PHP 批量替换敏感字符串代码

demo

<?php
header(“content-type:text/html;charset=utf8”);

require(“StrFilter.class.php”);

$white = array(‘屌丝’, ‘曹操’);
$black = array(‘屌’, ‘操’);

$content = “我操,曹操你是屌丝,我屌你啊”;

$obj = new StrFilter($white, $black);
echo $obj->replace($content);
?>

Read More →

先来说一下这个问题:如何验证密码的安全级别。例如:小于6个字符的密码不许保存,当字符数大于等于6的时候,如果含有数字、小写字母、大写字母、特殊字符中的一种时为低安全级别,含有两种或三种的时候为中安全级别,含有四种的时候为高安全界别。

接下来我用两种方法去实现这个问题:

第一种方法:遍历password字符串中所有的字符,根据字符的ASCII 码判断字符串中都有哪几种字符,并且用一个数组的不同位表示是否含有某种字符。

Read More →

1.特色的
© &copy; &#169; 版权标志
|   &#124; 竖线,常用作菜单或导航中的分隔符
· &middot; &#183; 圆点,有时被用来作为菜单分隔符
&uarr; &#8593; 上箭头,常用作网页“返回页面顶部”标识
&euro; &#8364; 欧元标识
² &sup2; &#178; 上标2,数学中的平方,在数字处理中常用到,例如:1000²
½ &frac12; &#189; 二分之一
&hearts; &#9829; 心型,用来表达你的心
2常用的
  &nbsp; &#160; 空格
& &amp; &#38; and符号,与
&quot; &#34; 引号
© &copy; &#169; 版权标志
® &reg; &#187; 注册标志
&trade; &#153; 商标标志
&ldquo; &#147; 左双引号
&rdquo; &#148; 右双引号
&lsquo; &#145; 做单引号
&rsquo; &#146; 右单引号
« &laquo; &#171; 左三角双引号
» &raquo; &#187; 右三角双引号
&lsaquo; &#8249; 左三角单引号
&rsaquo; &#8250; 右三角单引号
§ &sect; &#167; 章节标志
&para; &#182; 段落标志
&bull; &#149; 列表圆点(大)
· &middot; &#183; 列表圆点(中)
&hellip; &#8230; 省略号
|   &#124; 竖线
¦ &brvbar; &#166; 断的竖线
&ndash; &#150; 短破折号
&mdash; &#151; 长破折号
3.货币类
¤ &curren; &#164; 一般货币符号
$   &#36; 美元符号
¢ &cent; &#162;
£ &pound; &#163; 英镑
¥ &yen; &#165; 日元
&euro; &#8364; 欧元
4 数学类
< &lt; &#60; 小于号
> &gt; &#62; 大于号
&le; &#8804; 小于等于号
&ge; &#8805; 大于等于号
× &times; &#215; 乘号
÷ &divide; &#247; 除号
&minus; &#8722; 减号
± &plusmn; &#177; 加/减 号
&ne; &#8800; 不等于号
¹ &sup1; &#185; 上标1
² &sup2; &#178; 上标2
³ &sup3; &#179; 上标3
½ &frac12; &#189; 二分之一
¼ &frac14; &#188; 四分之一
¾ &frac34; &#190; 四分之三
&permil; &#8240; 千分率
° &deg; &#176;
&radic; &#8730; 平方根
&infin; &#8734; 无限大
5.方向类
&larr; &#8592; 左箭头
&uarr; &#8593; 上箭头
&rarr; &#8594; 右箭头
&darr; &#8595; 下箭头
&harr; &#8596; 左右箭头
&crarr; &#8629; 回车箭头
&lceil; &#8968; 左上限
&rceil; &#8969; 右上限
&lfloor; &#8970; 左下限
&rfloor; &#8971; 右下限
其它
&spades; &#9824; 黑桃
&clubs; &#9827; 梅花
&hearts; &#9829; 红桃,心
&diams; &#9830; 方块牌
&loz; &#9674; 菱形
&dagger; &#8224; 匕首
&Dagger; &#8225; 双剑号
¡ &iexcl; &#161; 反向感叹号
¿ &iquest; &#191; 反向问号

网站服务器难免会出现,漏洞被挂马、挂黑链,下面我们就来给各位整理利用find命令来快速找出问题的文件出来。

find wwwroot/* -type f -name “*.php” |xargs grep “eval(” > wwwroot/eval.txt
find wwwroot/* -type f -name “*.php” |xargs grep “udp:” > wwwroot/udp.txt
find wwwroot/* -type f -name “*.php” |xargs grep “tcp:” > wwwroot/tcp.txt
网上流行在用的特征码是:(PS:不过一定有遗留)

后门特征->cha88.cn
后门特征->c99shell
后门特征->phpspy
后门特征->Scanners
后门特征->cmd.php
后门特征->str_rot13
后门特征->webshell
后门特征->EgY_SpIdEr
后门特征->tools88.com
后门特征->SECFORCE
后门特征->eval(“?>

可疑代码特征->system(
可疑代码特征->passthru(
可疑代码特征->shell_exec(
可疑代码特征->exec(
可疑代码特征->popen(
可疑代码特征->proc_open
可疑代码特征->eval($
可疑代码特征->assert($
危险MYSQL代码->returns string soname
危险MYSQL代码->into outfile
危险MYSQL代码->load_file
加密后门特征->eval(gzinflate(
加密后门特征->eval(base64_decode(
加密后门特征->eval(gzuncompress(
加密后门特征->gzuncompress(base64_decode(
加密后门特征->base64_decode(gzuncompress(
一句话后门特征->eval($_
一句话后门特征->assert($_
一句话后门特征->require($_
一句话后门特征->require_once($_
一句话后门特征->include($_
一句话后门特征->include_once($_
一句话后门特征->call_user_func(“assert”
一句话后门特征->call_user_func($_
一句话后门特征->$_POST/GET/REQUEST/COOKIE[?]($_POST/GET/REQUEST/COOKIE[?]
一句话后门特征->echo(file_get_contents($_POST/GET/REQUEST/COOKIE
上传后门特征->file_put_contents($_POST/GET/REQUEST/COOKIE,$_POST/GET/REQUEST/COOKIE
上传后门特征->fputs(fopen(“?”,”w”),$_POST/GET/REQUEST/COOKIE[
.htaccess插马特征->SetHandler application/x-httpd-php
.htaccess插马特征->php_value auto_prepend_file
.htaccess插马特征->php_value auto_append_file

下面收集了大部分文件的扩展名和相应的MIME对应,有需要的可以在列表中找到并添加。

.asx,video/x-ms-asf
.xml,text/xml
.tsv,text/tab-separated-values
.ra,audio/x-pn-realaudio
.sv4crc,application/x-sv4crc
.spc,application/x-pkcs7-certificates
.pmc,application/x-perfmon
.lit,application/x-ms-reader
.crd,application/x-mscardfile
.isp,application/x-internet-signup
.wmlsc,application/vnd.wap.wmlscriptc
.vst,application/vnd.visio
.xlam,application/vnd.ms-excel.addin.macroEnabled.12
.ttf,application/octet-stream
.pfm,application/octet-stream
.csv,application/octet-stream
.aaf,application/octet-stream
.one,application/onenote
.hta,application/hta
.atom,application/atom+xml
.323,text/h323
.mhtml,message/rfc822
.midi,audio/mid
.p7r,application/x-pkcs7-certreqresp
.mny,application/x-msmoney
.clp,application/x-msclip
.vsd,application/vnd.visio
.lpk,application/octet-stream
.bin,application/octet-stream
.onetoc,application/onenote
.x,application/directx
.wvx,video/x-ms-wvx
.vcf,text/x-vcard
.htc,text/x-component
.htt,text/webviewhtml
.h,text/plain
.mht,message/rfc822
.mid,audio/mid
.p7b,application/x-pkcs7-certificates
.gz,application/x-gzip
.dvi,application/x-dvi
.cpio,application/x-cpio
.vdx,application/vnd.ms-visio.viewer
.sldm,application/vnd.ms-powerpoint.slide.macroEnabled.12
.xlm,application/vnd.ms-excel
.fdf,application/vnd.fdf
.setreg,application/set-registration-initiation
.eps,application/postscript
.p7s,application/pkcs7-signature
.toc,application/octet-stream
.mdp,application/octet-stream
.ics,application/octet-stream
.chm,application/octet-stream
.asi,application/octet-stream
.afm,application/octet-stream
.evy,application/envoy
.wmp,video/x-ms-wmp
.qt,video/quicktime
.mpv2,video/mpeg
.xslt,text/xml
.etx,text/x-setext
.cod,image/cis-cod
.snd,audio/basic
.au,audio/basic
.man,application/x-troff-man
.qtl,application/x-quicktimeplayer
.pmw,application/x-perfmon
.class,application/x-java-applet
.iii,application/x-iphone
.csh,application/x-csh
.z,application/x-compress
.vtx,application/vnd.visio
.vsw,application/vnd.visio
.wps,application/vnd.ms-works
.potx,application/vnd.openxmlformats-officedocument.presentationml.template
.ps,application/postscript
.p7c,application/pkcs7-mime
.thn,application/octet-stream
.mso,application/octet-stream
.dot,application/msword
.doc,application/msword
.sgml,text/sgml
.nws,message/rfc822
.pbm,image/x-portable-bitmap
.ief,image/ief
.wav,audio/wav
.texi,application/x-texinfo
.mvb,application/x-msmediaview
.hdf,application/x-hdf
.vsx,application/vnd.visio
.dotm,application/vnd.ms-word.template.macroEnabled.12
.docm,application/vnd.ms-word.document.macroEnabled.12
.pptx,application/vnd.openxmlformats-officedocument.presentationml.presentation
.psm,application/octet-stream
.java,application/octet-stream
.eot,application/octet-stream
.jar,application/java-archive
.mpeg,video/mpeg
.xsf,text/xml
.map,text/plain
.uls,text/iuls
.rf,image/vnd.rn-realflash
.m3u,audio/x-mpegurl
.wma,audio/x-ms-wma
.aifc,audio/aiff
.mdb,application/x-msaccess
.mvc,application/x-miva-compiled
.stl,application/vnd.ms-pki.stl
.ppsx,application/vnd.openxmlformats-officedocument.presentationml.slideshow
.xlsb,application/vnd.ms-excel.sheet.binary.macroEnabled.12
.setpay,application/set-payment-initiation
.prm,application/octet-stream
.mix,application/octet-stream
.lzh,application/octet-stream
.hhk,application/octet-stream
.onepkg,application/onenote
.xaf,x-world/x-vrml
.flr,x-world/x-vrml
.IVF,video/x-ivf
.cnf,text/plain
.asm,text/plain
.tiff,image/tiff
.wax,audio/x-ms-wax
.ms,application/x-troff-ms
.tcl,application/x-tcl
.shar,application/x-shar
.sh,application/x-sh
.nc,application/x-netcdf
.hlp,application/winhlp
.oda,application/oda
.pfb,application/octet-stream
.fla,application/octet-stream
.wm,video/x-ms-wm
.rgb,image/x-rgb
.ppm,image/x-portable-pixmap
.ram,audio/x-pn-realaudio
.sit,application/x-stuffit
.dir,application/x-director
.mpp,application/vnd.ms-project
.xla,application/vnd.ms-excel
.ssm,application/streamingmedia
.axs,application/olescript
.ods,application/oleobject
.psp,application/octet-stream
.jpb,application/octet-stream
.wrz,x-world/x-vrml
.m1v,video/mpeg
.mno,text/xml
.cmx,image/x-cmx
.jpeg,image/jpeg
.dib,image/bmp
.rmi,audio/mid
.aiff,audio/aiff
.wmd,application/x-ms-wmd
.wri,application/x-mswrite
.pub,application/x-mspublisher
.ins,application/x-internet-signup
.wks,application/vnd.ms-works
.xls,application/vnd.ms-excel
.ai,application/postscript
.crl,application/pkix-crl
.qxd,application/octet-stream
.dwp,application/octet-stream
.xof,x-world/x-vrml
.wmv,video/x-ms-wmv
.nsc,video/x-ms-asf
.mpa,video/mpeg
.pnm,image/x-portable-anymap
.rpm,audio/x-pn-realaudio-plugin
.aif,audio/x-aiff
.me,application/x-troff-me
.pml,application/x-perfmon
.trm,application/x-msterminal
.m13,application/x-msmediaview
.js,application/x-javascript
.dxr,application/x-director
.potm,application/vnd.ms-powerpoint.template.macroEnabled.12
.xltx,application/vnd.openxmlformats-officedocument.spreadsheetml.template
.xlt,application/vnd.ms-excel
.xlc,application/vnd.ms-excel
.p10,application/pkcs10
.smi,application/octet-stream
.sea,application/octet-stream
.hqx,application/mac-binhex40
.spl,application/futuresplash
.movie,video/x-sgi-movie
.lsf,video/x-la-asf
.txt,text/plain
.jfif,image/pjpeg
.jpe,image/jpeg
.zip,application/x-zip-compressed
.wmf,application/x-msmetafile
.m14,application/x-msmediaview
.latex,application/x-latex
.wcm,application/vnd.ms-works
.pptm,application/vnd.ms-powerpoint.presentation.macroEnabled.12
.xlsx,application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
.hhp,application/octet-stream
.aca,application/octet-stream
.accdb,application/msaccess
.jcz,application/liquidmotion
.wrl,x-world/x-vrml
.wmx,video/x-ms-wmx
.asr,video/x-ms-asf
.lsx,video/x-la-asf
.xsl,text/xml
.html,text/html
.tif,image/tiff
.der,application/x-x509-ca-cert
.pfx,application/x-pkcs12
.p12,application/x-pkcs12
.ppsm,application/vnd.ms-powerpoint.slideshow.macroEnabled.12
.cur,application/octet-stream
.accdt,application/msaccess
.hdml,text/x-hdml
.htm,text/html
.xbm,image/x-xbitmap
.jpg,image/jpeg
.texinfo,application/x-texinfo
.ppam,application/vnd.ms-powerpoint.addin.macroEnabled.12
.xlw,application/vnd.ms-excel
.rm,application/vnd.rn-realmedia
.pdf,application/pdf
.rar,application/octet-stream
.psd,application/octet-stream
.inf,application/octet-stream
.emz,application/octet-stream
.dsp,application/octet-stream
.onea,application/onenote
.jck,application/liquidmotion
.mpe,video/mpeg
.mp2,video/mpeg
.sct,text/scriptlet
.ras,image/x-cmu-raster
.swf,application/x-shockwave-flash

.FLV,flv-application/octet-stream(站点中的flash没法播放加上这个就行了)
.wmz,application/x-ms-wmz
.gtar,application/x-gtar
.dcr,application/x-director
.sldx,application/vnd.openxmlformats-officedocument.presentationml.slide
.pps,application/vnd.ms-pps
.p7m,application/pkcs7-mime
.xsn,application/octet-stream
.ocx,application/octet-stream
.accde,application/msaccess
.mov,video/quicktime
.wmls,text/vnd.wap.wmlscript
.cpp,text/plain
.c,text/plain
.bas,text/plain
.css,text/css
.art,image/x-jg
.mp3,audio/mpeg
.t,application/x-troff
.roff,application/x-troff
.tar,application/x-tar
.hhc,application/x-oleobject
.scd,application/x-msschedule
.pko,application/vnd.ms-pki.pko
.sst,application/vnd.ms-pki.certstore
.ppt,application/vnd.ms-powerpoint
.xtp,application/octet-stream
.u32,application/octet-stream
.pcx,application/octet-stream
.msi,application/octet-stream
.exe,application/octet-stream
.asd,application/octet-stream
.onetoc2,application/onenote
.fif,application/fractals
.mpg,video/mpeg
.vml,text/xml
.xdr,text/plain
.vcs,text/plain
.hxt,text/html
.eml,message/rfc822
.xpm,image/x-xpixmap
.ico,image/x-icon
.gif,image/gif
.dwf,drawing/x-dwf
.src,application/x-wais-source
.tr,application/x-troff
.pmr,application/x-perfmon
.pma,application/x-perfmon
.dll,application/x-msdownload
.bcpio,application/x-bcpio
.wmlc,application/vnd.wap.wmlc
.wdb,application/vnd.ms-works
.dotx,application/vnd.openxmlformats-officedocument.wordprocessingml.template
.docx,application/vnd.openxmlformats-officedocument.wordprocessingml.document
.pot,application/vnd.ms-powerpoint
.xltm,application/vnd.ms-excel.template.macroEnabled.12
.rtf,application/rtf
.prf,application/pics-rules
.snp,application/octet-stream
.cab,application/octet-stream
.avi,video/x-msvideo
.asf,video/x-ms-asf
.dtd,text/xml
.wml,text/vnd.wap.wml
.vbs,text/vbscript
.rtx,text/richtext
.dlm,text/dlm
.xwd,image/x-xwindowdump
.pgm,image/x-portable-graymap
.bmp,image/bmp
.crt,application/x-x509-ca-cert
.ustar,application/x-ustar
.tex,application/x-tex
.sv4cpio,application/x-sv4cpio
.tgz,application/x-compressed
.cdf,application/x-cdf
.vss,application/vnd.visio
.cat,application/vnd.ms-pki.seccat
.thmx,application/vnd.ms-officetheme
.xlsm,application/vnd.ms-excel.sheet.macroEnabled.12
.prx,application/octet-stream
.pcz,application/octet-stream
.onetmp,application/onenote
.acx,application/internet-property-stream
.wsdl,text/xml
.disco,text/xml
.xsd,text/xml
.wbmp,image/vnd.wap.wbmp
.png,image/png
.pnz,image/png
.smd,audio/x-smd
.smz,audio/x-smd
.smx,audio/x-smd
.mmf,application/x-smaf