Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

--TEST-- Bug #73630 (Built-in Weberver - overwrite $_SERVER['request_uri']) --SKIPIF-- <?p..

Decoded Output download

--TEST--
Bug #73630 (Built-in Weberver - overwrite $_SERVER['request_uri'])
--SKIPIF--
<?php
include "skipif.inc";
?>
--FILE--
<?php

$code = <<<'EOF'
var_dump(strncmp($_SERVER['REQUEST_URI'], "/overflow.php", strlen("/overflow.php")));
var_dump(strlen($_SERVER['QUERY_STRING']));
EOF;

include "php_cli_server.inc";
php_cli_server_start($code);

$host = PHP_CLI_SERVER_HOSTNAME;
$fp = php_cli_server_connect();

$path = "/overflow.php?" . str_repeat("x", 16400) . "//example.com";

if (fwrite($fp, <<<HEADER
GET $path HTTP/1.1
Host: {$host}


HEADER
)) {
	while (!feof($fp)) {
		echo fgets($fp);
	}
}

?>
--EXPECTF--
HTTP/1.1 200 OK
Host: %s
Date: %s
Connection: close
X-Powered-By: PHP/%s
Content-type: text/html; charset=UTF-8

int(0)
int(16413)

Did this file decode correctly?

Original Code

--TEST--
Bug #73630 (Built-in Weberver - overwrite $_SERVER['request_uri'])
--SKIPIF--
<?php
include "skipif.inc";
?>
--FILE--
<?php

$code = <<<'EOF'
var_dump(strncmp($_SERVER['REQUEST_URI'], "/overflow.php", strlen("/overflow.php")));
var_dump(strlen($_SERVER['QUERY_STRING']));
EOF;

include "php_cli_server.inc";
php_cli_server_start($code);

$host = PHP_CLI_SERVER_HOSTNAME;
$fp = php_cli_server_connect();

$path = "/overflow.php?" . str_repeat("x", 16400) . "//example.com";

if (fwrite($fp, <<<HEADER
GET $path HTTP/1.1
Host: {$host}


HEADER
)) {
	while (!feof($fp)) {
		echo fgets($fp);
	}
}

?>
--EXPECTF--
HTTP/1.1 200 OK
Host: %s
Date: %s
Connection: close
X-Powered-By: PHP/%s
Content-type: text/html; charset=UTF-8

int(0)
int(16413)

Function Calls

None

Variables

None

Stats

MD5 6f03ce9d564b2028fa84b7bbe2cce694
Eval Count 0
Decode Time 83 ms