Archive for the ‘shell’ Tag
System call injection
Posted November 17, 2007
Filed under: Injection, PHP, Security | Tags: escapeshellarg, escapeshellcmd, exec, Injection, PHP, shell, system
Comments (1)
Filed under: Injection, PHP, Security | Tags: escapeshellarg, escapeshellcmd, exec, Injection, PHP, shell, system
Comments (1) With the follow commands you can execute an external program on the system (server).
- shell_exec
- proc_open
- system
- exec
- passthru
- popen
- “ (back tick operator)
This form sends a domain name and prints the result back from the linux program whois.
What does a phpshell look like?
Posted November 8, 2007
Filed under: Injection, PHP, RFI | Tags: Injection, PHP, phpshell, remotefile, RFI, security, shell, system
Leave a comment
Filed under: Injection, PHP, RFI | Tags: Injection, PHP, phpshell, remotefile, RFI, security, shell, system
Leave a comment After my last posting “(evil) Register Globals (on)“, I got an email asking what remote files look like and what they do. I call remote files “phpshells”. phpshells can send commands directly to the server system over http.
An easy version could be using a GET variable for a system call. Indeed, it’s enough to steal information, destroy pages and do other nasty stuff on a web server.
<?php
system($_GET[‘cmd’]);
?>
system($_GET[‘cmd’]);
?>
The r57shell is the deluxe version of a phpshell. I added some pictures below. It’s an interface and has functions like ftp, mail and many more.
