Skip to content

Instantly share code, notes, and snippets.

@richmonde
richmonde / phpdangerousfuncs.md
Created January 18, 2023 13:32 — forked from mccabe615/phpdangerousfuncs.md
Dangerous PHP Functions

Command Execution

exec           - Returns last line of commands output
passthru       - Passes commands output directly to the browser
system         - Passes commands output directly to the browser and returns last line
shell_exec     - Returns commands output
\`\` (backticks) - Same as shell_exec()
popen          - Opens read or write pipe to process of a command
proc_open      - Similar to popen() but greater degree of control
pcntl_exec - Executes a program