7
回答
服务器经常被挂马,请教一个php安全问题
【腾讯云】学生服务器套餐10元/月 >>>   

我的网站最近经常被挂马,查了好几天也没查出问题所在,现在怀疑一个QQ空间音乐查询程序有问题,但我是菜鸟,不懂的这些语句是不是会被利用,下面是我的查询脚本,请大家帮忙看下,谢谢。

<?
error_reporting(0);
header('Content-Type: text/html; charset=gbk');
function openu($url)
{
$url = eregi_replace('^http://', '', $url);
$temp = explode('/', $url);
$host = array_shift($temp);
$path = '/'.implode('/', $temp);
$temp = explode(':', $host);
$host = $temp[0];
$port = isset($temp[1]) ? $temp[1] : 80;

$fp = @fsockopen($host, $port, &$errno, &$errstr, 30);
if ($fp)
{
@fputs($fp, "GET $path HTTP/1.1\r\n");
@fputs($fp, "Host: $host\r\n");
@fputs($fp, "Accept: */*\r\n");
@fputs($fp, "Referer: http://$host/\r\n");
@fputs($fp, "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)\r\n");
@fputs($fp, "Connection: Close\r\n\r\n");
}

$Content = '';
while ($str = @fread($fp, 4096))
$Content .= $str;
@fclose($fp);

return $Content;
}
  
function arrContentReplact($array)    
{    
        if(is_array($array))    
        {    
                foreach($array as $k => $v)    
                {    
                $array[$k] = arrContentReplact($array[$k]);    
                }    
        }else   
        {    
                $array = str_replace(array('<![CDATA[', ']]>'), array('', ''), $array);
        }    
        return $array;    
} 
if($_GET['act']=='seek'){
$qqurl='http://qzone-music.qq.com/fcg-bin/fcgi_agent_zhenghe.fcg?UIN='.$_POST['qq'].'&TYPE=16&PAGE_START=1&PAGE_END=10000&SELECT_FLAG=1';
$data=openu($qqurl);
preg_match_all("/<xsinger_name>(.*?)<\/xsinger_name>/is",$data,$singer_name);
preg_match_all("/<xsong_name>(.*?)<\/xsong_name>/is",$data,$song_name);
preg_match_all("/<xsong_url>(.*?)<\/xsong_url>/is",$data,$song_url);
preg_match_all("/<xmusicnum>(.*?)<\/xmusicnum>/is",$data,$song_num);
}
?> 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
		<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
		<title>QQ空间背景音乐查询工具_本站</title>
		<link rel="stylesheet" type="text/css" href="/css/base.css" />
		<link rel="stylesheet" type="text/css" href="/css/music.css" />
		<!--[if lte IE 6]>
		<script type="text/javascript" src="/js/Png.js"></script>
		<script>
		DD_belatedPNG.fix('.png_bg,.png_bg a:hover');
		DD_belatedPNG.fix('.hover,.hover a:hover');
		DD_belatedPNG.fix('.nav li,.nav li a:hover');
		</script>
		<![endif]-->
	    <style type="text/css">
<!--
.STYLE1 {color: #FF0000}
-->
        </style>
</head>
	
	<body>
		<div class="head">
			<h1><img src="/images/query/logo.gif" alt="本站" class="png_bg" />本站</h1>
			<div>本站,为您打造专业优质的QQ素材分享平台! <a href="#" class="cRed">收藏本站</a></div>
			<form action="/plus/search.php" name="formsearch" >
			<input type="hidden" name="kwtype" value="0" />
		    <input name="keyword" type="text" maxLength="50" id="search-keyword" class="ipt_txt1" onfocus="if(value=='搜的一下 你就知道') {value=''}" onblur="if(value=='') {value='搜的一下 你就知道'}" value="搜的一下 你就知道" />
		<input type="Submit" id="Submit" value="搜索" class="btn" onclick="if(document.getElementById('search-keyword').value == '搜的一下 你就知道'){ alert('搜的一下 你就知道');return false;}">
			</form>
		</div>
		<ul class="nav">
<li class="first"><a href="/" class="hover" target="_blank">首页</a></li>
<li><a href="/qzone/DongDong/" target="_blank">空间素材</a></li>
<li><a href="/haokan/" target="_blank">非主流图片</a></li>
<li><a href="/rizhi/" target="_blank">空间日志</a></li>
<li><a href="/Gexing/Qian/" target="_blank">QQ个性签名</a></li>
<li><a href="/qqfenzu/" target="_blank">QQ分组</a></li>
<li><a href="/Gexing/Name/" target="_blank">QQ网名</a></li>
<li><a href="/zt/haoyouyinxiang/" target="_blank">好友印象</a></li>
<li><a href="/qqtouxiang/" target="_blank">QQ头像</a></li>
<li><a href="/qqtouxiang/nansheng/" target="_blank">男生头像</a></li>
<li><a href="/qqtouxiang/nvsheng/" target="_blank">女生头像</a></li>
<li><a href="/plus/guestbook.php" target="_blank">唠叨两句</a></li>
		</ul>
		<div class="bgMusic">
			<div class="musicSearch">
				<label>输入QQ号</label>
				<form method="POST" action="?act=seek" method="POST">
				<input type="text" class="iptTxt" name="qq" value="" /><input type="submit" class="iptBtn" value="查询空间背景音乐" />
				</form>
			</div>
			<div class="subMain">
				<div class="currentSite">您现在所的位置: <a href="#">本站</a> - <a href="#">QQ音乐</a> - 搜索</div>
				<div class="sub_lft">
					<div><img src="/images/query/music_img2.jpg" alt="查询专区 - 查询QQ空间背景音乐" /></div>
					<ul class="musicList">
						<li class="topLine">
							<span class="col1"><strong>歌曲名</strong></span>
							<span class="col2"><strong>音乐地址</strong></span>
							<span class="col3"><strong>试听</strong></span>
						</li>

<?php
$singerarr=arrContentReplact($singer_name[1]);
$songarr=arrContentReplact($song_name[1]);
$urlarr=arrContentReplact($song_url[1]);

for($i=0;$i<$song_num[1][0];$i++){
$singer=$singerarr[$i];
$song=$songarr[$i];
$url=$urlarr[$i];

echo'<li>
                
                <span class="col1">'.$song.'</span>
                <span class="col2">'.$url.'</span>
				<span class="col3"><embed class="Play" src="/music/audio.swf?&amp;soundFile='.$url.'&amp;playerID=76893&amp;loader=0x9FFFB8&amp;loop=yes&amp;autostart=no" type="application/x-shockwave-flash" id="audioplayer76893"></embed></span>
        </li>';
        		
}
?>


					</ul>
					<div class="musicDes">
						<div><strong>查询说明:</strong></div>
						<div>1:本页面可查询所有用户的QQ空间背景音乐,并可进行在线视听。</div>
						<div>2:查询连接包含(<span class="STYLE1">qqmusic.qq.com</span>)的绿钻用户音乐,不能在线视听与下载,腾讯已添加防盗链机制。</div>
						<div>3:如需下载背景音乐,复制连接后使用迅雷或者其他工具即可进行下载!</div>
					</div>
				</div>
				<div class="sub_rgt">
					<ul class="adTxt ad_col">
						<li>
<script type="text/javascript">/*250*250,创建于2011-7-25_lanmu*/ var cpro_id = 'u552603';</script><script src="http://cpro.baidu.com/cpro/ui/c.js" type="text/javascript"></script>
						</li>
					</ul>
					<div class="box mt10">
						<div class="titleBar">
							<div class="titleName">本周推荐</div>
						</div>
						<ul class="newsList news_num">
							<li><i>1</i><span class="lft"><b>[中文]</b><a href="#">《小热恋》</a></span><span class="rgt"><a href="#">周小曼</a> <a href="#">夏康勇</a></span></li>
							<li><i>2</i><span class="lft"><b>[中文]</b><a href="#">《陪我去宇宙》</a></span><span class="rgt"><a href="#">郑国峰</a></span></li>
							<li><i>3</i><span class="lft"><b>[中文]</b><a href="#">《照常升起的橘色》</a></span><span class="rgt"><a href="#">艺淼</a></span></li>
							<li><i>4</i><span class="lft"><b>[英文]</b><a href="#">《请答应我的告白》</a></span><span class="rgt"><a href="#">郑国峰</a></span></li>
							<li><i>5</i><span class="lft"><b>[中文]</b><a href="#">《Dangerous》</a></span><span class="rgt"><a href="#">nJoy</a></span></li>
							<li><i>6</i><span class="lft"><b>[中文]</b><a href="#">《小热恋》</a></span><span class="rgt"><a href="#">周小曼</a> <a href="#">夏康勇</a></span></li>
							<li><i>7</i><span class="lft"><b>[中文]</b><a href="#">《陪我去宇宙》</a></span><span class="rgt"><a href="#">郑国峰</a></span></li>
							<li><i>8</i><span class="lft"><b>[中文]</b><a href="#">《照常升起的橘色》</a></span><span class="rgt"><a href="#">艺淼</a></span></li>
							<li><i>9</i><span class="lft"><b>[英文]</b><a href="#">《请答应我的告白》</a></span><span class="rgt"><a href="#">郑国峰</a></span></li>
							<li><i>10</i><span class="lft"><b>[中文]</b><a href="#">《Dangerous》</a></span><span class="rgt"><a href="#">nJoy</a></span></li>
						</ul>
					</div>
				</div>
			</div>
			<div class="footLink">
				<a href="#">关于我们</a> | <a href="#">联系我们</a> | <a href="#">版权声明</a> | <a href="#">本站历程</a> | <a href="#">友情链接</a> | <a href="#">网站地图</a>
			</div>
			<div class="footer">
				<div>本站为您提供最新的QQ个性签名,QQ空间留言代码,好看的QQ分组,时尚的个性头像,好听的网名等一系列QQ素材。</div>
				<div>如您有好的建议,欢迎您与我们联系,我们会认真听取您的意见,共同建设本站!</div>
			</div>
		</div>
	</body>
</html>

PHP
举报
飞鱼Love
发帖于7年前 7回/916阅
顶部