Hello,
Here's a quick and dirty way to slip a backdoor into a PHP project by abusing Namespaces.
POC:
root@ssh:~/underhanded# php index.php SUCCESS
<?xml version="1.0" encoding="UTF-8"?> | |
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
<plist version="1.0"> | |
<dict> | |
<key>Ansi 0 Color</key> | |
<dict> | |
<key>Color Space</key> | |
<string>sRGB</string> | |
<key>Blue Component</key> | |
<real>0.25882352941176473</real> |
on openTerminal(location, remoteHost, serverPort) | |
tell application "System Events" | |
-- some versions might identify as "iTerm2" instead of "iTerm" | |
set isRunning to (exists (processes where name is "iTerm")) or (exists (processes where name is "iTerm2")) | |
end tell | |
tell application "iTerm" | |
activate | |
set targetTab to "" |
#!/bin/bash | |
echo "--------------------------------------------------------------------------------" | |
uname -a | |
echo "--------------------------------------------------------------------------------" | |
MEMORY=`/usr/sbin/system_profiler -detailLevel full SPHardwareDataType | grep 'Memory' | awk '{print $1 $2 $3}'` | |
echo "$MEMORY" | |
echo "--------------------------------------------------------------------------------" | |
CORES_COUNT=`sysctl hw.ncpu | awk '{print $2}'` | |
echo "CPU" | |
sysctl -n machdep.cpu.brand_string |
# If you come from bash you might have to change your $PATH. | |
export PATH=$HOME/bin:/usr/local/bin:$PATH | |
# Path to your oh-my-zsh installation. | |
export ZSH="/Users/Jeket/.oh-my-zsh" | |
# Set name of the theme to load --- if set to "random", it will | |
# load a random theme each time oh-my-zsh is loaded, in which case, | |
# to know which specific one was loaded, run: echo $RANDOM_THEME | |
# See https://github.com/robbyrussell/oh-my-zsh/wiki/Themes |
<?php | |
namespace AppBundle\Mapping; | |
use Doctrine\ORM\Mapping as ORM; | |
use DateTime; | |
/** | |
* Class EntityBase | |
* |
Hello,
Here's a quick and dirty way to slip a backdoor into a PHP project by abusing Namespaces.
POC:
root@ssh:~/underhanded# php index.php SUCCESS
<?php | |
$data = array( | |
array( | |
'id' => 1, | |
'children' => array( | |
array( | |
'id' => 12, | |
'children' => array( |
<?php | |
#Coded By Yakup Yavaş | |
#Complex Number PHP Class | |
class Complex { | |
public $real; | |
public $imaginer; | |
public $comp_numb; | |
public $degree; | |
function __construct() //constructor method | |
{ |
<?php | |
require_once 'complex.php'; | |
#Examples | |
$complex = new Complex(); //instance | |
$complex->set_comp_num(3,4); //define number(Default 0,0) | |
echo"Number: ".$complex->comp_numb."<br>"; | |
echo"Real: ".$complex->real."<br>"; | |
echo"Imaginer: ".$complex->imaginer."<br>"; | |
echo "Modulus: ".$complex->modulus()."<br>"; | |
echo "Polar Form: ".$complex->polar_form()."<br>"; |