Creating an Emojis PHP WebShell

- 1 min

I recently came across an interesting behaviour on PHP. Apparently, PHP permits the usage of Unicode characters as variable names. Therefore, friendly emojis can be used as a PHP variable.

<?php
$😶="Hello World!";
echo($😶);

Output:

>> Hello World!

Which is valid.

I thought about making a fancy example of a PHP Web-Shell using emojis. This is made for entertainment purposes, no real advantage is gained by using Emojis webshell. It may disturb/confuse a WAF or back-end parser, but it’s not confirmed against a real-world environment.

Usage

Usage can be as:

https://example.com/emojis-webshell.php?👽=pwd

You can create a CLI for it to do more; I am only publishing it as a proof of concept.

Download

Mazin Ahmed

Mazin Ahmed

Thoughts of an ethical hacker

rss facebook twitter github gitlab youtube mail spotify lastfm instagram linkedin google google-plus pinterest medium vimeo stackoverflow reddit quora quora