<?php
If(isset($_GET['year']){
$year=$_GET['year'];
$finalizae="My birthday is 19{'year}.";
print $finalize
?>
$brief="I was here until ${`dir`} appeared here";
<?php
eval("$brief");
?>
<?php
$name='phpinfo';
${name}();
?>
<?php
$name='phpinfo()';
assert($name);
?>
array_intersect_uassoc(), usort(), uksort(), array_filter(),
array_diff_uassoc(), array_diff_ukey(), array_reduce(),
array_udiff(), array_udiff_assoc(), array_udiff_uassoc(),
array_intersect_assoc(), array_uintersect(), array_uintersect_assoc(),
array_uintersect_uassoc(), array_walk(), array_walk_recursive() ,
uasort(), array_map()
<?php
$evil =$_GET['name'];
$some_array=array(0,1,2,3);
$new_array=array_map($evil,$some_array);
?>
http://localhost/index.php?name=phpinfo
stream_filter_register(), set_error_handler()
register_shutdown_function(), register_tick_function()
Click to Open Code Editor