hello stackoverflow community,
i trying send request burp suite:
{"html":"<?php $to = "example@example.com"; $subject = "subject"; $txt = "php installed"; $result = mail($to,$subject,$txt); ?>","author":"","location":""} i need modify "html" tag contain php, php not read (neither of other tags) because of double quotes in code (i think) tried html encoding wouldn't execute, showed plain text of code.
i have been trying day figure out , couldn't find anything.
so in conclusion: there alternative quotes can use? (i tried heredoc) or there way execute html encoded php without quotes?
you make work, wouldn't recommend doing way.
if remove php tags , pass through code want run string you're going end having run through eval(), dangerous because means access first script can potentially execute whatever code on server. php script 'eval()' in needs pretty locked down.
reference:
http://php.net/manual/en/function.eval.php
you're better off passing url of script want execute, or along lines :)
