PHPFixing
  • Privacy Policy
  • TOS
  • Ask Question
  • Contact Us
  • Home
  • PHP
  • Programming
  • SQL Injection
  • Web3.0

Sunday, November 20, 2022

[FIXED] what does || symbol means in Preg_replace() PHP

 November 20, 2022     php, preg-replace, regex     No comments   

Issue

I was reading about how to make preg_replace() act like eval() function if we put the modifier /e this is my code:

$fa= '/site'.$_GET['1st'];
$sh= $_GET['replace'];
$ka= 'admin the best over the rest';
echo preg_replace($fa,$sh,$ka);  

if the code running on site, it looks like :

www.site.com/a.php?1st=//e&replace=phpinfo();

but there is a problem that the modifier /e mustn't followed by any thing so it will work if we put || like this :

www.site.com/a.php?1st=||//e&replace=phpinfo();

so here is my question what is || here and how it works ??

im using windows 10 and php version 5.2


Solution

| separates alternatives in the regexp; e.g. /abc|def|ghi/ matches either abc, def, or ghi.

When you write 1st=||//e the resulting regexp will be /site||//e. Two of the alternatives are empty strings, which will match the empty strings before and after each character. So this will call phpinfo() for each character in $ka.

Actually, you should get an error because you have two / at the end of the regexp. It should be 1st=/e or 1st=||/e.



Answered By - Barmar
Answer Checked By - Pedro (PHPFixing Volunteer)
  • Share This:  
  •  Facebook
  •  Twitter
  •  Stumble
  •  Digg
Newer Post Older Post Home

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...

Subscribe To

Posts
Atom
Posts
Comments
Atom
Comments

Copyright © PHPFixing