1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
<P>this is html, so popen() and exec() 'calls' are harmless
<?php blah(foo()); ?>
<?php blah(foo());
?>
<?php stat("singleline"); ?>
<?php eval("evil!") ?>
<?php /*exec("evil! (2)") */ ?>
<?php
exec("evil! (3)")
?>
<?php foo(bar(baz(quux(1)))); ?>
<P> blah
<?php
print "?>\n";
print '?>\n';
$start_date = mktime(0, 0, 0, 3, 24, 2000);
/* time() sucks */
# time() sucks
/* time() sucks */
$str = "time() sucks";
$str = 'time() sucks';
$str = '"time() sucks"';
$total_time = sprintf("%1.5f", (time() - $start_date) / (100000000));
print
"<P><EM><SMALL>" .
"Providing random bits for ~${total_time}e23 femtoseconds." .
"</SMALL></EM>\n";
require ('php_lib/searchbox.php');
print make_searchbox ();
/* $blah = tempnam(); #comment */
$blah = run_sql("select foo from bar");
/* mail($spammer); */
$obj->mail($blah);
statfalsepositive();
afalsepositiveforstat();
wheestatisgreat();
is_dir("foo");
is_file("blah");
lstat("foo");
stat("bar");
eval("secondary evil");
eval("lesser evil");
$obj -> mail("foo");
?>
is_dir("html") <!-- I am HTML! -->
</DIV>
</BODY>
</HTML>
|
