Not long ago, I applied to join an open source organization, they asked me to write a feature to detect whether there is a Trojan script in the picture.
In fact, I do not know what the beginning, but later on the Internet to check some information, found all is the production of a picture of the Trojan tutorial, and did not find a test program.
After several speculations, decided from the production principle to analyze the Trojan program. This Trojan program is written in hexadecimal code, I brainwave, wrote the following upload class. Finally passed the organizational quiz. Oh
Now take it out for everyone to share, there is no good place, please correct me! anyon@139.com;
<?php
/**
+------------------------------------------------------------------------------
* Upload File Upload class
+------------------------------------------------------------------------------
* @package Upload
* @author Anyon <Anyon@139.com>
* @version $Id: Upload.class.php 2013-3-20 21:47:23 Anyon $
+------------------------------------------------------------------------------
*/
Class Upload {
private static $image = null;
private static $status = 0;
private static $suffix = null;
private static $imageType = Array ('. jpg ', '. bmp ', '. gif ', '. png ');
private static $message = Array (
' 0 ' => ' No error occurred, file upload succeeded. ',
' 1 ' => ' uploaded file exceeds the value of the Upload_max_filesize option limit in php.ini. ',
The size of the ' 2 ' => ' upload file exceeds the value specified by the Max_file_size option in the HTML form. ',
' 3 ' => ' files are only partially uploaded. ',
' 4 ' => ' no file upload. ',
' 5 ' => ' failed to pass security check documents. ',
' 6 ' => ' could not find a temporary folder. ',
' 7 ' => ' file write failed. ',
' 8 ' => ' file type not supported ',
' 9 ' => ' uploaded temporary files are missing. ',
);
@ Start File Upload
public static function Start ($feild = ' file ') {
if (!empty ($_files)) {
Self:: $status = $_files[$feild] [' ERROR '];
if (self:: $status > 0)
Return array (' status ' => self:: $status, ' msg ' => self:: $message [Self:: $status]);
Self:: $image = $_files[$feild] [' tmp_name '];
Self:: $suffix = Strtolower (STRRCHR ($_files[$feild] [' name '], '. '));
Return array (' status ' => self::_upload (), ' path ' => self:: $image, ' msg ' => self:: $message [Self:: $status]);
} else {
Return array (' status ' => self:: $status, ' msg ' => self:: $message [Self:: $status]);
}
}
@ Private Upload started
private static function _upload ($path = './upload/') {
Date_default_timezone_set (' PRC ');
$newFile = $path. Date (' Y/m/d/his '). RAND (100, 999). Self:: $suffix;
Self::umkdir (DirName ($newFile));
if (is_uploaded_file self:: $image) && move_uploaded_file (self:: $image, $newFile)) {
Self:: $image = $newFile;
if (In_array (self:: $suffix, Self:: $imageType))
return Self::checkhex ();
Else
Return self:: $status = 0;
} else {
Return self:: $status = 9;
}
}
@ Private 16-in-system detection
private static function Checkhex () {
if (File_exists (self:: $image)) {
$resource = fopen (self:: $image, ' RB ');
$fileSize = FileSize (self:: $image);
Fseek ($resource, 0);
if ($fileSize > 512) {//Fetch head and tail
$hexCode = Bin2Hex (Fread ($resource, 512));
Fseek ($resource, $fileSize-512);
$hexCode. = Bin2Hex (Fread ($resource, 512));
else {//Take All
$hexCode = Bin2Hex (Fread ($resource, $fileSize));
}
Fclose ($resource);
/* Matching 16 in the <% ()%> * *
/* Matching 16 in the system ()?> * *
/* Match <script in 16-in-process | /script> case can also be * *
if (Preg_match ()/(3c25.*?28.*?29.*?253e) | ( 3C3F.*?28.*?29.*?3F3E) | (3c534352495054) | (2f5343524950543e) | (3c736372697074) | (2f7363726970743e)/is ", $hexCode))
Self:: $status = 5;
Else
Self:: $status = 0;
Return self:: $status;
} else {
Return self:: $status = 9;
}
}
@ Private Create Directory
private static function Umkdir ($dir) {
if (!file_exists ($dir) &&!is_dir ($dir)) {
Self::umkdir (DirName ($dir));
@mkdir ($dir);
}
}
}
