Command Injection Proof of Concept
Version vom 27. Juni 2021, 16:09 Uhr von Thomas.will (Diskussion | Beiträge)
<pre> →
=PHP Code=
<pre>
<!DOCTYPE html>
<html>
<body>
<h2>PING</h2>
<form method="post">
<label for="fname">IP</label><br>
<input type="text" name="ip"><br>
<input type="submit" name="submit" value="submit">
</form>
<br>
<?php
if(isset($_POST['submit'])){
$ip = $_POST['ip'];
$cmd = 'ping -c 4 ' . $ip;
$output = shell_exec($cmd);
echo "<<nowiki />pre> $output<<nowiki />/pre> ";
}
?>
</body>
</html>
</code>