low
Use:
; ls ../../
Source analysis:
? < PHP IF ( isset ( $ _POST [ 'Submit' ])) { // Copy ip value corresponding to the target $ target = $ _REQUEST [ 'ip' ]; IF ( stristr ( php_uname ( 'S'), ' NT the Windows' )) { // if it is directly winds of ping $ cmd = shell_exec ( 'of ping'. $ target ); echo ''. <pre> $ cmd . '</ pre>' ; } The else { // If the default on Linux ping 3 packages $ cmd = shell_exec( 'ping -c 3 ' . $target ); echo '<pre>'.$cmd.'</pre>'; } } ?>
- $ _REQUEST [] with a $ _POST [] $ _GET [] function, but $ _REQUEST [] slower. All data submitted by post and get methods are available through $ _REQUEST array
- php_uname - return system running PHP information
- stristr () function of the search string in the first occurrence of another string
- php_uname ( 's'): Returns the name of the operating system
Medium
Use:
|| or &; &, or &
Source analysis:
Filter it a little more, but did not complete filter
<?php if( isset( $_POST[ 'submit'] ) ) { $target = $_REQUEST[ 'ip' ]; // 过滤了 &&,;命令分割符 $substitutions = array( '&&' => '', ';' => '', ); $target = str_replace( array_keys( $substitutions ), $substitutions, $target ); // Determine OS and execute the ping command. if (stristr(php_uname('s'), 'Windows NT')) { $cmd = shell_exec( 'ping ' . $target ); echo '<pre>'.$cmd.'</pre>'; } else { $cmd = shell_exec( 'ping -c 3 ' . $target ); echo '<pre>'.$cmd.'</pre>'; } } ?>
High
Powerless Orz, only such as "digital . Digital . Digital . Digital" input will be received executed.
? < PHP IF ( isset ( $ _POST [ 'Submit' ])) { $ target = $ _REQUEST [ "IP" ]; / * stripslashes () function to remove a backslash addslashes () function added. * / $ Target = stripslashes ( $ target ); // Split The octects the IP. 4 INTO $ OCTET = the explode (,. "" $ Target ); // the Check each OCTET IS AN Integer the IF IF (( is_numeric ( $ OCTET [0 ])) && ( is_numeric ($octet[1])) && (is_numeric($octet[2])) && (is_numeric($octet[3])) && (sizeof($octet) == 4) ) { // If all 4 octets are int's put the IP back together. $target = $octet[0].'.'.$octet[1].'.'.$octet[2].'.'.$octet[3]; // Determine OS and execute the ping command. if (stristr(php_uname('s'), 'Windows NT')) { $cmd = shell_exec( 'ping ' . $target ); echo '<pre>'.$cmd.'</pre>'; } else { $cmd = shell_exec( 'ping -c 3 ' . $target ); echo '<pre>'.$cmd.'</pre>'; } } else { echo '<pre>ERROR: You have entered an invalid IP</pre>'; } } ?>