<?php $srch = "{${eval("echo phpinfo();echo 'apple';// @codingStandardsIgnoreStart (?=/)\e")}}"; #echo $srch; echo "\n"; $search = htmlentities($srch); #echo $search; echo "\n"; if (strpos($search, 'apple') !== false){ echo "in the if!"; echo "\n"; echo preg_replace("/".$search."/", $search." <img src='".$search.".png'>", "apple"); }
Output for 5.3.0 - 5.6.26, 7.0.0 - 7.1.0RC4
Warning: phpinfo() has been disabled for security reasons in /in/QXG3k(2) : eval()'d code on line 1 apple Notice: Undefined variable: in /in/QXG3k on line 2
Output for hhvm-3.10.0 - 3.14.4
could not allocate 218103807 bytes for translation cache
Process exited with code 1.