Exploiting eval()

ghost

0 0

17 years ago

In this video i exploit the eval() function to run commands/php on a webhosting company.

I finally got a new video maker, so this file is small!

http://4filehosting.com/file/21117/eval-swf.html

SySTeM

-=[TheOutlaw]=-

20 0

17 years ago

[edit]Nevermind, I watched the video. I thought you meant you actually exploited the php function eval, now I realize you just exploited it on someones site, my bad xD[/edit]

ghost

0 0

17 years ago

nice demo tho :D

ghost

0 0

17 years ago

As far as I'm concerned, you should never use eval

"If eval() is the answer, then you're asking the wrong question"

Sara Goleman (afaik)

ghost

0 0

17 years ago

nice vid :)

SySTeM

-=[TheOutlaw]=-

20 0

17 years ago

mozzer wrote: As far as I'm concerned, you should never use eval

"If eval() is the answer, then you're asking the wrong question"

Sara Goleman (afaik)

Agreed, eval ftl

ghost

0 0

17 years ago

V. True…

Also, use of backticks when not necessary!

mkdir lal

rather than

mkdir ('lal');

ghost

0 0

17 years ago

I dig this even more then the CSRF one, excellent work! Keep 'em coming.

:happy:

Uh oh. Looks like your using an ad blocker.