By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,216 Members | 1,001 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,216 IT Pros & Developers. It's quick & easy.

eval?

Thekid
100+
P: 145
Hi,
How can I set arg to execute /etc/bin/thekid?

Expand|Select|Wrap|Line Numbers
  1. $store = "thk".'f'; $y = $_GET['arg']; eval("\$store = \$y;"); 
  2.  
Aug 19 '08 #1
Share this Question
Share on Google+
2 Replies


Atli
Expert 5K+
P: 5,058
What?
That code make absolutely no sense...
It just creates two variables, and then sets the first one like the second one.

What are you trying to do?
Please explain in more (any) detail.

As a full member now, I would expect you to know at least the most basic of our forum rules.
Please review the Posting Guidelines, especially the parts about How to ask a question and Use a good thread title.

I will be changing the title of the thread into something more suitable as soon as I know what it is you are asking about.

MODERATOR
Aug 19 '08 #2

Thekid
100+
P: 145
Sorry for any confusion over the lack of information in the original post but this is what I've been given:

A user codes this PHP code. Set arg to execute /etc/bin/thekid.
$store = "thk".'f'; $y = $_GET['arg']; eval("\$store = \$y;");

The goal is to recognize problems with simple lines of code and be able to correct or prevent them. Apparantly this is an old eval injection vulnerability and I found this online:

Expand|Select|Wrap|Line Numbers
  1. An eval injection vulnerability occurs when someone can control 
  2. all or part of an input string that is fed into an eval() function 
  3. call. Eval will execute the argument as code. The security 
  4. implications for this are obvious. This issue has been known for 
  5. years [2]:
  6.  
  7.  
  8. Example: 
  9.  
  10.  
  11.   $myvar = "varname"; 
  12.   $x = $_GET['arg']; 
  13.   eval("\$myvar = \$x;"); 
  14.  
  15.  
  16.   What happens if arg is set to "10 ; system(\"/bin/echo uh-oh\");" ? 
  17.  
  18.  
I don't have to get the code to actually work or do anything, I just needed the proper syntax to submit it. I initially didn't think it was an eval() problem but I found the above example today and see that it is.
Aug 19 '08 #3

Post your reply

Sign in to post your reply or Sign up for a free account.