Creating an Emojis PHP WebShell- 1 min
I recently came across an interesting behaviour on PHP. Apparently, PHP permits the usage of Unicode characters as variable names. Therefore, friendly emojis can be used as a PHP variable.
<?php $😶="Hello World!"; echo($😶);
>> Hello World!
Which is valid.
I thought about making a fancy example of a PHP Web-Shell using emojis. This is made for entertainment purposes, no real advantage is gained by using Emojis webshell. It may disturb/confuse a WAF or back-end parser, but it’s not confirmed against a real-world environment.
Usage can be as:
You can create a CLI for it to do more; I am only publishing it as a proof of concept.
[Download] Emojis web-shell: Link
- Twitch Internal Security Tools: In-depth Analysis of the Leaked Twitch Security Tools
- Attacking Modern Environments Series: Attack Vectors on Terraform Environments
- Interview With the AppSec Podcast: Terraform Security
- tfquery: Run SQL queries on your Terraform infrastructure
- DDoS is not Dead: Building a Scalable DDoS Framework