Re^7: hex code passed from command line is interpreted literally in substitution

Select or download this

"".eval('"'.$r."'").""

Select or download this

$r = $cgi->param('r');  # If he provides <<".system("rm -rf /").">>,
$r = "You said $r";     #    the user deletes the server's hard drive.

Select or download this

$r = $cgi->param('r');  # If he provides <<$r>>,
$r = "You said $r";     #    the user causes an infinite loop.
                        #    He could bring down the server in a sec.

Select Code to Download