2. 程序综合区
  3. 求站长窝官方分析[好团队]附件收益 20141010(PHP≤5.2)

2核1G3M服务器88一季度

腾讯云,阿里云百度云等 折扣价→点我←

求站长窝官方分析[好团队]附件收益 20141010(PHP≤5.2) discuz 交流

落尽。 一级用户组
好不容易利用discuz x3.2的一个漏洞搞的一个shell拿到的一个插件,求分析开源! 
<?php

if ( !defined( "IN_DISCUZ" ) || !defined( "IN_ADMINCP" ) )
{
    exit( "Aecsse Denied" );
}
global $_G;
global $pluginid;
global $pluginarray;
$table1 = DB::table( "haoteam_vars" );
$table2 = DB::table( "haoteam_lang" );
$pname = $pluginarray['plugin']['identifier'];
$folder = DISCUZ_ROOT."source".DIRECTORY_SEPARATOR."plugin".DIRECTORY_SEPARATOR.$pname;
if ( !function_exists( "haoteam_validator" ) )
{
    if ( file_exists( $folder.DIRECTORY_SEPARATOR."vars.func.php" ) )
    {
        require_once( $folder.DIRECTORY_SEPARATOR."vars.func.php" );
    }
    else
    {
        cpmsg( "plugin_not_found" );
    }
}
if ( file_exists( $folder.DIRECTORY_SEPARATOR."cert.php" ) )
{
    require_once( $folder.DIRECTORY_SEPARATOR."cert.php" );
    $sid = $cert[5];
}
$uniqueid = $_G['setting']['siteuniqueid'] ? $_G['setting']['siteuniqueid'] : C::t( "common_setting" )->fetch( "siteuniqueid" );
$cert = array(
    "qid" => $uniqueid,
    "bbsUrl" => $_G['siteurl'],
    "plugin" => $pname,
    "sid" => $sid,
    "siteurl" => $_G['setting']['siteurl']
);
$insurl = $_SERVER['QUERY_STRING'];
$sql1 = "\r\nCREATE TABLE IF NOT EXISTS `".$table1."` (\r\n  `pluginvarid` mediumint(8) unsigned NOT NULL auto_increment,\r\n  `pluginid` smallint(6) unsigned NOT NULL default '0',\r\n  `identifier` varchar(50) NOT NULL,\r\n  `displayorder` tinyint(3) NOT NULL default '0',\r\n  `title` varchar(100) NOT NULL default '',\r\n  `description` text NOT NULL,\r\n  `variable` varchar(40) NOT NULL default '',\r\n  `type` varchar(255) NOT NULL,\r\n  `value` text NOT NULL,\r\n  `extra` text NOT NULL,\r\n  `module` varchar(255) NOT NULL,\r\n  `submenu` varchar(255) NOT NULL,\r\n  `subnum` int(10) NOT NULL,\r\n  PRIMARY KEY  (`pluginvarid`),\r\n  KEY `pluginid` (`pluginid`)\r\n) ENGINE=MyISAM  DEFAULT CHARSET=gbk;\r\nDELETE FROM {$table1} WHERE identifier = '{$pname}';";
if ( $admincp->isfounder && $_G['config']['plugindeveloper'] && file_exists( $folder.DIRECTORY_SEPARATOR."table".DIRECTORY_SEPARATOR."table_haoteam_lang.php" ) )
{
    $sql2 = "CREATE TABLE IF NOT EXISTS ".$table2." (\r\n  `id` mediumint(8) NOT NULL AUTO_INCREMENT,\r\n  `pluginname` varchar(40) NOT NULL,\r\n  `system` tinyint(1) NOT NULL DEFAULT '0',\r\n  `variable` varchar(40) NOT NULL,\r\n  `value` text NOT NULL,\r\n  `module` varchar(255) NOT NULL,\r\n  PRIMARY KEY (`id`)\r\n) ENGINE=MyISAM  DEFAULT CHARSET=gbk;\r\nDELETE FROM {$table2} WHERE pluginname = '{$pname}';";
}
$table4 = DB::table( "piaobo_attachment" );
$table5 = DB::table( "piaobo_attachment_shar" );
$table6 = DB::table( "piaobo_attachment_extcredits" );
$table_all = array(
    $table4,
    $table5,
    $table6
);
if ( $_GET['step'] )
{
    sleep( 1 );
}
switch ( $_GET['step'] )
{
case "1" :
    loadcache( $pname."_drk_developer" );
    if ( !$_G['cache'][$pname."_drk_developer"] )
    {
        haoteam_validator( $pname.".plugin", 0, array( "check", "install", "upgrade", "vars.func" ) );
        haoteam_check( "http://www.51piaobo.com/", $cert, array( "check", "install", "upgrade", "vars.func" ) );
    }
    cpmsg( unie( "检测环境完成,载入团队数据表……" ), "{$insurl}&step=2", "loading" );
    break;
case "2" :
    if ( $sql1 )
    {
        runquery( $sql1 );
    }
    cpmsg( unie( "载入好团队数据完成,导入语言包……" ), "{$insurl}&step=3", "loading" );
    break;
case "3" :
    if ( $sql2 )
    {
        runquery( $sql2 );
        foreach ( $pluginarray['language'] as $key => $languages )
        {
            foreach ( $languages as $k => $langs )
            {
                $data['pluginname'] = $pname;
                $data['system'] = 0;
                $data['variable'] = $k;
                $data['value'] = $langs;
                $data['module'] = $key;
                C::t( "#".$pname."#haoteam_lang" )->insert( $data );
            }
        }
        unset( $data );
    }
    cpmsg( unie( "导入语言包完成……" ), "{$insurl}&step=4", "loading" );
    break;
case "4" :
    foreach ( $table_all as $table )
    {
        if ( !check_table_is_exist( $table ) )
        {
            $table_tmp = str_ireplace( $_G['config']['db'][1]['tablepre'], "", $table );
            $tmp = explode( "_", $table );
            if ( $_G['config']['db'][1]['tablepre'] == $tmp[0] )
            {
                $table_tmp = $tmp[0].$table_tmp;
            }
            require_once( $folder."/install/install_".$table_tmp.".php" );
            if ( $piaobo_install )
            {
                @unlink( $folder."/install/install_".$table_tmp.".php" );
            }
        }
    }
    savecache( $pname."_tables", $table_all );
    foreach ( $pluginarray['haoteamvars'] as $vars )
    {
        $data = array(
            "pluginid" => $pluginid
        );
        foreach ( $vars as $key => $val )
        {
            $data[$key] = $val;
        }
        C::t( "#".$pname."#haoteam_vars" )->insert( $data );
    }
    cpmsg( unie( "导入应用数据表完成..." ), "{$insurl}&step=5", "loading" );
    break;
case "5" :
    C::t( "common_plugin" )->update( $pluginid, array( "available" => "1" ) );
    updatecache( array( "plugin", "setting", "styles" ) );
    cleartemplatecache( );
    updatemenu( "plugin" );
    cpmsg( unie( "清理缓存……" ), "{$insurl}&step=6", "loading" );
    break;
case "6" :
    if ( file_exists( $folder."/install/install_import.php" ) )
    {
        require_once( $folder."/install/install_import.php" );
    }
    cpmsg( unie( "数据导入及临时文件创建" ), "{$insurl}&step=7", "loading" );
    break;
case "7" :
    $file_exists = $folder."/install/install_wsq.php";
    if ( file_exists( $file_exists ) )
    {
        cpmsg( unie( "是否启用微社区模块(不影响传统论坛功能)" ), "{$insurl}&step=8", "form", array( ), "", TRUE, ADMINSCRIPT.( "?".$insurl."&step=9" ) );
    }
    else
    {
        cpmsg( unie( "数据导入及临时文件创建" ), "{$insurl}&step=9", "loading" );
    }
    break;
case "8" :
    require_once( $folder."/install/install_wsq.php" );
    cpmsg( unie( "数据导入及临时文件创建" ), "{$insurl}&step=10", "loading" );
    break;
case "9" :
    $finish = TRUE;
    break;
default :
    cpmsg( unie( "开始安装前的准备,检测环境..." ), "{$insurl}&step=1", "loading" );
}
?>


站长窝论坛版权声明 1、本帖标题:求站长窝官方分析[好团队]附件收益 20141010(PHP≤5.2)
2、论坛网址:站长窝论坛
3、站长窝论坛的资源部分来源于网络,如有侵权,请联系站长进行删除处理。
4、会员发帖仅代表会员个人观点,并不代表本站赞同其观点和对其真实性负责。
5、站长窝论坛一律禁止以任何方式发布或转载任何违法的相关信息,访客发现请向站长举报
6、本帖由落尽。在站长窝论坛《程序综合区》版块原创发布, 转载请注明出处!
收藏的用户(0 X
正在加载信息~
上一篇:保存
下一篇:DZ学习研究交流的1314SEO内链关键字 V3.4.0高级版哪里有?
评论
最新回复 (0)
  • 山东社区S 一级用户组
    引用 2
    确实不错,眼前一亮的好文













    第五代QQ机器人QQ群机器人论坛QQ机器人智能客服机器人QQplus机器人QQ群互联机器人..联系QQ8000-501-45 QQ群59495921
    2014/10/13 09:47:12 只看Ta 回复
返回
发新帖
作者最近主题
相关贴子