|Join hundreds of other Developers and InfoSec professionals for Training, Sessions and Community at our first conference of 2019|
[AppSec Tel Aviv, May 26-30th]
Is the php code injection example correct? I gave it more than one try on the php command line, and it doesn't seem to work. I think that this code snippet eval("\$myvar = \$x;");
is not exploitable, since the string that is evaluated is a constant. It works like a charm if you don't escape $x.