Asser uses ant sword to log in

1. Write a php Trojan file

2.Open Ant Sword
Pass 1 as eval and password as 2, try to form the eval() function

The body in the request message and the connection password of 1 are used to form the eval() function

Test results

At this time, the returned data is empty and the connection fails, because eval() is a language constructor, and he cannot use the variable function provided by PHP to call

Use 1=assert&2 directly as the password

Using the burp suite tool to capture the package, it is found that the value of 2 is a string of a series of PHP functions to obtain files that are directly input

The parameter of the assert() function cannot be a string, it must be a function to execute the statement
Use the packet capture tool to view the traffic

Change encoding

Test again

It is found that because the encoding method is base64 at this time, eval(base64_decode()) is automatically called in 2 places to decode the PHP file-related functions, which satisfies the condition that the assert() function parameter must be a function

Try using 1=assert 2=eval($_POST['3']) method

At this time, the variable function is assert(eval($_POST['3'])) which also satisfies assert()The parameter must be a function, and there are parameter values ​​that can be passed in the eval statement, so the connection is successful