In the process of many infiltrations, the infiltrator will upload a sentence Trojan ( Webshell for short) ) to the current web service directory and then grant the right to obtain system permissions, regardless of asp, php, jsp, aspx, then what is the word Trojan?
[ Basic Principles ] Using the file upload vulnerability , upload a sentence to the target website, and then you chopper.execan get and control the entire website directory locally through the Chinese kitchen knife . @ indicates that even if an error is executed, no error is reported. eval（）The function indicates that the statement string in parentheses is all executed as code. $_POST[‘attack’]Indicates that the parameter value of attack is obtained from the page.
(1) php code should be written in , the server can recognize this is the php code, and then to parse.
(2) The @ symbol means no error, even if the execution is wrong, no error is reported.
To be continued…