Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I want to develop code wherein I want to intercept the data being sent to a PHP exploitable function like eval(). However my code should not edit or touch the code wherein the eval exists in any way.
As an example:
I create a PHP file with my interceptor code and use “require” to call it inside a target PHP page with the eval() (or any other PHP exploitable function). How can that be made possible?
First of, all functions in PHP can be used for exploiting the system.
In order to change the behaviour of PHP in this way you need to modify the PHP interpreter itself – specifically you’ll need the intercept or runkit PECL (or rewrite the interpreter yourself). Either that or run a translataion program to remap references to (your list of “exploitable” functions) to wrapper functions (and then specify these wrappers in an include file).