FCKeditor远程代码执行漏洞
function show($headeri)
{
$ii=0;$ji=0;$ki=0;$ci=0;
echo '<table border="0"><tr>';
while ($ii <= strlen($headeri)-1){
$dAtAi=dechex(ord($headeri[$ii]));
if ($ji==16) {
$ji=0;
$ci++;
echo "<td> </td>";
for ($li=0; $li<=15; $li++) {
echo "<td>".htmlentities($headeri[$li+$ki])."</td>";
}
$ki=$ki+16;
echo "</tr><tr>";
}
if (strlen($dAtAi)==1) {
echo "<td>0".htmlentities($dAtAi)."</td>";
}
else {
echo "<td>".htmlentities($dAtAi)."</td> ";
}
$ii++;$ji++;
}
for ($li=1; $li<=(16 - (strlen($headeri) % 16)+1); $li++) {
echo "<td> </td>";
}
for ($li=$ci*16; $li<=strlen($headeri); $li++) {
echo "<td>".htmlentities($headeri[$li])."</td>";
}
echo "</tr></table>";
}
$pRoXy_regex = '(\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\:\d{1,5}\b)';
function sendpacket() //2x speed
{
global $pRoXy, $host, $port, $pAcKeT, $HtMl, $pRoXy_regex;
$socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
if ($socket < 0) {
echo "socket_create() failed: reason: " . socket_strerror($socket) . "<br>";
}
else {
$c = preg_match($pRoXy_regex,$pRoXy);
if (!$c) {echo 'Not a valid prozy...';
die;
}
echo "OK.<br>";
echo "Attempting to connect to ".$host." on port ".$port."...<br>";
if ($pRoXy=='') {
$result = socket_connect($socket, $host, $port);
}
else {
$parts =explode(':',$pRoXy);
echo 'Connecting to '.$parts[0].':'.$parts[1].' proxy...<br>';
$result = socket_connect($socket, $parts[0],$parts[1]);
}
if ($result < 0) {
echo "socket_connect() failed.\r\nReason: (".$result.") " . socket_strerror($result) . "<br><br>";
}
else {
echo "OK.<br><br>";
$HtMl= '';
socket_write($socket, $pAcKeT, strlen($pAcKeT));
echo "Reading response:<br>";
while ($out= socket_read($socket, 2048)) {$HtMl.=$out;}
echo nl2br(htmlentities($HtMl));
echo "Closing socket...";
socket_close($socket);
}
}
}
function sendpacketii($pAcKeT)
{
global $pRoXy, $host, $port, $HtMl, $pRoXy_regex;
if ($pRoXy=='') {
$ock=fsockopen(gethostbyname($host),$port);
if (!$ock) {
echo 'No response from '.htmlentities($host); die;
}
}
else {
$c = preg_match($pRoXy_regex,$pRoXy);
if (!$c) {
echo 'Not a valid proxy...';die;
}
$parts=explode(':',$pRoXy);
echo 'Connecting to '.$parts[0].':'.$parts[1].' proxy...<br>';
$ock=fsockopen($parts[0],$parts[1]);
if (!$ock) {
echo 'No response from proxy...';die;
}
}
fputs($ock,$pAcKeT);
if ($pRoXy=='') {
$HtMl='';
while (!feof($ock)) {
$HtMl.=fgets($ock);
}
}
else {
$HtMl='';
while ((!feof($ock)) or (!eregi(chr(0x0d).chr(0x0a).chr(0x0d).chr(0x0a),$HtMl))) {
$HtMl.=fread($ock,1);
}
}
fclose($ock);
echo nl2br(htmlentities($HtMl));
}
代码如上图所示,完整代码在https://dl.packetstormsecurity.net/0602-exploits/spip_182g_shell_inj_xpl.html
请问有谁能给我解释一下标红的两段是什么意思,以及function show(header)的功能,及其与两者功能