Skip to content

Instantly share code, notes, and snippets.

@ts0818

ts0818/eval_attack_02.php

Created November 5, 2015 08:07
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ts0818/34db844ef89dcdb412f6 to your computer and use it in GitHub Desktop.
Save ts0818/34db844ef89dcdb412f6 to your computer and use it in GitHub Desktop.
Download ZIP
パーフェクトPHP eval攻撃対応方法 
Raw
eval_attack_02.php
<?php
$string = 'こたんたにたちたわた、世界!';
// 入力された文字列が$string変数に含まれている場合だけ処理を行う
if (strpos($string, $_GET['keyword']) !== false) {
eval("echo htmlspecialchars(str_replace('".$_GET['keyword'].
"','', '".$string."'), ENT_QUOTES, 'UTF-8');");
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment