
$bcrypt = ;
$bcrypt->verify( $userPassword, $data['user_password'] );
$isGood = ;
if (!) {
$error = 'Your password is incorrect.';
new ( 0, $userName, 'Password' );
$log = ;
$log->logger();
continue;
}
jmp;
$location =. $['SCRIPT_NAME'];
$location = 'http://' . str_ireplace( 'account/' . LOGIN_PAGE, '', $location );
$db->prepare( 'UPDATE mt_account SET mt_location = :location; UPDATE mt_campaigns SET mt_location = :location;' );
$stmt = ;
$stmt->bindParam( ':location', $location, PARAM_STR );
$stmt->execute();
$redirect = 'campaigns.php';
if (!) {
$['lastPage'];
$redirect = ;
unset( $ );
header( 'location: ' .. $redirect );
exit();
continue;
}
break 3;
}
$log = ;
$log->logger();
}
$mysqlError &= '<u>Login Page</u> - ' . $loginSql->errorCode() . ' - ' . $loginSql->errorInfo() . '<br><br>';
}
$postAuthorization->failedPost();
$error = ;
$loginFailed = true;
$postAuthorization->createTokens( 5 );
$postAuthorization->tokenName;
$postTokenName = ;
$postAuthorization->tokenValue;
$postTokenValue = ;
$html['userName'] = HtmlHelper::encodeHtml( $['userName'] );
}
$c_data = array();
if (LOGIN_LOG) {
new ( 2 );
$log = ;
$log->logger();
new ( null, 'POST' );
$request = ;
$request->execute();
$request->errorNum;
$curlError = ;
json_decode( $request->responseBody );
$c_data = ;
$c_info = array();
$http_code = 5;
$success = false;
if (!) {
trim( mcrypt_decrypt( MCRYPT_BLOWFISH, $responseDataEncryptCipher_W8u2p3urm5, rawurldecode( $c_data->info1 ), MCRYPT_MODE_ECB ) );
$isValid = ;
trim( mcrypt_decrypt( MCRYPT_BLOWFISH, $responseDataEncryptCipher_W8u2p3urm5, rawurldecode( $c_data->info2 ), MCRYPT_MODE_ECB ) );
$statusCode = ;
trim( mcrypt_decrypt( MCRYPT_BLOWFISH, $responseDataEncryptCipher_W8u2p3urm5, rawurldecode( $c_data->info ), MCRYPT_MODE_ECB ) );
$responseApiKey_mnwTcIrW3c = ;
if ($responseApiKey_mnwTcIrW3c= $responseApiKey_JqeXTfS3du) {
$['imobi_data'] = array( 'imVersion' => $c_data->iVersion, 'xmlVersion' => $c_data->dVersion );
continue;
}
}
else {
$c_info = ;
$c_info['http_code'];
$http_code = ;
!;
$http_code= 404;
$http_code= 408;
$http_code= 500;
$http_code= 503;
if (( ( ( ( ( $curlError ||) ||) ||) ||) ||)) {
new ( 'http://www.revivedmedia.net/imobitrax/uhadroewiur5y67ru.php', 'POST' );
$request = ;
$request->execute();
json_decode( $request->responseBody );
$c_data = ;
trim( mcrypt_decrypt( MCRYPT_BLOWFISH, $responseDataEncryptCipher_W8u2p3urm5, rawurldecode( $c_data->info1 ), MCRYPT_MODE_ECB ) );
$isValid = ;
trim( mcrypt_decrypt( MCRYPT_BLOWFISH, $responseDataEncryptCipher_W8u2p3urm5, rawurldecode( $c_data->info2 ), MCRYPT_MODE_ECB ) );
$statusCode = ;
trim( mcrypt_decrypt( MCRYPT_BLOWFISH, $responseDataEncryptCipher_W8u2p3urm5, rawurldecode( $c_data->info ), MCRYPT_MODE_ECB ) );
$responseApiKey_mnwTcIrW3c = ;
$responseApiKey_mnwTcIrW3c= $responseApiKey_JqeXTfS3du;
}
if () {
$['imobi_data'] = array( 'imVersion' => $c_data->iVersion, 'xmlVersion' => $c_data->dVersion );
continue;
}
jmp;
switch (true) {
case (bool): {
new ( 'http://www.imobitrax.com/license/logger.php', 'POST', null, true, 1 );
$request1 = ;
$request1->execute();
$msgHeader = 'This domain (' . $['SERVER_NAME'] . ') is not licensed to run iMobiTrax.';
$msg = 'If you have a licensed copy of iMobitrax, there may be an error in the domain in our system. You can log into your user panel at <a href="http://www.imobitrax.com/users/profile" target="_blank">iMobiTrax.com</a> and update your domain. Please contact support if you have any questions.';
break ;
!;
switch (true) {
case ( $isValid &&): {
'This domain (' . $['SERVER_NAME'] . ') is licensed to run iMobiTrax, but you need to pay for your license.';
}
}
}
}
$msgHeader = ;
$msg = 'Please contact support to arrange payment for your license.';
}
break ;
$statusCode= 1;
switch (true) {
case ( $isValid &&): {
$verified = true;
break ;
$statusCode= 2;
switch (true) {
case ( $isValid &&): {
$msgHeader = 'Your monthly subscription to use iMobiTrax on this domain has expired.';
$msg = 'In order to use iMobiTrax, you must have a current subscription. Please login into your<a href="http://www.imobitrax.com/users/member/index">user panel</a> to renew and/or update your monthly subscription.';
break ;
!;
}
case (&&): {
new ( 'http://www.imobitrax.com/license/logger.php', 'POST', null, true, 3 );
$request1 = ;
$request1->execute();
$msgHeader = 'There appears to be an error in iMobiTrax.';
$msg = 'Please contact support.';
break ;
$statusCode= 4;
switch (true) {
case ( ! &&): {
$msgHeader = 'iMobiTrax Technicians are currently upgrading our API core.';
$msg = 'Unfortunately during this time you are unable to login but your campaigns are still tracking as normal.We should be finished with this core upgrade within the next hour.Thank you for your patience as we continue to make iMobiTrax even better!If you have any questions please do not hesitate to reach out to us at [email protected].';
break ;
new ( 'http://www.imobitrax.com/license/logger.php', 'POST', null, true, 5 );
$request1 = ;
$request1->execute();
$msgHeader = 'There appears to be an error in iMobiTrax.';
$msg = 'Please contact support!';
break ;
;
}
}
}
}
$statusCode= 3;
}
}
}
new ();
$postAuthorization = ;
$postAuthorization->createTokens( 5 );
$postAuthorization->tokenName;
$postTokenName = ;
$postAuthorization->tokenValue;
$postTokenValue = ;
$postAuthorization->tokenId;
$tokenId = ;
PageElement::topTemplateLogin( 'iMobiTrax Login' );
if ($loginFailed) {
if (!) {
echo ;
continue;
}
jmp;
if () {
echo ;
echo ;
echo ;
echo ;
echo ;
echo ;
echo ;
echo ;
if ($html['userName'] != '') {
echo ;
}
}
echo ;
continue;
}
jmp;
( $mysqlErrorMain );
}
!;
if (( ( $verified &&) &&)) {
$page = 'login.php';
_mysqlError( $mysqlError, $page, false );
}
jmp;
();
return ;
?> mark楼上强人。 确实有问题。今早突然campagin里面所有数据都丢了。
这还能愉快的玩耍吗?:Q 难怪,我说的我怎么突然500了,原来是破解版出问题了 真假啊?
页:
[1]