Command Injection Projekt: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(→Test) |
|||
| Zeile 8: | Zeile 8: | ||
=Beispiele== | =Beispiele== | ||
==ping.php== | ==ping.php== | ||
| − | <!DOCTYPE html> | + | <syntaxhighlight lang="html"> |
| − | + | <!DOCTYPE html> | |
| − | + | <html> | |
| − | + | <body> | |
| − | + | <h2>PING</h2> | |
| − | + | <form method="post"> | |
| − | + | <label for="fname">IP</label><br> | |
| − | + | <input type="text" name="ip"><br> | |
| − | + | <input type="submit" name="submit" value="submit"> | |
| − | + | </form> | |
| − | + | <br> | |
| − | + | <?php | |
| − | + | if(isset($_POST['submit'])){ | |
| − | + | $ip = $_POST['ip']; | |
| − | + | $cmd = 'ping -c 4 ' . $ip; | |
| − | + | $output = shell_exec($cmd); | |
| − | + | echo "<pre> $output</pre>"; | |
| − | + | } | |
| − | + | ?> | |
| − | + | </body> | |
| + | </html> | ||
| + | </syntaxhighlight> | ||
Version vom 23. April 2025, 05:05 Uhr
Installation
- sudo apt update
- sudo apt install apache2 php libapache2-mod-php
- sudo systemctl restart apache2
Test
- echo "<?php phpinfo(); ?>" | sudo tee /var/www/html/info.php
- curl https://SEITENNAME/info.php
Beispiele=
ping.php
<!DOCTYPE html>
<html>
<body>
<h2>PING</h2>
<form method="post">
<label for="fname">IP</label><br>
<input type="text" name="ip"><br>
<input type="submit" name="submit" value="submit">
</form>
<br>
<?php
if(isset($_POST['submit'])){
$ip = $_POST['ip'];
$cmd = 'ping -c 4 ' . $ip;
$output = shell_exec($cmd);
echo "<pre> $output</pre>";
}
?>
</body>
</html>