Headline
CVE-2020-18912: 微盾PHP脚本加密专家解密算法 - 独行客 - 博客园
An issue found in Earcms Ear App v.20181124 allows a remote attacker to execute arbitrary code via the uload/index-uplog.php.
<?php
/***********************************
*威盾PHP加密专家解密算法 By:Neeao
*http://Neeao.com
*2009-09-10
***********************************/
$filename="install.php";//要解密的文件
$lines = file($filename);//0,1,2行
//第一次base64解密
$content=""; if(preg_match("/O0O0000O0\('.*’\)/",$lines[1],$y))
{
$content=str_replace("O0O0000O0(‘","",$y[0]);
$content=str_replace("’)","",$content);
$content=base64_decode($content);
}
//第一次base64解密后的内容中查找密钥
$decode_key="";
if(preg_match("/\),’.*’,/",$content,$k))
{
$decode_key=str_replace("),’","",$k[0]);
$decode_key=str_replace("’,","",$decode_key);
}
//截取文件加密后的密文
$Secret=substr($lines[2],380);
//echo $Secret;
//直接还原密文输出
echo "<?php\n".base64_decode(strtr($Secret, $decode_key, ‘ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/’))."?>";
?>
转自:http://blog.163.com/huv520@126/blog/static/27765239200981301245391/