Remote code execution
PHP provides different functions which when called allow shell command execution on the server.
The following table contains a list of functions which are used for shell command execution:
|
Name |
Functionality |
|---|---|
|
|
Executes a command and returns its output |
|
|
Executes a command and displays the output immediately |
|
|
Executes a command and displays the raw output |
|
|
Executes contents inside the backtick as a shell command |
|
|
Executes a command and returns a pointer |
|
|
Executes a command and returns the last line of the output |
|
|
Executes a command or a program |
|
|
Similar to |
In the following code, Let us use the passthru() function and create a simple one-liner shell, which will expect a parameter in the GET request and execute it using passthru():
<?php passthru($_GET['cmd']); ?>
Note
The GET parameter name here is cmd, which is easily guessable. When uploading a one-liner...
