On friday 21th march, we have given a look to a web challenge proposed by zenk security, which involves BBCode like markup.
We supposed that the chall is using the (virulent) e modifier to php's preg_replace function. Here is a working code snippet which evals the php code between two [code] and [/code] tags.
<?php /* First sample */ # Sample from http://www.murraypicton.com/2010/11/using-phps-preg_replace-with-the-e-modifier/ $string = 'http://www.google.com and http://www.murraypicton.com'; $pattern = '!(http\://[a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,3}(/\S*)?)!e'; //Notice the 'e' modifier $replacement = 'urlencode("$1")'; echo preg_replace($pattern, $replacement, $string); //Outputs "http%3A%2F%2Fwww.google.com and http%3A%2F%2Fwww.murraypicton.com" echo "\n\n"; /***********************************************************************/ /* Second sample using bbcode-like syntax with a code tag */ $str = "[code]print(1+1);[/code]"; preg_replace( '!\[code\](.*?)\[/code\]!e', 'eval("$1")', $str ); echo "\n\n";