当前位置: 动力学知识库 > 问答 > 编程问答 >

shell exec - How to bypass htmlspecialchars() while not disrupting fsockopen()

问题描述:

<?php

ini_set('error_displays', 0);

$ip = htmlspecialchars($_GET['address'], ENT_QUOTES);

$myfile = fsockopen($ip, 80, $errno, $errstr, 5);

if($myfile)

{

$result = shell_exec('ping -c 4 ' . $ip);

}

?>

We have above php code, if I want to submit system commands in addition to IP address, what should I do?

Below is what I have tried(all without quotation).

First I input "127.0.0.1;ls" and got error message at fsockopen().

Then I tried to use "%00" to terminate after IP address, like this "127.0.0.1%00%3bls", this time fsockopen() succeeded but the command "ls" cannot reach shell_exec().

Please share your techniques, thanks.

分享给朋友:
您可能感兴趣的文章:
随机阅读: