Direct Attacks
Pragmatic PHP
2024-06-01
5
Dumb things
Don't do dumb things!
<?php
system
(
$user_data
);
?>
<?php
include
"
$path
/
$user_data
"
;
?>
<?php
eval(
$user_data
);
?>
Others
preg_replace with /e option, exec(), popen(), passthru, and backticks ``
