ZSC icon indicating copy to clipboard operation
ZSC copied to clipboard
verified publisher icon OWASP

issue in php encoders

Open Ali-Razmjoo opened this issue 8 years ago • 1 comments

As you see in this line all of <?php ,<? and ?> will be remvoed.

content = content.replace('<?php', '').replace('<?', '').replace('?>', '')

it will work fine if our php script is including just one <?php tag! otherwise it won't work fine.

sample of multi <?php tag which will not work:

<?php echo "section 1"; ?> section 2 is html <?php echo "section 3 is php"; ?>

execute before and after encoding:

C:\Users\Zombie\Downloads\OWASP-ZSC-master>php 1.php
section 1 section 2 is html section 3 is php
C:\Users\Zombie\Downloads\OWASP-ZSC-master>php 1.php

Parse error: syntax error, unexpected '2' (T_LNUMBER) in C:\Users\Zombie\Downloads\OWASP-ZSC-master\1.php(12) : eval()'d code on line 1

C:\Users\Zombie\Downloads\OWASP-ZSC-master>

decode generated file:

 echo "section 1";  section 2 is html  echo "section 3 is php";

which it must be this to work fine:

echo "section 1"; ?> section 2 is html <?php echo "section 3 is php"; ?>

Ali-Razmjoo avatar Apr 18 '17 12:04 Ali-Razmjoo

I'd like to work on this. Please guide me what to do.

sameersingh7 avatar May 15 '17 06:05 sameersingh7