- Home
- Blog
  - Blog home
  - RSS
- Login
- Home
- Blog
  - Blog home
  - RSS
- Login

The Spanner
Web security blog

Made by Gareth Heyes
Follow me on Twitter: @garethheyes

Recent posts

Introducing Feedworm: A Privacy-First RSS Reader That Lives in DevTools Speedy RSVP extension AutoVader Hackvertor history and tag finder Shadow Repeater v1.2.3 release Burp Hackvertor v2.1.24 release Hacking rooms XSSing TypeErrors in Safari valueOf: Another way to get this Making the Unexploitable Exploitable with X-Mixed-Replace on Firefox The curious case of the evt parameter CSS-Only Tic Tac Toe Challenge Rewriting relative urls with the base tag in Safari Bypassing DOMPurify with mXSS New IE mutation vector How I smashed MentalJS MentalJS DOM bypass Another XSS auditor bypass XSS Auditor bypass Bypassing the IE XSS filter Unbreakable filter MentalJS bypasses mXSS Java Serialization Bypassing the XSS filter using function reassignment RPO Sandboxed jQuery X-Domain scroll detection on IE using focus Epic fail IE new operator Decoding complex non-alphanumeric JavaScript Hacking Firefox DOM Clobbering Bypassing XSS Auditor The evolution of code Non-Alpha PHP in 6-7 charset Tweetable PHP-Non Alpha MentalJS for PHP Opera x domain with video tutorial Sandboxing and parsing jQuery in 100ms

Non-Alpha PHP in 6-7 charset

By Gareth Heyes (@hackvertor)

Published 13 years 5 months ago • Last updated March 22, 2025 • ⏱️ < 1 min read

← Back to articles

Alex Inführ has a pretty awesome blog post on how to execute non-alpha PHP with only $_=+();. Pretty amazing stuff please check it out here: Non-Alpha PHP in 6-7 charset. To create assert it would be 99mb! Hehe.

← Back to articles