I was writing things for fun yesterday and i made this peace of code. It it does one simple and dangerous task (kidding, thats not so dangerous, yo...
For further actions, you may consider blocking this person and/or reporting abuse
The code doesnt work in >= 7.2 versions.
The key here is
assert
, why ?With this in mind we can get the light to understand the behavior...
The argument to
rawurldecode
is just a variable declaration with an array as value:But what is the content of the array ? Well, if you read the last statement you could get the answer...
Keep in mind we have the
$__
declared, rememberassert
, so:Yes, is a line of code, a call to
unlink
with$_
as parameter, but what is the value of$_
?So you got it, the code delete the file where the code is called.
uowww exactly what is happening. kip, you rock! : )
about the assert() and 7.2 v. thats true, but using eval() would turn the code lesser funny.
do you have any suggestion?
Thanks kip, I just read the array, and that's it, couldn't figure out what the other functs were doing... I'm a newbie on PHP hehe
ANSWER: Here is a repository with this code, and a file called "decode.php" explaining it line by line, (or you can read Kip's answer on this post which is a perfect explanation about what is happening).
github.com/felippe-regazio/php-har...