Command Injection Proof of Concept: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
Zeile 1: Zeile 1:
 
=PHP Code=
 
=PHP Code=
<pre>
+
<code>
 
<!DOCTYPE html>
 
<!DOCTYPE html>
 
<html>
 
<html>
Zeile 16: Zeile 16:
 
     $cmd = 'ping -c 4 ' . $ip;
 
     $cmd = 'ping -c 4 ' . $ip;
 
     $output = shell_exec($cmd);
 
     $output = shell_exec($cmd);
     echo "<nowiki><pre></nowiki> $output<nowiki></pre></nowiki>";  
+
     echo "<pre>$output<nowiki></pre>";  
 
   }
 
   }
 
?>
 
?>
 
         </body>
 
         </body>
 
</html>
 
</html>
</pre>
+
</code>

Version vom 27. Juni 2021, 15:59 Uhr

PHP Code

<!DOCTYPE html> <html> 

       <body>

PING

               <form method="post">
                 <label for="fname">IP</label>

                 <input type="text" name="ip">

                 <input type="submit" name="submit" value="submit">
               </form>

<?php 

 if(isset($_POST['submit'])){
   $ip = $_POST['ip'];
   $cmd = 'ping -c 4 ' . $ip;
   $output = shell_exec($cmd);

echo "

$output<nowiki>

"; 

 }

?> 

       </body>

</html>

Abgerufen von „http://wiki.ixheim.de/index.php?title=Command_Injection_Proof_of_Concept&oldid=25129