Eval () PHP, usability and context

Question

Eval () PHP, usability and context

Navigation

#1 by (4 votes)

2

I was reading some codes of e-commerce extensions. Usually these modules are paid, but what I was seeing had a 'trial' to try out. I installed and went to analyze the code. I was hoping for something in PHP itself, but it looks like the creators tried to hide the entire code with the eval() function of PHP. I searched here , but the examples from php.net show a context of apparently different usage from the one in the code snippet below:

<?php eval("\x6f\x62\x5f\x73\x74\x61\x72\x74\x28\x29\x3b") ?>ŸÀ#0!0#T~8.…‚yAø-„_NuˆcEŒfU}l(N”p-S˜s-Tœx3Y |9_¤{#s!s#g¨Al¬„o_'&=\(.oŽÆ&R#r!r#½'U•‚B#r!r#$_NåÈ7Y#;wg#0!0#ãPs#r!r#ñ]~öf‹#s—1ž7$‘ªD2ž·{WØï&Bg©„#]öƒk×ÖzÅ{Ë4÷ø-4+7~QÊ0s\ò4Idm%géO÷~ôÞÝÜÝàÙUWÝóòóö¬§K#r!r#-Æ½¼½ÀÈj:S#r!r##n!n#Ï§ÂÍ¶¥ªöäõCEûÔ#r!r#=#n!n#ª€æ¤<?php eval("\x69\x66\x28\x21\x66\x75\x6e\x63\x74\x69\x6f\x6e\x5f\x65\x78\x69\x73\x74\x73\x28\x22\xb1\x22\x29\x29\x7b\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\xb1\x28\x24\xa1\xa1\x3d\x30\x29\x7b\x24\xa1\x3d\x73\x74\x72\x5f\x72\x65\x70\x6c\x61\x63\x65\x28\x61\x72\x72\x61\x79\x28\x27\x23\x73\x21\x73\x23\x27\x2c\x27\x23\x65\x21\x65\x23\x27\x2c\x27\x23\x30\x21\x30\x23\x27\x2c\x27\x23\x6e\x21\x6e\x23\x27\x2c\x27\x23\x72\x21\x72\x23\x27\x29\x2c\x61\x72\x72\x61\x79\x28\x27\x3c\x27\x2c\x27\x3e\x27\x2c\x22\x5c\x30\x22\x2c\x22\x5c\x6e\x22\x2c\x22\x5c\x72\x22\x29\x2c\x6f\x62\x5f\x67\x65\x74\x5f\x63\x6c\x65\x61\x6e\x28\x29\x29\x3b\x66\x6f\x72\x28\x24\xa1\xa2\x3d\x31\x2c\x24\xa1\xa2\xa3\x3d\x6f\x72\x64\x28\x24\xa1\x5b\x30\x5d\x29\x2c\x24\xa1\xa2\xa1\x3d\x30\x3b\x24\xa1\xa2\x3c\x73\x74\x72\x6c\x65\x6e\x28\x24\xa1\x29\x3b\x24\xa1\xa2\xa1\x3d\x6f\x72\x64\x28\x24\xa1\x5b\x24\xa1\xa2\x5d\x29\x2c\x24\xa1\xa2\x2b\x2b\x29\x24\xa1\x5b\x24\xa1\xa2\x5d\x3d\x63\x68\x72\x28\x6f\x72\x64\x28\x24\xa1\x5b\x24\xa1\xa2\x5d\x29\x2d\x24\xa1\xa2\xa3\x2d\x24\xa1\xa2\xa1\x2d\x24\xa1\xa2\x2d\x24\xa1\xa1\x29\x3b\x24\xa1\x5b\x30\x5d\x3d\x27\x20\x27\x3b\x72\x65\x74\x75\x72\x6e\x20\x24\xa1\x3b\x7d\x7d") ?>Ý]@¦×Þò    Þ˜ƒ~›óæÅä5j Bº)¥    Ø°©)û:9:=Lå¤ ¹#e!e#LÉ'(-½K…½¾Ã«ƒuv½ØÙÞ¦2ÂPR%Ÿ¥ú85_·€U–—œJö|{|,»|'»¼Á_¼Œñ[YHBU¨Â¾Ö×ÜˆÿÇö\Œ…§É’G3ŒþÓ°†¦ #O0¹2ä vuvyxïZ['ÂÁ¾Â[\a5Ì5ÎÏïVœ¢@ÜF®¯´‰¥{Ë+WÂ)åäåè‚^-‹òñòõŽ¡«®¨«º³™†–Íëì$„°k‰ñ&PQ#n!n##0!0#WTKYZßíòòìéëìðêÞÖí#n!n#Akl%<?php eval(±()) ?>

I would like someone to explain to me a little more about the use of this function in the case presented above , I would like to know the result of that code in PHP as well as how to do it same procedure for my codes.

edit1: The code snippet was taken from this module here , file IndexController.php .

php eval

asked by anonymous 02.05.2016 / 16:17

1 answer

Why use unless in Laravel, instead of a negation in if? How to fire a message with every click in jquery?

score 4 · Accepted Answer

eval - Performs a string as PHP code.

In the case of the posted code, they are using the ASCII encoder in hexadecimal notation, I added the initial code and executed the alert function to see what the encoded text is.

alert("\x6f\x62\x5f\x73\x74\x61\x72\x74\x28\x29\x3b")

The code is converted as follows:

\x6f = o
\x62 = b
\x5f = _
\x73 = s
\x74 = t
\x61 = a
\x72 = r
\x74 = t
\x28 = (
\x29 = )
\x3b = ;

You can check these values using the ASCII Table .

As they are using eval, it will execute the function after it decodes it. Already the alert only displays the result of the expression.

Your decoded code is:

ob_start();

// segundo eval
if (!function_exists("±")) {
    function±($¡¡ = 0) {
        $¡ = str_replace(array('#s!s#', '#e!e#', '#0!0#', '#n!n#', '#r!r#'), array('<', '>', "alert("\x6f\x62\x5f\x73\x74\x61\x72\x74\x28\x29\x3b")", "\n", "\r"), ob_get_clean());
        for ($¡¢ = 1, $¡¢£ = ord($¡[0]), $¡¢¡ = 0; $¡¢ < strlen($¡); $¡¢¡ = ord($¡[$¡¢]), $¡¢++) $¡[$¡¢] = chr(ord($¡[$¡¢]) - $¡¢£ - $¡¢¡ - $¡¢ - $¡¡);
        $¡[0] = ' ';
        return $¡;
    }
}

±() // o último executa a função acima