The website was hacked and it was found that the other party had uploaded some files with names like xxx.php.jpg. The editor found that code like was inserted in inside the file.
I want to know how the other party can execute such a file? How to protect?
Software environment: CentOS 6.5, Apache 2.x, PHP 5.x, the website is secondary development of the old version of Drupal
The website was hacked and it was found that the other party had uploaded some files with names like xxx.php.jpg. The editor found that code like was inserted in inside the file.
I want to know how the other party can execute such a file? How to protect?
Software environment: CentOS 6.5, Apache 2.x, PHP 5.x, the website is secondary development of the old version of Drupal
`IIS 7.0/IIS 7.5/ Nginx <8.03 Malformed Parsing Vulnerability
With Fast-CGI turned on by default, upload a file named a.jpg with the content
');?>
file, and then access a.jpg/.php, a one-sentence Trojan shell.php`
will be generated in this directory.Check the file type when uploading, don’t just judge the extension
I heard from others that PHP's eval is a dangerous function. Not only must it be disabled in php.ini, but a plug-in must be installed to disable this function.
First scan the Trojans to confirm which Trojans are there, and then use the Trojan name to confirm which file was successfully accessed from the beginning. It does not necessarily mean that there is a parsing vulnerability in the image file. It may be that the file contains it. Apache seems to be a very old version. The version has this parsing vulnerability, 1.php.xxx will be executed. If yours is apache, it seems that it is not the same type as the one mentioned on the first floor. The one mentioned on the first floor only exists in iis7.x and nginx. If it is repaired, upgrade the version. .
is a one-sentence script
This kind of parsing vulnerability can also be solved by upgrading Web Server and patching it.
For prevention, if it is a picture, remember to use the compression function to compress it after uploading. Disturbing the position of its encoding structure can play a certain role in prevention.
Furthermore, ensure the execution permission of the uploaded file. Or turn on PHP's strict mode to block high-risk functions.
Of course, more loopholes are caused by the programmer's own negligence. This can only depend on the individual level.
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
