Heres a quick php debugger that allows you to run php commands without making any hard-coded changes. has disallowed keywords for security. just edit the "stuff" array in the filter function.
note: must be a .php file
CODE
<html style="background-color:#999999">
<body>
<form action="test.php" method="post">
<center>
<textarea name="data" rows=14 cols=120 style="background-color:#000;border:2px solid #aa94f1;color:#FFF;"></textarea>
<br /><br />
<input style="background-color:#000;border:2px solid #aaaaff;color:#FFF;width:300px;height:40px;"type="submit" value="Run!" />
</center>
</form>
<h3>Script Outcome:</h3>
<?php
$data = $_POST['data'];
if($data)
{
eval(filter($data));
}
if(!stristr(filter($data),"print('Disallowed keyword found"))
print "<br /><br /><hr /><h3>Script Ran:</h3>".filter($data);
function filter($data)
{
$stuff = array("../","copy","delete","unlink","disk_","chmod","chown","chgrp","dirname","feof","fclose","fget",
"file","flock","fnmatch","fopen","fpassthru","fput","fread","fwrite","fstat","ftell",
"fseek","fscanf","glob","is_","link","lstat","mkdir","parse_","move_up","pclose","popen","readfile","readlink",
"realpath","rename","rmdir","set_file_buffer","stat","symlink","tempnam","tmpfile",
"touch","umask","ftp_","header","setcookie","setrawcookie","<script","set","mysql_","xml_","open","zip_","$_COOKIE");
$data = str_replace("\\'","'",$data);
$data = str_replace("\\\"","\"",$data);
foreach($stuff as $key => $value)
{
if(stristr($data,$value))
$data = "print('Disallowed Keyword Found: $value');";
}
return $data;
}
?>
</body>
</html>
tell me what ye think.
edit:
seems to be a bit buggy... meh, if you got the skill you can upgrade it.
there, a little bit of work for you to do. always fun that.