$ip = htmlspecialchars($_GET['address'], ENT_QUOTES);
$myfile = fsockopen($ip, 80, $errno, $errstr, 5);
$result = shell_exec('ping -c 4 ' . $ip);
We have above php code, if I want to submit system commands in addition to IP address, what should I do?
Below is what I have tried(all without quotation).
First I input "127.0.0.1;ls" and got error message at fsockopen().
Then I tried to use "%00" to terminate after IP address, like this "127.0.0.1%00%3bls", this time fsockopen() succeeded but the command "ls" cannot reach shell_exec().
Please share your techniques, thanks.