PHP_Shell_Obfuscation

Do you have to upload a shell to a server with #WAF and delete it after upload?

One of the permanent solutions to these #Shell ambiguities is one of the most interesting ways to ambush the context of the #PHP language is to use a character attachment that, of course, should not be done directly, remembering two things before fully explaining If [] is equivalent to Array, you can test it yourself,

root @ unk9vvn: ~ # php -r “echo ”. [];”
PHP Notice: Array to string conversion in Command line code on line 1
Arrayroot @ unk9vvn: ~ #

Second, in the post image, we first arrange the array into dynamic variables and then set the value to 0 using ‘@’ == ‘!’ As we get the correct condition, we will start by scrolling to the first character Array which is 0, which is equivalent to the letter A, so that we get to the character we want, and so on, as at the end of the code. You see that we created the ASSERT () string and [_] POST_ $ to use the ASSERT () function as a shell.