当前位置:网站首页>Picture Trojan principle production prevention
Picture Trojan principle production prevention
2022-07-28 15:00:00 【Jun moshang】
Definition
Picture Trojan horse is a picture containing a Trojan horse ( It's usually a one sentence Trojan horse )
principle
Take file upload vulnerability as the basic condition , Write executable conditions into the picture , Then use the file containing vulnerability to execute a sentence Trojan horse in the picture , So as to obtain the permission of the target server .
Production methods
One 、copy
Pictures and a sentence Trojan horse , open cmd, Enter folder
copy 1.jpg/b+1.php/a 2.jpg
among /b Represents opening a file in binary encoding ,/a Representative to ASCII Code to open the file 
Two 、 Using binary encoding tools 
Add directly anywhere in the code webshell that will do , It can be used with ant sword .
To guard against
● The directory for file upload is set to be non executable
● Determine file type
● Use random number to overwrite file name and path
边栏推荐
- Hard disk partition method
- Install pytorch geometric on colab, and libcudart.so.10.2 appears when importing the package
- @Solution to DS ('slave') multi data source compatible transaction problem
- 面试官:ThreadLocal使用场景有哪些?内存泄露问题如何避免?
- Qt development tips
- VTK annotation class widget vtkborderwidget
- Focus on differentiated product design, intelligent technology efficiency improvement and literacy education around new citizen Finance
- linux安装redis
- SwiftUI 的动画机制
- Added the ability of class @published for @cloudstorage
猜你喜欢
Simple data analysis using Weka and excel
Establishment and traversal of binary tree (implemented in C language)
Product Manager
Store and guarantee rancher data based on Minio objects
Robot mathematics foundation 3D space position representation space position
Deploy flask on Alibaba cloud server
The method of implementing simple student achievement management system with C language
![[Tanabata] Tanabata lonely little frog research edition? The final chapter of Tanabata Festival!](/img/0b/4fc583a3dd4794b0c2b0d64d905be7.png)
[Tanabata] Tanabata lonely little frog research edition? The final chapter of Tanabata Festival!
Getting started with scottplot tutorial: getting and displaying values at the mouse
![[thread safety] what risks may multithreading bring?](/img/79/112ab7e586b0bceb296dfddb2728be.png)
[thread safety] what risks may multithreading bring?
随机推荐
SwiftUI 4.0 的全新导航系统
C callback function, interface function pointer as function parameter, function pointer as structure member
企鹅一面:为什么不建议使用SELECT * ?
MQTT入门级简单介绍与使用
Third class exercise
How long can we "eat" the dividends of domestic databases?
Store and guarantee rancher data based on Minio objects
Create a table under swiftui with table
SwiftUI 布局 —— 尺寸( 上 )
[thread safety] what risks may multithreading bring?
Interviewer: what are the usage scenarios of ThreadLocal? How to avoid memory leakage?
Swiftui layout - size (bottom)
Four basic data types
ssh服务
C language exercises
Node.js+express realizes the operation of MySQL database
&0xffffffff(0x08)
Redis-Redis在Jedis中的使用
我正在使用中的博客创作工具
On July 29, apachecon | apachepulsar's exploration and practice in vivo will be broadcast soon