Archive for the ‘escapeshellarg’ Tag

System call injection

With the follow commands you can execute an external program on the system (server).

  • shell_exec
  • proc_open
  • system
  • exec
  • passthru
  • popen
  • “ (back tick operator)

This form sends a domain name and prints the result back from the linux program whois.

Continue reading