Code Execution 03

This lab focuses on the PCRE_REPLACE_EVAL modifier in PHP, specifically the /e modifier, which causes the preg_replace function to evaluate the new value as PHP code before performing the substitution. This functionality, although deprecated as of PHP 5.5.0, has historically allowed attackers to execute arbitrary PHP code by manipulating the regular expression pattern.

Through a hands-on example, you will modify a pattern by adding the /e modifier and observe how preg_replace attempts to evaluate the value as a constant. By replacing this with a function call to phpinfo(), you can visualize the result and understand the potential for executing arbitrary commands using the system function. This lab highlights the importance of understanding and preventing such vulnerabilities in PHP applications.