Wednesday, May 8, 2019
Home / Programming / A look at PHP backdoor shells

A look at PHP backdoor shells

A backdoor shell can be a PHP, ASP, JSP, etc. piece of code which can be uploaded on a site to gain or retain access and some privileges on a website. Once uploaded, it allows the attacker to execute commands through the shell_exec () function, upload/delete/modify/download files from the web server, and many more. For defacers, it allows them to navigate easily to the directory of the public_html or /var/www and modify the index of the page.

In this write-up, we will be talking about PHP backdoor shells, how they work, how to detect them and remove them. Below is a simple PHP code that is very popular and is scattered all over the web ( This code allows an attacker to execute *nix commands. For the full write up at

InfoSec Institute, check here:

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Silent OS 3.0 for Blackphone Completely revamped

Version 3.0 migrates Silent OS to Android Marshmallow 6.0.1 and delivers the Android safety patch …