²Ëµ¶Á÷Á¿ÌØÕ÷

×î×îÏÈÊÇÃ÷ÎÄ´«Ê䣬£¬£¬£¬Øʺó½ÓÄÉbase64¼ÓÃÜ£º

PHPÀàWebShellÁ´½ÓÁ÷Á¿

ÈçÏ£º

µÚÒ»£º¡°eval¡±£¬£¬£¬£¬evalº¯ÊýÓÃÓÚÖ´ÐÐת´ïµÄ¹¥»÷payload£¬£¬£¬£¬ÕâÊDZز»¿ÉÉٵģ»£»

µÚ¶þ£º(base64_decode($_POST[z0]))£¬£¬£¬£¬(base64_decode($_POST[z0]))½«¹¥»÷payload¾ÙÐÐBase64½âÂ룬£¬£¬£¬ÓÉÓڲ˵¶Ä¬ÈÏÊÇʹÓÃBase64±àÂ룬£¬£¬£¬ÒÔ×èÖ¹±»¼ì²â£»£»

µÚÈý£º&z0=QGluaV9zZXQ...£¬£¬£¬£¬¸Ã²¿·ÖÊÇת´ï¹¥»÷payload£¬£¬£¬£¬´Ë²ÎÊýz0¶ÔÓ¦$_POST[z0]ÎüÊÕµ½µÄÊý¾Ý£¬£¬£¬£¬¸Ã²ÎÊýÖµÊÇʹÓÃBase64±àÂëµÄ£¬£¬£¬£¬ÒÔÊÇ¿ÉÒÔʹÓÃbase64½âÂë¿ÉÒÔ¿´µ½¹¥»÷Ã÷ÎÄ¡£¡£¡£¡£

×¢£º

1.ÓÐÉÙÊýʱ¼äevalÒªÌå»á±»assertÒªÁìÌæ»»¡£¡£¡£¡£

2.$_POSTÒ²»á±»$_GET¡¢$_REQUESTÌæ»»¡£¡£¡£¡£

3.z0ÊDz˵¶Ä¬ÈϵIJÎÊý£¬£¬£¬£¬Õâ¸öµØ·½Ò²ÓпÉÄܱ»ÐÞ¸ÄΪÆäËû²ÎÊýÃû¡£¡£¡£¡£

ÒϽ££¨PHPÓÃbase64¼ÓÃÜ£©£º

PHPÀàWebShellÁ´½ÓÁ÷Á¿

½«ÒϽ£µÄÕýÎÄÄÚÈݾÙÐÐURL½âÂëºó£¬£¬£¬£¬Á÷Á¿×îÖÐÏÔ×ŵÄÌØÕ÷Ϊ@ini_set("display_errors","0");Õâ¶Î´úÂë»ù±¾ÊÇËùÓÐWebShell¿Í»§¶ËÁ´½ÓPHPÀàWebShell¶¼ÓеÄÒ»ÖÖ´úÂ룬£¬£¬£¬¿ÉÊÇÓеĿͻ§¶Ë»á½«Õâ¶Î±àÂë»òÕß¼ÓÃÜ£¬£¬£¬£¬¶øÒϽ£ÊÇÃ÷ÎÄ£¬£¬£¬£¬ÒÔÊǽϺ÷¢Ã÷£¬£¬£¬£¬Í¬Ê±ÒϽ£Ò²ÓÐevalÕâÖÖÏÔ×ŵÄÌØÕ÷¡£¡£¡£¡£

ÒϽ£ÈƹýÌØÕ÷Á÷Á¿

ÓÉÓÚÒϽ£ÖаüÀ¨ÁËÐí¶à¼ÓÃÜ¡¢Èƹý²å¼þ£¬£¬£¬£¬ÒÔÊǵ¼ÖÂÐí¶àÁ÷Á¿±»¼ÓÃܺóÎÞ·¨Ê¶±ð£¬£¬£¬£¬¿ÉÊÇÒϽ£»£»ìÏý¼ÓÃܺóÉÐÓÐÒ»¸ö½ÏÁ¿ÏÔ×ŵÄÌØÕ÷£¬£¬£¬£¬¼´Îª²ÎÊýÃû´ó¶àÒÔ¡°_0x.....=¡±ÕâÖÖÐÎʽ£¨Ï»®Ïß¿ÉÌ滻ΪÆäËû£©ÒÔÊÇ£¬£¬£¬£¬ÒÔ_0x¿ªÍ·µÄ²ÎÊýÃû£¬£¬£¬£¬ºóÃæΪ¼ÓÃÜÊý¾ÝµÄÊý¾Ý°üÒ²¿Éʶ±ðΪÒϽ£µÄÁ÷Á¿ÌØÕ÷¡£¡£¡£¡£

±ùЫ£¨AES¶Ô³Æ¼ÓÃÜ£©£º

ͨ¹ýHTTPÇëÇóÌØÕ÷¼ì²â

1¡¢±ùЫÊý¾Ý°ü×ÜÊÇÅãͬ×Å´ó×ÚµÄcontent-type£ºapplicationʲôʲô£¬£¬£¬£¬ÎÞÂÛGETÕÕ¾ÉPOST£¬£¬£¬£¬ÇëÇóµÄhttpÖУ¬£¬£¬£¬content-typeΪapplication/octet-stream£»£»

2¡¢±ùЫ3.0ÄÚÖõÄĬÈÏÄÚÖÃ16¸öua£¨user-agent£©Í·

3¡¢content-length ÇëÇ󳤶ȣ¬£¬£¬£¬¹ØÓÚÉÏ´«Îļþ£¬£¬£¬£¬ÏÂÁîÖ´ÐÐÀ´½²£¬£¬£¬£¬¼ÓÃܵIJÎÊýδ±Ø³¤¡£¡£¡£¡£¿ÉÊǹØÓÚÃÜÔ¿½»»¥£¬£¬£¬£¬»ñÈ¡»ù±¾ÐÅÏ¢À´½²£¬£¬£¬£¬payload¶¼Îª¶¨³¤

¸ç˹À­£¨base64¼ÓÃÜ£©£º

ÌØÕ÷¼ì²â

1¡¢·¢ËÍÒ»¶ÎÀο¿´úÂ루payload£©£¬£¬£¬£¬httpÏìӦΪ¿Õ

2¡¢·¢ËÍÒ»¶ÎÀο¿´úÂ루test£©£¬£¬£¬£¬Ö´ÐÐЧ¹ûΪÀο¿ÄÚÈÝ

3¡¢·¢ËÍÒ»¶ÎÀο¿´úÂ루getBacisInfo£©

¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª

°æȨÉùÃ÷£º±¾ÎÄΪCSDN²©Ö÷µÄÔ­´´ÎÄÕ£¬£¬£¬£¬×ñÕÕCC 4.0 BY-SA°æȨЭÒ飬£¬£¬£¬×ªÔØÇ븽ÉÏÔ­ÎÄÀ´ÓÉÁ´½Ó¼°±¾ÉùÃ÷¡£¡£¡£¡£

Ô­ÎÄÁ´½Ó£ºhttps://blog.csdn.net/eternitymd/article/details/124492261