Command Injection Proof of Concept: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 1: | Zeile 1: | ||
=PHP Code= | =PHP Code= | ||
| − | < | + | <pre> |
<!DOCTYPE html> | <!DOCTYPE html> | ||
<html> | <html> | ||
| Zeile 16: | Zeile 16: | ||
$cmd = 'ping -c 4 ' . $ip; | $cmd = 'ping -c 4 ' . $ip; | ||
$output = shell_exec($cmd); | $output = shell_exec($cmd); | ||
| − | echo "<pre>$output | + | echo "<pre>$output</pre>"; |
} | } | ||
?> | ?> | ||
| Zeile 22: | Zeile 22: | ||
</html> | </html> | ||
</code> | </code> | ||
| + | </pre> | ||
Version vom 27. Juni 2021, 16:00 Uhr
PHP Code
<!DOCTYPE html>
<html>
<body>
<h2>PING</h2>
<form method="post">
<label for="fname">IP</label><br>
<input type="text" name="ip"><br>
<input type="submit" name="submit" value="submit">
</form>
<br>
<?php
if(isset($_POST['submit'])){
$ip = $_POST['ip'];
$cmd = 'ping -c 4 ' . $ip;
$output = shell_exec($cmd);
echo "<pre>$output";
}
?>
</body>
</html>