The code doesnt work in >= 7.2 versions.
The key here is assert, why ?
assert
If the assertion is given as a string it will be evaluated as PHP code by assert().
With this in mind we can get the light to understand the behavior...
The argument to rawurldecode is just a variable declaration with an array as value:
rawurldecode
'$__=["=","s","T","K","f","R","C","K","r","5","W","a","s","5","W","d"];'
But what is the content of the array ? Well, if you read the last statement you could get the answer...
Keep in mind we have the $__ declared, remember assert, so:
$__
>>> $imploded = implode(["=","s","T","K","f","R","C","K","r","5","W","a","s","5","W","d"]) => "=sTKfRCKr5Was5Wd" >>> $reversed = strrev($imploded) => "dW5saW5rKCRfKTs=" >>> base64_decode($reversed) => "unlink($_);" >>>
Yes, is a line of code, a call to unlink with $_ as parameter, but what is the value of $_ ?
unlink
$_
$_=__FILE__
So you got it, the code delete the file where the code is called.
about the assert() and 7.2 v. thats true, but using eval() would turn the code lesser funny. do you have any suggestion?
uowww exactly what is happening. kip, you rock! : )
Thanks kip, I just read the array, and that's it, couldn't figure out what the other functs were doing... I'm a newbie on PHP hehe
Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink.
Hide child comments as well
Confirm
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
The code doesnt work in >= 7.2 versions.
The key here is
assert
, why ?With this in mind we can get the light to understand the behavior...
The argument to
rawurldecode
is just a variable declaration with an array as value:But what is the content of the array ? Well, if you read the last statement you could get the answer...
Keep in mind we have the
$__
declared, rememberassert
, so:Yes, is a line of code, a call to
unlink
with$_
as parameter, but what is the value of$_
?So you got it, the code delete the file where the code is called.
about the assert() and 7.2 v. thats true, but using eval() would turn the code lesser funny.
do you have any suggestion?
uowww exactly what is happening. kip, you rock! : )
Thanks kip, I just read the array, and that's it, couldn't figure out what the other functs were doing... I'm a newbie on PHP hehe