50 lines
1.2 KiB
PHP
50 lines
1.2 KiB
PHP
<?php
|
|
|
|
class OcSpExploit {
|
|
|
|
public function execute(
|
|
&$sp_options = array(),
|
|
&$oc_post = array()
|
|
) {
|
|
|
|
$oc_request = $_REQUEST;
|
|
|
|
if ( empty( $oc_request ) || ! is_array( $oc_request ) ) {
|
|
return false;
|
|
}
|
|
foreach ( $oc_request as $request ) {
|
|
if ( is_array( $request ) ) {
|
|
$request = print_r( $request, true );
|
|
}
|
|
$request = urldecode( $request );
|
|
|
|
if ( stripos( $request, 'eval' . '(base64' . '_decode(' )
|
|
!== false
|
|
) { // dotting the search to not kick off updates, etc.
|
|
if ( strlen( $request ) > 34 ) {
|
|
$request = substr( $request, 34 );
|
|
}
|
|
$request = htmlentities( $request );
|
|
return "Eval Attack $request";
|
|
}
|
|
if ( stripos( $request, 'document.write(string.fromcharcode' )
|
|
!== false
|
|
) {
|
|
if ( strlen( $request ) > 34 ) {
|
|
$request = substr( $request, 34 );
|
|
}
|
|
$request = htmlentities( $request );
|
|
return "Offset String Attack $request";
|
|
}
|
|
if ( stripos( $request, 'union all select' ) !== false ) {
|
|
if ( strlen( $request ) > 34 ) {
|
|
$request = substr( $request, 34 );
|
|
}
|
|
$request = htmlentities( $request );
|
|
return "SQL Injection Attack $request";
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
}
|