Command Injection Projekt: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
Zeile 6: Zeile 6:
 
*echo "<?php phpinfo(); ?>" | sudo tee /var/www/html/info.php
 
*echo "<?php phpinfo(); ?>" | sudo tee /var/www/html/info.php
 
*curl https://SEITENNAME/info.php
 
*curl https://SEITENNAME/info.php
 +
=Beispiele==
 +
==ping.php==
 +
<!DOCTYPE html>
 +
<html>
 +
<body>
 +
<h2>PING</h2>
 +
<form method="post">
 +
<label for="fname">IP</label><br>
 +
<input type="text" name="ip"><br>
 +
<input type="submit" name="submit" value="submit">
 +
</form>
 +
<br>
 +
<?php
 +
if(isset($_POST['submit'])){
 +
$ip = $_POST['ip'];
 +
$cmd = 'ping -c 4 ' . $ip;
 +
$output = shell_exec($cmd);
 +
echo "<pre> $output</pre>";
 +
}
 +
?>
 +
</body>
 +
</html>

Version vom 23. April 2025, 05:04 Uhr

Installation

  • sudo apt update
  • sudo apt install apache2 php libapache2-mod-php
  • sudo systemctl restart apache2

Test

Beispiele=

ping.php

<!DOCTYPE html>
<html>
<body>

PING

<form method="post">
<label for="fname">IP</label>

<input type="text" name="ip">

<input type="submit" name="submit" value="submit">
</form>


<?php
if(isset($_POST['submit'])){
	$ip = $_POST['ip'];
	$cmd = 'ping -c 4 ' . $ip;
	$output = shell_exec($cmd);

echo "

 $output

"; 

}
?>
</body>
</html>
Abgerufen von „http://wiki.ixheim.de/index.php?title=Command_Injection_Projekt&oldid=62126