Bravo List

Bravo List (http://www.bvlist.com/index.php)
-   Template Shares (http://www.bvlist.com/forumdisplay.php?f=26)
-   -   TS SE 5.1 - ts_message.php (http://www.bvlist.com/showthread.php?t=714)

skygate 27th July 2008 03:48
TS SE 5.1 - ts_message.php
 
1 Attachment(s)
... ok ..

... I came across this bit of code ...

ts_message.php

Code:
/*
Please do not edit this file!
This file is also your identify verification for TS SE!
--BEGIN--
VERSION: 5.1
TSSE: xxxxxxxxxxxxxxxxxxxxxx_xxxxxx  <- I blanked this so as not to identify who's source this was   
--END--
*/
define('aImaGe_TS_SE','v.0.2_by_xam');
$xqQsTPaCzzRE=strtoupper(htmlspecialchars($_SERVER['HTTP_HOST']));
$eGzzQ3_bQtSeVVv=IMageCreatefromPNG(offline.png);
$yXtSExaMqZ290O=ImageSx($eGzzQ3_bQtSeVVv);
$xyXetSExaMqZ290O121=ImageSy($eGzzQ3_bQtSeVVv);
$yXtSExaMqZ290O1=ImageCreateTrueColor($yXtSExaMqZ290O,$xyXetSExaMqZ290O121);
ImageCopyReSampled($yXtSExaMqZ290O1,$eGzzQ3_bQtSeVVv,00,00,00,00,$yXtSExaMqZ290O,$xyXetSExaMqZ290O121,$yXtSExaMqZ290O,$xyXetSExaMqZ290O121);
$yXetSExaMqZ290O12=ImageColorAllocate($yXtSExaMqZ290O1,555,555,555);
ImageString($yXtSExaMqZ290O1,5,250,5,$xqQsTPaCzzRE,$yXetSExaMqZ290O12);
header(Content-Type: image/jpeg);
ImageJPEG($yXtSExaMqZ290O1);
?>
in the above code I decoded the base64 stuff ... so you cal all see what it is ...

the original code with the base64 is shown below ...

Code:
/*
Please do not edit this file!
This file is also your identify verification for TS SE!
--BEGIN--
VERSION: 5.1
TSSE: xxxxxxxxxxxxxxxxxxxxxx_xxxxxx  <- I blanked this so as not to identify who's source this was
--END--
*/
define('aImaGe_TS_SE','v.0.2_by_xam');
$xqQsTPaCzzRE=strtoupper(htmlspecialchars($_SERVER['HTTP_HOST']));
$eGzzQ3_bQtSeVVv=IMageCreatefromPNG(base64_decode('b2ZmbGluZS5wbmc='));
$yXtSExaMqZ290O=ImageSx($eGzzQ3_bQtSeVVv);
$xyXetSExaMqZ290O121=ImageSy($eGzzQ3_bQtSeVVv);
$yXtSExaMqZ290O1=ImageCreateTrueColor($yXtSExaMqZ290O,$xyXetSExaMqZ290O121);ImageCopyReSampled($yXtSExaMqZ290O1,$eGzzQ3_bQtSeVVv,00,00,00,00,$yXtSExaMqZ290O,$xyXetSExaMqZ290O121,$yXtSExaMqZ290O,$xyXetSExaMqZ290O121);
$yXetSExaMqZ290O12=ImageColorAllocate($yXtSExaMqZ290O1,555,555,555);
ImageString($yXtSExaMqZ290O1,5,250,5,$xqQsTPaCzzRE,$yXetSExaMqZ290O12);
header(base64_decode('Q29udGVudC1UeXBlOiBpbWFnZS9qcGVn'));
ImageJPEG($yXtSExaMqZ290O1);
?>
the actual base64 stuff is here ...

Code:
$eGzzQ3_bQtSeVVv=IMageCreatefromPNG(base64_decode('b2ZmbGluZS5wbmc='));
and

Code:
header(base64_decode('Q29udGVudC1UeXBlOiBpbWFnZS9qcGVn'));
which translate to ...

Code:
$eGzzQ3_bQtSeVVv=IMageCreatefromPNG(offline.png);
AND

Code:
header(Content-Type: image/jpeg);
respectively ...

... so when you 'run' this code ... you get the following IMAGE ...

Attachment 215

... so wtf? is all this for?

OK ... why use all this to generate a static image with your domain ... saying we are closed ... come back later?

... also why all the cryptic variable tags?

... I have not gone further to look at the image library code and the resultant output ... but it seems a TOTAL overkill for just this simple placeholder message ...

UNLESS there is something more behind it?

... now if I was a dick .. trying to be clever ... I would use some stenography to encode the site domain as well as any serial number 'tags' into the image ...

... then possibly index search for these images ... which look innocent ... to identify specific site ID's ...

... however I don't believe in all this crap ... and am certain that not what all this does .. in fact you can totally delete the ts_message.php ... the site still works ... unless you 'close it' from the control panel ...

ANYWAY ...

just a little rant ...

... but would welcome some input from others about this 'stupid' bit of code ...

(perhaps not and I missed it all :sad: ... any input on this mrdecoder? )


All times are GMT +2. The time now is 10:57.

Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.