PhpSpy
2008
PhpSpy is an online management program written in PHP language. It also integrates many functions similar to Haiyang Dingding. It can also be said to be a WEB backdoor. It combines existing attack techniques and is practical, concise and compact. principles, developed this program. Due to the nature of the program, the publicly available downloadable version does not provide additional operations. For example, MSSQL connection, WIN host rebound, etc.
2008 feature list (based on 2006)
Enhance cookie functionality.
Change to the full English version and declare the corresponding page encoding according to the encoding settings of the database to ensure that each encoding server can output normally.
Strengthen the file management function and add batch deletion of files. Added new file attribute display methods and hosts. Add directory rename. Added viewing of all writable subdirectories under the website root directory and the current directory. Automatically detect all partitions and partition types under the WIN host.
Added the ability to upload and download files through MYSQL, where downloading files does not require the database user to have FILE permissions. You can download it completely. The program automatically determines two ways to download. Uploading requires FILE permission.
Strengthen the MYSQL database management function, add query echo and paging display, and add insert, modify, and delete records. Added functions for viewing table structure and common information, and deleting tables. And supports multiple sentences running at the same time.
Add the function of executing PHP code and attach some useful PHP code. For example, the Serv-U local rights escalation application code is suitable for versions 6.4 and below, as well as MYSQL rebound SHELL, etc.
Enhance the execution command function.
Simplify the display of some PHP environment variables.
Greatly improve the efficiency of various operations, especially file management. Speed up the output of multi-file directories.
Basically everything is changed to POST method to submit data and jump. Greatly increases concealment. Prevent administrators from looking at logs for clues.
Added Linux host port bounce function. Dual implementation using PERL and C.
…
