Smaller PHP Vectors.

Publicated on : 1181592675
Imagine you found a website where it is possible to inject PHP code. But there is one problem: the possible characters are limited. This is a situation that happens way to often. Or sometimes you want to evade filters that check upon certain fixed vectors. Not many know that with PHP, there is the possibility to make pieces of PHP code -we want to inject- very small. The reason this works is because the PHP parser basically reads everything on one line, and ignores whitespace so to speak. We can abuse this by designing very tiny attack vectors. As you can see comment structures are allowed between pieces of code, also notice that the semicolon (;) isn't really needed in all cases.

I listed a few below, I'm interested in what you can come up with. Have fun!