the author: phpeval

the first time a problem with the program. Is similar to this.

code is as follows:


<?
$PHP code="${${eval ($_GET [c])}}";
? >

for the above code. If the submitted URL http://www.phpeval.cn/test.php? C=a phpinfo (); You can find a phpinfo () was carried out. And the corresponding submit c=echo 11111; Found that 1111 was output. This code was carried out.

(number of PHP code when the file is written. Didn't notice that. When they write PHP file in your code. Add the code within double quotes. And then filter out the double quotation marks. Think it will not be able to perform. In fact is possible.)
there is some way of using, such as:

code is as follows:


<?
$PHP code=addslashes ($_GET [c]);
eval (" $" code "");
? >

submitted to http://www.site.cn/test.php? C=${${a phpinfo ()}}; A phpinfo () is executed. If the submitted
http://www.site.cn/test.php? C=${${eval ($_GET [d])}}; & D=a phpinfo ();

so, d at the back of the code is executed.

the solution:

the eval function reduces the security of your application, because it is evaluated the text gives too much power. It is strongly recommended that do not use the eval function.


This concludes the body part