('binary' encoding is not supported, stored as-is) Hi :) I'v try to use eval() function to inject bad PHP code. Then I've made this file (script.php): <? $evalue = "echo \" test $nickname \";"; eval($evalue); ?> I've write in my webbrowser : http://[website]/script.php?nickname=test";system(\$cmd);%20echo% 20"hop&cmd=ls The server replace " by \", then I was thinking that the value of $evalue will be : echo \" test test\";system(\$cmd);echo \"hop \"; and then that the eval() function execute the 3 lines. But no ! The script execute this : echo "test test \";system(\ls);echo \"hop "; Is it possible to inject bad php code with this php file ? How can I do ? If it is not possible, can I've an example of a bad using of the eval() function ? Thank you Sorry for my poor english frog
This archive was generated by hypermail 2b30 : Thu Jul 18 2002 - 13:40:39 PDT