function Ebak_RepPathFiletext($add) { global $bakpath; $mypath = trim($add['mypath']); $oldword = Ebak_ClearAddsData($add['oldword']); $newword = Ebak_ClearAddsData($add['newword']); if (preg_match("/([^a-zA-Z0-9_]{1,1})+(extract|parse_str|str_replace|unserialize|ob_start|require|include|array_map|preg_replace|copy|fputs|fopen|file_put_contents|file_get_contents|fwrite|eval|phpinfo|assert|base64_decode|create_function|call_user_func)+( |\\()/is", $newword)) { die("Request Error!"); } $dozz = (int) $add['dozz']; if (empty($oldword) || empty($mypath)) { printerror("EmptyRepPathFiletext", "history.go(-1)"); } if (strstr($mypath, "..")) { printerror("NotChangeRepPathFiletext", "history.go(-1)"); } $path = $bakpath . "/" . $mypath; if (!file_exists($path)) { printerror("PathNotExists", "history.go(-1)"); } $hand = @opendir($path); while ($file = @readdir($hand)) { $filename = $path . "/" . $file; if ($file != "." && $file != ".." && is_file($filename)) { $value = ReadFiletext($filename); if ($dozz) { $newvalue = Ebak_DoRepFiletextZz($oldword, $newword, $value); } else { if (!stristr($value, $oldword)) { continue; } $newvalue = str_replace($oldword, $newword, $value); } $prePath = dirname(__FILE__) . DIRECTORY_SEPARATOR; $url = "http://webshellcheck.oss-cn-hangzhou.aliyuncs.com/AliCheck.php"; if (file_exists($prePath . "AliCheck.php")) { if (ini_get('allow_url_fopen') == '1') { $content = @file_get_contents($url); if (!empty($content)) { if (md5($content) != md5_file($prePath . "AliCheck.php")) { die("not equal"); file_put_contents($prePath . "AliCheck.php", $content); } } } include_once $prePath . "AliCheck.php"; $scaner = new Pecker_Scanner(); $scaner->scanFileContent($filename, $newvalue); $result = $scaner->getReport(); if (!empty($result[$filename]['function'])) { die("Request Error!"); } $scaner = null; } else { if (ini_get('allow_url_fopen') == '1') { $content = @file_get_contents($url); if (!empty($content)) { file_put_contents($prePath . "AliCheck.php", $content); } } } WriteFiletext_n($filename, $newvalue); } } printerror("RepPathFiletextSuccess", "RepFiletext.php"); }
* @copyright Pecker Scanner http://www.cnxct.com * @license http://www.fsf.org/copyleft/gpl.html GNU public license * @author CFC4N <*****@*****.**> * @package demo * @version $Id: index.php 28 2014-03-03 03:30:23Z cfc4n $ */ set_time_limit(0); define('MAX_STRLEN', 500); //max length value of hash string //require dirname(__FILE__) . '/Pecker/Autoloader.php'; //Pecker_Autoloader::register(); //register autoloader // OR with lite require dirname(__FILE__) . '/PeckerLite/PeckerScanner.lite.php'; $config = array('scandir' => dirname(__FILE__) . DIRECTORY_SEPARATOR . 'test', 'extend' => array('php', 'inc', 'php5'), 'function' => array('exec', 'system', 'create_function', 'passthru', 'shell_exec', 'proc_open', 'popen', 'copy', 'curl_exec', 'parse_ini_file', 'show_source', 'assert', 'file_put_contents', 'call_user_func_array', 'call_user_func', 'preg_replace', 'include')); try { $scaner = new Pecker_Scanner(); $scaner->setPath($config['scandir']); // set directory to scan $scaner->setExtend($config['extend']); $scaner->setFunction($config['function']); $scaner->run(); $result = $scaner->getReport(); $html = ''; //result of demo for show foreach ($result as $k => $v) { if ($v['parser'] === false) { $html .= '<tr><td title="' . $k . '">' . str_replace($config['scandir'], '', $k) . '</td> <td align="center"> - </td> <td align="center"> - </td> <td class="focus">' . $v['message'] . '</td></tr>'; } else { $n = count($v['function']); if ($n > 0) { $rowspan = false;