来源:自学PHP网 时间:2015-04-16 23:15 作者: 阅读:次
[导读] 用demo来演示演示把。应该可以直接登录后台 懒得弄了。http: bbs qibosoft com down2 php?v=v7 down下载地址 刚下载的。在inc job download php中$url=trim(base64_decode($url));$fileurl=str_replace($webd...
用demo来演示演示把。
$url=trim(base64_decode($url)); $fileurl=str_replace($webdb[www_url],"",$url); if( eregi(".php",$fileurl) && is_file(ROOT_PATH."$fileurl") ){ die("ERR"); } if(!$webdb[DownLoad_readfile]){ $fileurl=strstr($url,"://")?$url:tempdir($fileurl); header("location:$fileurl"); exit; } if( is_file(ROOT_PATH."$fileurl") ){ $filename=basename($fileurl); $filetype=substr(strrchr($filename,'.'),1); $_filename=preg_replace("/([\d]+)_(200[\d]+)_([^_]+)\.([^\.]+)/is","\\3",$filename); if(eregi("^([a-z0-9=]+)$",$_filename)&&!eregi("(jpg|gif|png)$",$filename)){ $filename=urldecode(base64_decode($_filename)).".$filetype"; } ob_end_clean(); header('Last-Modified: '.gmdate('D, d M Y H:i:s',time()).' GMT'); header('Pragma: no-cache'); header('Content-Encoding: none'); header('Content-Disposition: attachment; filename='.$filename); header('Content-type: '.$filetype); header('Content-Length: '.filesize(ROOT_PATH."$fileurl")); readfile(ROOT_PATH."$fileurl"); }else{ if(eregi(".php",$fileurl)){ header("location:$fileurl"); exit; } $filename=basename($fileurl); $filetype=substr(strrchr($filename,'.'),1); $fileurl=strstr($url,"://")?$url:tempdir($fileurl); ob_end_clean(); header('Last-Modified: '.gmdate('D, d M Y H:i:s',time()).' GMT'); header('Pragma: no-cache'); header('Content-Encoding: none'); header('Content-Disposition: attachment; filename='.$filename); header('Content-type: '.$filetype); readfile($fileurl);
$url=trim(base64_decode($url)) $fileurl=str_replace($webdb[www_url],"",$url); if( eregi(".php",$fileurl) && is_file(ROOT_PATH."$fileurl") ){ die("ERR");
if( is_file(ROOT_PATH."$fileurl") ){ $filename=basename($fileurl); $filetype=substr(strrchr($filename,'.'),1); $_filename=preg_replace("/([\d]+)_(200[\d]+)_([^_]+)\.([^\.]+)/is","\\3",$filename); if(eregi("^([a-z0-9=]+)$",$_filename)&&!eregi("(jpg|gif|png)$",$filename)){ $filename=urldecode(base64_decode($_filename)).".$filetype"; } ob_end_clean(); header('Last-Modified: '.gmdate('D, d M Y H:i:s',time()).' GMT'); header('Pragma: no-cache'); header('Content-Encoding: none'); header('Content-Disposition: attachment; filename='.$filename); header('Content-type: '.$filetype); header('Content-Length: '.filesize(ROOT_PATH."$fileurl")); readfile(ROOT_PATH."$fileurl");
<?php for ($i=0; $i<255; $i++) { $yu = '1.ph' . chr($i); $yu1 = @is_file($yu); if (!empty($yu1)){ echo chr($i); echo "</br>"; } } ?>
<?Php $a=$_GET[a]; $b=is_file($a); var_dump($b);
if( is_file(ROOT_PATH."$fileurl") ){ $filename=basename($fileurl); $filetype=substr(strrchr($filename,'.'),1); $_filename=preg_replace("/([\d]+)_(200[\d]+)_([^_]+)\.([^\.]+)/is","\\3",$filename); if(eregi("^([a-z0-9=]+)$",$_filename)&&!eregi("(jpg|gif|png)$",$filename)){ $filename=urldecode(base64_decode($_filename)).".$filetype"; } ob_end_clean(); header('Last-Modified: '.gmdate('D, d M Y H:i:s',time()).' GMT'); header('Pragma: no-cache'); header('Content-Encoding: none'); header('Content-Disposition: attachment; filename='.$filename); header('Content-type: '.$filetype); header('Content-Length: '.filesize(ROOT_PATH."$fileurl")); readfile(ROOT_PATH."$fileurl");
$filename=basename($fileurl); $filetype=substr(strrchr($filename,'.'),1); $_filename=preg_replace("/([\d]+)_(200[\d]+)_([^_]+)\.([^\.]+)/is","\\3",$filename); if(eregi("^([a-z0-9=]+)$",$_filename)&&!eregi("(jpg|gif|png)$",$filename)){ $filename=urldecode(base64_decode($_filename)).".$filetype"; }
$url=trim(base64_decode($url)); $fileurl=str_replace($webdb[www_url],"",$url); if( eregi(".php",$fileurl) && is_file(ROOT_PATH."$fileurl") ){ die("ERR"); }
function mymd5($string,$action="EN",$rand=''){ //字符串加密和解密 global $webdb; if($action=="DE"){//处理+号在URL传递过程中会异常 $string = str_replace('QIBO|ADD','+',$string); } $secret_string = $webdb[mymd5].$rand.'5*j,.^&;?.%#@!'; //绝密字符串,可以任意设定 if(!is_string($string)){ $string=strval($string); } if($string==="") return ""; if($action=="EN") $md5code=substr(md5($string),8,10); else{ $md5code=substr($string,-10); $string=substr($string,0,strlen($string)-10); } //$key = md5($md5code.$_SERVER["HTTP_USER_AGENT"].$secret_string); $key = md5($md5code.$secret_string); $string = ($action=="EN"?$string:base64_decode($string)); $len = strlen($key); $code = ""; for($i=0; $i<strlen($string); $i++){ $k = $i%$len; $code .= $string[$i]^$key[$k]; } $code = ($action == "DE" ? (substr(md5($code),8,10)==$md5code?$code:NULL) : base64_encode($code)."$md5code"); if($action=="EN"){//处理+号在URL传递过程中会异常 $code = str_replace('+','QIBO|ADD',$code); } return $code; }
还是给官方的key打个码、 elseif($action=='mobphone2') { if($lfjdb[mob_yz]){ showerr("请不要重复验证手机号码!"); } if(!$yznum){ showerr("请输入验证码"); }elseif(!$md5code){ showerr("资料有误"); }else{ unset($code,$mobphone,$uid); list($code,$mobphone,$uid)=explode("\t",mymd5($md5code,"DE") ); if($code!=$yznum||$uid!=$lfjuid){ showerr("验证码不对"); } } add_user($lfjuid,$webdb[YZ_MobMoney],'手机号码审核奖分'); $db->query("UPDATE {$pre}memberdata SET mobphone='$mobphone',mob_yz='1' WHERE uid='$lfjuid'"); refreshto("yz.php?job=mob","恭喜你,你的手机号码成功通过审核,你同时得到 {$webdb[YZ_MobMoney]} 个积分奖励!",10);
if($_COOKIE["adminID"]&&$detail=mymd5($_COOKIE["adminID"],'DE',$onlineip)){ unset($_uid,$_username,$_password); list($_uid,$_username,$_password)=explode("\t",$detail); $lfjdb=$db->get_one("SELECT * FROM {$pre}memberdata WHERE uid='$_uid' AND username='$_username'"); }
if($_SERVER['HTTP_CLIENT_IP']){ $onlineip=$_SERVER['HTTP_CLIENT_IP']; }elseif($_SERVER['HTTP_X_FORWARDED_FOR']){ $onlineip=$_SERVER['HTTP_X_FORWARDED_FOR']; }else{ $onlineip=$_SERVER['REMOTE_ADDR']; } $onlineip = preg_replace("/^([\d\.]+).*/", "\\1", filtrate($onlineip)); preg_match("/[\d\.]{7,15}/", $onlineip, $onlineipArray); $onlineip = $onlineipArray[0] ? $onlineipArray[0] : '0.0.0.0';
function mymd5($string,$action="EN",$rand=''){ //字符串加密和解密 global $webdb; $secret_string = $webdb[mymd5].$rand.'5*j,.^&;?.%#@!=67987d'; //绝密字符串,可以任意设定
漏洞的源头是任意文件下载。 |
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com