eval(base64_encode())

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Denn
Forum Newbie
Posts: 6
Joined: Sun Feb 25, 2007 3:24 am

eval(base64_encode())

Post by Denn »

Hi developers.

I saw a couple of examples on the various forums showing that it is possible to decode something with eval(gzinfalte(base64_encode()));
But didn't find any code for decoding eval(base64_encode());

Is that not possible at all?
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I'd do a LOT of sniffing around due to that eval().
Denn
Forum Newbie
Posts: 6
Joined: Sun Feb 25, 2007 3:24 am

Post by Denn »

Ohh, got the idea from php function list for eval().

I just replaced eval with echo in the first place.
Then i get a code like: $code_base = 'crappy stuff';
and at they ending there was a eval more. I just removed that, and wrote the $code_base into a text file.. and volia. Decoded :-)
Post Reply