I was writing things for fun yesterday and i made this peace of code. It it does one simple and dangerous task (kidding, thats not so dangerous, you can run it on you computer and see what happens).
So, the challenge is: can you describe what this code is really doing? Can you shine a light on it describing as many steps as possible?
<?php $§=(rawurldecode('%24__%3D%5B%22%3D%22%2C%22s%22%2C%22T%22%2C%22K%22%2C%22f%22%2C%22R%22%2C%22C%22%2C%22K%22%2C%22r%22%2C%225%22%2C%22W%22%2C%22a%22%2C%22s%22%2C%225%22%2C%22W%22%2C%22d%22%5D%3B'));assert($§);$_=__FILE__;assert(base64_decode(strrev(implode($__))));
you can use ctrl+c + v, or use the string version below:
<?php $§=(rawurldecode('%24__%3D%5B%22%3D%22%2C%22s%22%2C%22T%22%2C%22K%22%2C%22f%22%2C%22R%22%2C%22C%22%2C%22K%22%2C%22r%22%2C%225%22%2C%22W%22%2C%22a%22%2C%22s%22%2C%225%22%2C%22W%22%2C%22d%22%5D%3B'));assert($§);$_=__FILE__;assert(base64_decode(strrev(implode($__))));
Is not big deal, but its not that easy too. Experienced developers maybe can find the answer fast, but i believe that can be specially fun to beginners.
Top comments (5)
The code doesnt work in >= 7.2 versions.
The key here is
assert
, why ?With this in mind we can get the light to understand the behavior...
The argument to
rawurldecode
is just a variable declaration with an array as value:But what is the content of the array ? Well, if you read the last statement you could get the answer...
Keep in mind we have the
$__
declared, rememberassert
, so:Yes, is a line of code, a call to
unlink
with$_
as parameter, but what is the value of$_
?So you got it, the code delete the file where the code is called.
uowww exactly what is happening. kip, you rock! : )
about the assert() and 7.2 v. thats true, but using eval() would turn the code lesser funny.
do you have any suggestion?
Thanks kip, I just read the array, and that's it, couldn't figure out what the other functs were doing... I'm a newbie on PHP hehe
ANSWER: Here is a repository with this code, and a file called "decode.php" explaining it line by line, (or you can read Kip's answer on this post which is a perfect explanation about what is happening).
github.com/felippe-regazio/php-har...