• (cs) in reply to SchizoDuckie
    SchizoDuckie:
    It seems that this initrodeglobal.com is a major WTF-source. This is at least the third reference to that company on thedailywtf:

    http://thedailywtf.com/Articles/Leave-That-One-Alone.aspx http://thedailywtf.com/Articles/Some-one-is-trying-to-Hack-the-Site.aspx

    And the site says

    initrodeglobal.com:
    Temporarily Closed for Maintenance

    Come back soon. -- Alex P

    Is it some kind of conspiracy?

    Registrant: Inedo, LLC 44 Front St 2nd Floor Berea, Ohio 44017 United States

    Registered through: GoDaddy.com, Inc. (http://www.godaddy.com) Domain Name: INITRODEGLOBAL.COM Created on: 20-Nov-07 Expires on: 20-Nov-08 Last Updated on: 20-Nov-07

    Administrative Contact: Papadimoulis, Alex [email protected] Inedo, LLC 44 Front St 2nd Floor Berea, Ohio 44017 United States (440) 243-6737 Fax --

    Technical Contact: Papadimoulis, Alex [email protected] Inedo, LLC 44 Front St 2nd Floor Berea, Ohio 44017 United States (440) 243-6737 Fax --

    Domain servers in listed order: NS27.DOMAINCONTROL.COM NS28.DOMAINCONTROL.COM

  • You're all missing the point (unregistered)

    This code is great! Centre of the column, 11 lines down.

    Yummy

  • Paranoid (unregistered) in reply to Philip Hofstetter
    Philip Hofstetter:
    the thing I like the most is the blatant security hole:

    that file handle points to a remote URL fopen()ed earlier. So this code basically takes some remote content and feeds it into eval().

    How nice of this coder to give their remote service a shell access to his server :-)

    Philip

    Why do you think this script was obfuscated in the first place? Seriously, it's a contact us form, but if I had to bet, the coder "accidentally" included that security hole on purpose and the rest of this drivel was to obfuscate that fact.

  • (cs) in reply to Jeroen Brattinga
    Jeroen Brattinga:
    Sh!t, we've been hacked. All our sensitive R&D data, customer credit and bank records have been stolen. Fortunately one part was uncompromised: the 'Contact Us'-form.

    Lol!!! ;-)

  • intrinsic (unregistered)

    LOL, this is typical behavour from anything claiming to "Encrypt" or "Protect" or "Obfuscate" PHP.

    There was an article in 2600 a few issues back, I believe the title was something along the lines of "Friends don't let friends use obfuscators" that one actually made it a 3 step process ;o)

    Gotta love them feeding remote page contents to eval though...

  • Nuker (unregistered)

    Looks it was just ran through and obsfucation utility. Or maybe someone really went through that much work. Sure hope it felt worth their time.

  • julian (unregistered) in reply to bsander

    exactly!!! 1|3 lmao!

  • dark (unregistered)

    While doing security for a hosting service provider, I found a lot of "direct mailer" scripts laying around -- the result of compromised phpBB forums and the like.

    These scripts were routinely searched for of course, but the "nasty" ones were encoded like this, often 4 times deep. I think this was a form of copy protection by the original authors, but to me it just meant searching for scripts with large text blocks, evals and base64 decodes. They'd stick out like nothing else.

  • (cs)

    Someone please email me the codes for this thing.

  • k (unregistered)

    At least it was handled serverside. Microsoft injects these kinds of string in web pages and calls it _VIEWSTATE. Apparently, a good old server side session storage is too advanced for the average .Net developer.

  • Koyan (unregistered)

    Well, I have worked for a boss once, who asked for a "securitaziation" of the code of his website.... and then would gladly accept a result like the above and pay for it.... So if this is what the customers want....

  • (cs) in reply to Othersider
    Othersider:
    Someone please email me the codes for this thing.

    You didn't ask properly. You should have asked: "plz email me teh codez"

  • An-on (unregistered)
    Please try again in an one (1)hour or three(3)

    But not (2)Two(2) ... no, definatley not two

  • Vic (unregistered)

    I think I'll hang myself. People like this actually exist???

  • ethan (unregistered)

    If gained access to the code, a hacker would hack it. Long variable names don't disturb - they can be very very easily changed to short.

  • Wit Poetry (unregistered)

    Why in 1 hour or 3? Not 2 or 4? Sonnofabeetch

  • Dehradun Escorts (unregistered)

    Its may be that encode64 is not the is build-in function... but a user defined one that actually performs some encryption. Dehradun Escorts Dehradun Call Girls

  • Dehradun Escorts (unregistered)

    Its may be that encode64 is not the is build-in function... but a user defined one that actually performs some encryption. <a rel="nofollow" href="href="https://www.dlfgurgaoncallgirls.com/dehradun-escorts/" target="_blank" title="href="https://www.dlfgurgaoncallgirls.com/dehradun-escorts/">Escorts in Dehradun Dehradun Escorts service Call Girls in Dehradun

  • adita malik (unregistered)
    Comment held for moderation.

Leave a comment on “Superencryptalisticexpialidocious”

Log In or post as a guest

Replying to comment #:

Log Out

« Return to Article