func('file'); $path = IA_ROOT; $trees = file_tree($path); $bomtree = array(); foreach($trees as $tree) { $tree = str_replace($path, '', $tree); $tree = str_replace('\\', '/', $tree); if(strexists($tree, '.php')) { $fname = $path . $tree; $fp = fopen($fname, 'r'); if(!empty($fp)) { $bom = fread($fp, 3); fclose($fp); if($bom == "\xEF\xBB\xBF") { $bomtree[] = $tree; } } } } cache_write('bomtree', $bomtree); } if (checksubmit('dispose')) { $trees = cache_load('bomtree'); $path = IA_ROOT; foreach($trees as $tree) { $fname = $path . $tree; $string = file_get_contents($fname); $string = substr($string, 3); file_put_contents($fname, $string); fclose($fp); } cache_delete('bomtree'); } template('system/bom'); } if($do == 'scan') { $op = trim($_GPC['op']) ? trim($_GPC['op']) : 'post'; if($op == 'post') { $config = iunserializer(cache_read('scan:config')); $list = glob(IA_ROOT.'/*', GLOB_NOSORT); $ignore = array(); foreach($list as $key => $li) { if(in_array(basename($li), $ignore)) { unset($list[$key]); } } $safe = array ( 'file_type' => 'php|js', 'code' => 'weidongli|sinaapp|safedog', 'func' => 'com|system|exec|eval|escapeshell|cmd|passthru|base64_decode|gzuncompress', 'dir' => '', ); if(checksubmit('submit')) { if(empty($_GPC['dir'])) { message('请选择要扫描的目录', referer(), 'success'); } foreach($_GPC['dir'] as $k => $v) { if(in_array(basename($v), $ignore)) { unset($_GPC['dir'][$k]); } } $info['file_type'] = 'php|js'; $info['func'] = trim($_GPC['func']) ? trim($_GPC['func']) : 'com|system|exec|eval|escapeshell|cmd|passthru|base64_decode|gzuncompress'; $info['code'] = trim($_GPC['code']) ? trim($_GPC['code']) : 'weidongli|sinaapp'; $info['md5_file'] = trim($_GPC['md5_file']); $info['dir'] = $_GPC['dir']; cache_delete('scan:config'); cache_delete('scan:file'); cache_delete('scan:badfile'); cache_write('scan:config', iserializer($info)); message("配置保存完成，开始文件统计。。。", url('system/tools/scan', array('op' => 'count')), 'success'); } } if($op == 'count') { load()->func('file'); set_time_limit(0); $files = array(); $config = iunserializer(cache_read('scan:config')); if(empty($config)) { message('获取扫描配置失败', url('system/tools/scan'), 'error'); } $config['file_type'] = explode('|', $config['file_type']); $list_arr = array(); foreach($config['dir'] as $v) { if(is_dir($v)) { if(!empty($config['file_type'])) { foreach ($config['file_type'] as $k) { $list_arr = array_merge($list_arr, file_lists($v . '/', 1, $k, 0, 1, 1)); } } } else { $list_arr = array_merge($list_arr, array(str_replace(IA_ROOT . '/', '', $v) => md5_file($v))); } } unset($list_arr['data/config.php']); $list_arr = iserializer($list_arr); cache_write('scan:file', $list_arr); message("文件统计完成，进行特征函数过滤。。。", url('system/tools/scan', array('op' => 'filter_func')), 'success'); } if($op == 'filter_func') { @set_time_limit(0); $config = iunserializer(cache_read('scan:config')); $file = iunserializer(cache_read('scan:file')); if (isset($config['func']) && !empty($config['func'])) { foreach ($file as $key => $val) { $html = file_get_contents(IA_ROOT . '/' . $key); if(stristr($key, '.php.') != false || preg_match_all('/[^a-z]?('.$config['func'].')\s*\(/i', $html, $state, PREG_SET_ORDER)) { $badfiles[$key]['func'] = $state; } } } if(!isset($badfiles)) $badfiles = array(); cache_write('scan:badfile', iserializer($badfiles)); message("特征函数过滤完成，进行特征代码过滤。。。", url('system/tools/scan', array('op' => 'filter_code')), 'success'); } if($op == 'filter_code') { @set_time_limit(0); $config = iunserializer(cache_read('scan:config')); $file = iunserializer(cache_read('scan:file')); $badfiles = unserialize(cache_read('scan:badfile')); if (isset($config['code']) && !empty($config['code'])) { foreach ($file as $key => $val) { if(!empty($config['code'])) { $html = file_get_contents(IA_ROOT . '/' . $key); if(stristr($key, '.php.') != false || preg_match_all('/[^a-z]?('.$config['code'].')/i', $html, $state, PREG_SET_ORDER)) { $badfiles[$key]['code'] = $state; } } if(strtolower(substr($key, -4)) == '.php' && function_exists('zend_loader_file_encoded') && zend_loader_file_encoded(IA_ROOT . '/' . $key)) { $badfiles[$key]['zend'] = 'zend encoded'; } $html = ''; } } cache_write('scan:badfile', iserializer($badfiles)); message("特征代码过滤完成，进行加密文件过滤。。。", url('system/tools/scan', array('op' => 'encode')), 'success'); } if($op == 'encode') { @set_time_limit(0); $file = iunserializer(cache_read('scan:file')); $badfiles = iunserializer(cache_read('scan:badfile')); foreach ($file as $key => $val) { if(strtolower(substr($key, -4)) == '.php') { $html = file_get_contents(IA_ROOT . '/' . $key); $token = token_get_all($html); $html = ''; foreach($token as $to) { if(is_array($to) && $to[0] == T_VARIABLE) { $pre = preg_match("/([".chr(0xb0)."-".chr(0xf7)."])+/", $to[1]); if(!empty($pre)) { $badfiles[$key]['danger'] = 'danger'; break; } } } } } cache_write('scan:badfile', iserializer($badfiles)); message("扫描完成。。。", url('system/tools/scan', array('op' => 'display')), 'success'); } if($op == 'display') { $badfiles = iunserializer(cache_read('scan:badfile')); if(empty($badfiles)) { message('没有找到扫描结果，请重新扫描', url('system/tools/scan'), 'error'); } unset($badfiles['data/config.php']); foreach($badfiles as $k => &$v) { $v['func_count'] = 0; if(isset($v['func'])) { $v['func_count'] = count($v['func']); foreach ($v['func'] as $k1 => $v1) { $d[$k1] = strtolower($v1[1]); } $d = array_unique($d); $v['func_str'] = implode(', ', $d); } $v['code_count'] = 0; if(isset($v['code'])) { $v['code_count'] = count($v['code']); foreach ($v['code'] as $k2 => $v2) { $d1[$k2] = strtolower($v2[1]); } $d1 = array_unique($d1); $v['code_str'] = implode(', ', $d1); } } } if($op == 'view') { $file = authcode(trim($_GPC['file'], 'DECODE')); $file_tmp = $file; if(empty($file) || strexists($file, './') || strexists($file, '../') || $file == 'data/config.php') { message('文件不存在', referer(), 'error'); } $file_arr = explode('/', $file); $ignore = array('payment'); if(is_array($file_arr) && in_array($file_arr[0], $ignore)) { message('系统不允许查看当前文件', referer(), 'error'); } $file = IA_ROOT . '/' . $file; if(!is_file($file)) { message('文件不存在', referer(), 'error'); } $badfiles = iunserializer(cache_read('scan:badfile')); $info = $badfiles[$file_tmp]; unset($badfiles); if(!empty($info)) { $info['func_count'] = 0; if(isset($info['func'])) { $info['func_count'] = count($info['func']); foreach ($info['func'] as $k1 => $v1) { $d[$k1] = strtolower($v1[1]); } $d = array_unique($d); $info['func_str'] = implode(', ', $d); } $info['code_count'] = 0; if(isset($info['code'])) { $info['code_count'] = count($info['code']); foreach ($info['code'] as $k2 => $v2) { $d1[$k2] = strtolower($v2[1]); } $d1 = array_unique($d1); $info['code_str'] = implode(', ', $d1); } } $data = file_get_contents($file); } template('system/scan'); }